"PROPFIND is not allowed"

Alexhasahorn

Hi,
I’ve been using DAVx5 for a while now with my personal radicale server - everything works great, no problems whatsoever.
I am trying to add a new account to DAVx5, but get a “Couldn’t find CalDAV or CardDAV service” error. See debug here. It looks like I get a “PROPFIND is not allowed” back from the server.
The service I am trying to connect to (mijndomein.nl) makes use of the OX enviroment. Connection to the same link via other methods does work (i.e. Lightning on my PC, CalDAV-Sync). Is this a problem on the server side, or is DAVx5 (or me) going wrong here? And what steps can I take to fix this?
Thanks in advance,
Alex

rfc2822

Hello,

Open-Xchange is known as working with DAVx⁵.

There is no CalDAV service at https://webmail.mijndomein.nl/caldav/example. Did you replace example by your user name?

Alexhasahorn

I replaced it by example because it actually points to a calendar I use. The web environment generates a ‘CalDAV URL’, this is the URL for a test calendar I just made: https://webmail.mijndomein.nl/caldav/Y2FsOi8vMC8xNTY.

rfc2822

@Alexhasahorn This URL generates 404 here. There’s something wrong with that path…

Alexhasahorn

That’s interesting, I get a 404 in my browser as well. In Thunderbird, Lightning accepts the link and syncs everything in the calendar.

rfc2822

Maybe with another port or something like that? Is CalDAV and its path documented by your provider?

Alexhasahorn

No, they only provide the link, and a guide to add the calendar to Outlook/iOS/macOS, so that’s not helpful.
Does Lightning check other ports then 80/433? Maybe I can check the Thunderbird/Lightning debug to see what it is going on.

rfc2822

@Alexhasahorn Yes, that would be helpful. I have tried your URL with PROPFIND and it returns 405, so the error is not only on GET (which is used by browsers).

Alexhasahorn

I’m a bit out of my depth here, maybe you can make sense of this:
This is the Stacktrace: https://pastebin.com/E1E1cZDr
This is the headers/response: https://pastebin.com/tbgLP3kS

rfc2822

Do you use the same Internet connection with Thunderbird and your mobile phone?

Alexhasahorn

Nope, same WiFi network. Thunderbird works at home and at work.

rfc2822

Got it (thanks to the log with request/response headers)

$ curl -I https://webmail.mijndomein.nl/caldav/Y2FsOi8vMC8xNTY/
HTTP/1.1 404 Not Found

$ curl -I --user-agent 'Mozilla/5.0 (Windows NT 10.0; WOW64; rv:68.0) Gecko/20100101 Thunderbird/68.2.1 Lightning/68.2.1' https://webmail.mijndomein.nl/caldav/Y2FsOi8vMC8xNTY/
HTTP/1.1 401 Authorization Required!

So your server distinguishes clients by User-Agent and locks out browsers and DAVx⁵. However, it does not use a 403 response with a message like “Forbidden with your client”, but disguises the CalDAV service instead.

This is a server configuration problem or maybe even a “feature”. Can you contact your provider about that and tell me what they say?

Alexhasahorn

Great! I guess this is a ‘feature’, but I contacted them, I’ll see what they say.
I’ll keep you posted!

Alexhasahorn

I emailed this to support, and they referred it to their 3rd line support. I guess they will fix it - or not. There is not much I can do now but wait and see if it starts working at some point.

I guess this is not a common problem, otherwise some user-agent spoofing option could fix this more generally(?)