From e26533d54cb7584433d86ca0df6451baa06692f9 Mon Sep 17 00:00:00 2001
From: Morris Jobke <hey@morrisjobke.de>
Date: Mon, 9 Jan 2017 12:00:21 +0100
Subject: [PATCH] Do not allow OPTIONS request against / from Windows Explorer

Signed-off-by: Morris Jobke <hey@morrisjobke.de>
---
 lib/base.php | 19 ++++++++++++++++++-
 1 file changed, 18 insertions(+), 1 deletion(-)

diff --git a/lib/base.php b/lib/base.php
index 4a9158eff64bd..7f9585dc00393 100644
--- a/lib/base.php
+++ b/lib/base.php
@@ -1018,7 +1018,7 @@ public static function handleRequest() {
 		}
 
 		// Handle WebDAV
-		if ($_SERVER['REQUEST_METHOD'] == 'PROPFIND') {
+		if ($_SERVER['REQUEST_METHOD'] === 'PROPFIND') {
 			// not allowed any more to prevent people
 			// mounting this root directly.
 			// Users need to mount remote.php/webdav instead.
@@ -1027,6 +1027,23 @@ public static function handleRequest() {
 			return;
 		}
 
+		$isOptionsRequestByWindows = false;
+		if ($_SERVER['REQUEST_METHOD'] === 'OPTIONS' && isset($_SERVER['HTTP_USER_AGENT'])) {
+			$isOptionsRequestByWindowsWebClient =
+				strpos($_SERVER['HTTP_USER_AGENT'], 'DavClnt') !== false;
+		}
+
+		// Handle WebDAV for native Windows mounts on discovery when Windows
+		// webclient is not yet running
+		//
+		// they request then the root of the domain, so this is not needed when
+		// installed into subdirectory (therefore the check for REQUEST_URI ===
+		// '/')
+		if ($isOptionsRequestByWindowsWebClient && isset($_SERVER['REQUEST_URI']) && $_SERVER['REQUEST_URI'] === '/') {
+			header('HTTP/1.1 200 OK');
+			return;
+		}
+
 		// Someone is logged in
 		if (OC_User::isLoggedIn()) {
 			OC_App::loadApps();