Patch Exchange Autodiscover Code for Security Issue
The change removes the unauthenticated GET fallback attempt for the
Autodiscover process. Given that the Autodiscover code is functionally broken
and this fallback attempt wouldn't succeed unless an attacker faked a success
response, a good way to patch the security issue is to disable the attempt.
The change also updates the request content type, disables automatic
redirects, and allows for parsing namespaces to help the first two attempts
succeed. As this is not meant to be a functional patch but a security patch,
there are no further changes to the Autodiscover code.
(cherry picked from commit 0e56d74af392ce548ab7f35b17585af3277257c6)
2 files changed