-
-
Notifications
You must be signed in to change notification settings - Fork 4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[CalDAV] Nextcloud returns HTTP 500 instead of 403 when POSTing an event without valid instances #30514
Comments
Hi, please update to 24.0.9 or better 25.0.3 and report back if it fixes the issue. Thank you! My goal is to add a label like e.g. 25-feedback to this ticket of an up-to-date major Nextcloud version where the bug could be reproduced. However this is not going to work without your help. So thanks for all your effort! If you don't manage to reproduce the issue in time and the issue gets closed but you can reproduce the issue afterwards, feel free to create a new bug report with up-to-date information by following this link: https://github.com/nextcloud/server/issues/new?assignees=&labels=bug%2C0.+Needs+triage&template=BUG_REPORT.yml&title=%5BBug%5D%3A+ |
Can confirm the issue is still here on 25.0.3. With the same .ics as @rfc2822. Running
Nextcloud returns:
|
Confirmed. Error is being generated in the Sabre\VObject\Recur\EventIterator line 192. When called from OCA\DAV\CalDAV\CalDavBackend->getDenormalizedData() line 2990. Possible solutions...
|
The error has quite an impact on Android clients with DAVx5. If the user (somehow) manages to create an invalid CalDAV event on Android, then it enters the upload cache of DAVx5. As the server responds with error code 500, which indicates a server-side error, DAVx5 keeps the entry in its cache and repeatedly tries to upload the same broken CalDAV entry again later on. This effectively prevents DAVx5 from syncing any other events. This also seems to affect other clients: see #5641 (comment). However, as it is the entry sent by the client, the NC must respond with a 4xx error to inform the DAVx5 client that the entry is broken. While it is expected behavior of the server to reject the broken event, it must do so with a 4xx response. |
Steps to reproduce
Upload a recurring CalDAV event that does not contain any valid instances. For instance, that could be daily event with 3 instances (
RRULE:FREQ=DAILY;COUNT=5
) where all three instances are excluded byEXDATE
:Expected behaviour
If the server rejects an event because it's invalid, it should return a semantic HTTP error instead of 500 Internal server error, which would indicate the problem is on the server side.
As far as I can see, HTTP 403 with (CALDAV:valid-calendar-object-resource) would be the most appropriate (but maybe there's something better).
Actual behaviour
Nextcloud returns 500 Internal server error.
Server configuration
Operating system: Linux
Web server: nginx
Database: MySQL
PHP version: 8.0
Nextcloud version: 23.0.0
List of activated apps:
App list
Nextcloud configuration:
Config report
Are you using external storage, if yes which one: no
Are you using encryption: no
Are you using an external user-backend, if yes which one: no
Logs
Nextcloud log (data/nextcloud.log)
Nextcloud log
The text was updated successfully, but these errors were encountered: