From a6c74c2a3908a647c4fbc6d137c5c71942af7a74 Mon Sep 17 00:00:00 2001 From: Harivansh Rathi Date: Wed, 1 Apr 2026 16:57:55 -0400 Subject: [PATCH] Allow OPTIONS to bypass WebDAV auth for Finder discovery macOS Finder sends an unauthenticated OPTIONS request before attempting auth. It needs to see the DAV: 1, 2 compliance header in the response to know the server supports WebDAV. Without it, Finder shows "problem connecting to the server" and never prompts for credentials. OPTIONS is a safe discovery method that exposes no data, so it can be served without auth. --- apps/node-agent/cmd/node-agent/app.go | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/apps/node-agent/cmd/node-agent/app.go b/apps/node-agent/cmd/node-agent/app.go index 4e0b9e5..2ed25c9 100644 --- a/apps/node-agent/cmd/node-agent/app.go +++ b/apps/node-agent/cmd/node-agent/app.go @@ -169,6 +169,14 @@ func (a *app) handler() http.Handler { func (a *app) requireDAVAuth(mount exportMount, next http.Handler) http.Handler { return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + // OPTIONS must bypass auth so the WebDAV handler can return its + // DAV: 1, 2 compliance header. macOS Finder sends an unauthenticated + // OPTIONS first and refuses to connect unless it sees that header. + if r.Method == http.MethodOptions { + next.ServeHTTP(w, r) + return + } + username, password, ok := r.BasicAuth() if !ok { writeDAVUnauthorized(w)