fix(submission): fix anonymous submission failures from KoboCollect DEV-1347
#6499
+39
−6
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
rajpatel24
changed the title
KoboCollect by handling HEAD before auth checks DEV-1347KoboCollect DEV-1347
rajpatel24
deleted the
dev-1347-fix-failing-anonymous-submissions-from-collect
branch
duvld
pushed a commit
that referenced
this pull request
Nov 26, 2025
… DEV-1347 (#6499) ### 📣 Summary Ensure `KoboCollect` can submit anonymously by returning 204 for `HEAD /<username>/submission` before applying the [empty-request authentication check](https://github.com/kobotoolbox/kpi/blob/b4b82b809c205dfb0a23eba7633e57f50ac35c6f/kobo/apps/openrosa/apps/api/viewsets/xform_submission_api.py#L253-L257), while keeping Digest authentication behavior intact. ### 📖 Description After adding a guard to return `401` for unauthenticated empty-body POST requests (required for Digest auth handshake), KoboCollect began failing anonymous submissions. KoboCollect performs an initial HEAD request to `/<username>/submission` to probe server availability. Because the guard ran before the HEAD handler, this probe was incorrectly treated as unauthenticated, returning 401. KoboCollect interprets a 401 on HEAD as "credentials required" and therefore never sends the actual XML payload, showing the login screen instead. Enketo continued to work because it tolerates a 401 on the first probe, but KoboCollect does not.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
📣 Summary
Ensure
KoboCollectcan submit anonymously by returning 204 forHEAD /<username>/submissionbefore applying the empty-request authentication check, while keeping Digest authentication behavior intact.📖 Description
After adding a guard to return
401for unauthenticated empty-body POST requests (required for Digest auth handshake), KoboCollect began failing anonymous submissions. KoboCollect performs an initial HEAD request to/<username>/submissionto probe server availability. Because the guard ran before the HEAD handler, this probe was incorrectly treated as unauthenticated, returning 401. KoboCollect interprets a 401 on HEAD as "credentials required" and therefore never sends the actual XML payload, showing the login screen instead.Enketo continued to work because it tolerates a 401 on the first probe, but KoboCollect does not.
👀 Preview steps
KoboCollectAndroid App to use this project. (Follow this#Kobo Dev > Tools, tips and tricks @ 💬 if you are unsure how to connect KoboCollect with your local setup.)http://<your-ip>/username)and leave the username and password fields empty.