Description
vcard-defaults-to-v4.patch.txt
Describe the bug
When downloading a VCF file from the CardDAV with the HTTP GET verb from a common web browser (Firefox, Chrome, Internet Explorer) one would expect to
get a version 4.0 vCard, which is the best format supported by the CardDAV; nextcloud returns a version 3.0 vCard, downgrading the content.
This is due to the fact that most browsers do not explicitly add "text/vcard; version=4.0" on their "Accept" HTTP header line; in place they use /.
Consequently, the negotiateVCard() function called by httpAfterGet() in the 3rdparty/sabre/dav/lib/CardDAV/Plugin.php script negotiates the content
type as "text/vcard" then the text/vcard content type defaults to version 3.0.
The same behavior is observed for a "Accept: text/vcard" header.
To get a version 4.0 vCard, one has to set "Accept: text/vcard; version=4.0" explicitly in the header of the HTTP GET request.
Actually, RFC 6350, in section 10.1, defines the "text/vcard" type but does not tell that it defaults to version 3.0.
RFC 6350 section 10.1 contains the following paragraph
Interoperability considerations: The text/vcard media type is
intended to identify vCard data of any version. There are older
specifications of vCard [RFC2426][vCard21] still in common use.
While these formats are similar, they are not strictly compatible.
In general, it is necessary to inspect the value of the VERSION
property (see Section 6.7.9) for identifying the standard to which
a given vCard object conforms.
It seems that defaulting to version 4.0 would be better since most tools work with version 4.0 nowadays.
To Reproduce (easy way)
Steps to reproduce the behavior (way 1):
- Login to nextcloud as a user on a common browser (tested on: Firefox, Internet Explorer, Chrome)
- Click on the "Contacts" application
- Click on any contact in order to open it (or create one if none exists)
- Click on the menu (three dots icon) of the contact
- Click "Download"
- In the browser, Save the file on the disk
- Open the file with a text editor
- See that the "VERSION" field of the contact is 3.0 while it should be 4.0
To Reproduce (complex way, but easier to debug)
-
Reproduce steps 1 to 5 of the easy way
-
copy the URL such as http://example.com/owncloud/remote.php/dav/addressbooks/users/john/contacts/7a77045a-ff45-44d6-8f46-5294d600269a.vcf
-
Use the curl command:
curl --basic --user XXXXXX:XXXXX -X GET -H 'Accept: /' http://example.com/owncloud/remote.php/dav/addressbooks/users/john/contacts/7a77045a-ff45-44d6-8f46-5294d600269a.vcf -
Read the output
-
See that the "VERSION" field of the contact is 3.0 while it should be 4.0
Expected behavior
A version 4.0 file is expected with a field "VERSION:4.0"
Actual behavior
A version 3.0 file is observed with a field "VERSION:3.0"
Comments
The attached patch changes the behavior of HTTP GET requests on vCards. It does not affect REPORT requests since these requests use the negotiateVCard function
but first get the version from an XML attribute in the HTTP request body (defaulting to version 3.0).
Client configuration
Firefox 68
Windows 7 (6.1.7601 SP1)
CardDAV-clients:
Nextcloud Contacts web interface (application for nextcloud)
DAVx5 (backend) + builtin Contacts application in Android 4.4 (frontend)
(does not really matter)
Activity