We basically mock the way `URLGenerator::getAbsoluteURL` works,
so we must make sure that the URL might already contain the webroot.
Because `baseURL` and `cliURL` also contain the webroot we need to remove
the webroot from the URL first.
Co-authored-by: Ferdinand Thiessen <opensource@fthiessen.de>
Co-authored-by: Daniel <mail@danielkesselberg.de>
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
1) The checks for well-known urls should always run against the root domain and therefore the option to remove the webroot.
2) For trusted domains, the available protocol is unknown, and thus some guesswork would be needed to make that work. I've decided for now to not consider them anymore to reduce false-positives.
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
#43939 moved the CalDAV/CardDAV redirect checks from the frontend to a new backend API.
Since the backend does not send an authentication header, checking for the expected response code 207 of the DAV endpoint does not work anymore, hence the URL of the last redirect is checked instead.
This URL is expected to contain a trailing slash, which was not required before, since the DAV endpoint works properly without it (when authenticated).
While a trailing slash in the redirect does no harm, it causes many setups to throw an admin panel warning, while in fact the redirects work properly. Furthermore, the proposed "/.well-known/carddav" => "/remote.php/dav/" redirect leads to double slashes, when doing a request to "/.well-known/carddav/", which seems more wrong then right.
This change makes the trailing slash optional, hence old and adjusted setups won't throw the warning anymore, and the DAV endpoint works well in both cases.
Signed-off-by: MichaIng <micha@dietpi.com>
