Search code examples
calendarhttp-status-code-403caldav

Apple iCloud CalDAV '403 Forbidden' when creating event

This is similar to 403 CalDAV error: valid-calendar-object-resource except that the trivial solution (adding the UID to the URL) was already implemented. I'm receiving '403 Forbidden' from the iCloud CalDAV server for one specific user account. I can pull the list of calendars and the events on the calendars, but can't create or modify events.

Here's a working example:

$ curl -v -X PUT -H "Content-Type:text/calendar" -u "[email protected]:zzzz-zzzz-zzzz-zzzz" --data-binary @- https://p34-caldav.icloud.com/xxxxxxxxxx/calendars/{calendarId1}/working-event-1.ics  <<EOF
> BEGIN:VCALENDAR
> VERSION:2.0
> BEGIN:VEVENT
> DTSTAMP:20180827T204058Z
> UID:working-event-1
> SUMMARY:Test
> DTSTART;TZID=America/Chicago:20180812
> DTEND;TZID=America/Chicago:20180813
> LOCATION:
> DESCRIPTION:
> LAST-MODIFIED:20180827T204058Z
> END:VEVENT
> END:VCALENDAR
> EOF
*   Trying 17.248.142.21...
* TCP_NODELAY set
* Connected to p34-caldav.icloud.com (17.248.142.21) port 443 (#0)
* TLS 1.2 connection using TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
* Server certificate: *.icloud.com
* Server certificate: Apple IST CA 2 - G1
* Server certificate: GeoTrust Global CA
* Server auth using Basic with user '[email protected]'
> PUT /xxxxxxxxx/calendars/{calendarId1}/working-event-1.ics HTTP/1.1
> Host: p34-caldav.icloud.com
> Authorization: Basic <redacted>
> User-Agent: curl/7.54.0
> Accept: */*
> Content-Type:text/calendar
> Content-Length: 252
>
* upload completely sent off: 252 out of 252 bytes
< HTTP/1.1 201 Created
< Server: AppleHttpServer/2f080fc0
< Date: Tue, 28 Aug 2018 14:00:12 GMT
< Content-Length: 0
< Connection: keep-alive
< DAV: 1, access-control, calendar-access, calendar-schedule, calendar-auto-schedule, calendar-audit, caldavserver-supports-telephone, calendar-managed-attachments, calendarserver-sharing, calendarserver-subscribed, calendarserver-home-sync
< X-Responding-Server: caldav:33400701:mr22p34ic-ztbu09061801:8001:1815B22:86058e50c4
< X-Transaction-Id: 5c2aa4be-7b79-4bd0-a6d8-39dd2ec7b4b1
< Strict-Transport-Security: max-age=31536000; includeSubDomains
< via: icloudedge:ch41p00ic-zteu03153301:7401:18RC398:Chicago
< X-Apple-Request-UUID: 5c2aa4be-7b79-4bd0-a6d8-39dd2ec7b4b1
< access-control-expose-headers: X-Apple-Request-UUID
< access-control-expose-headers: Via
<
* Connection #0 to host p34-caldav.icloud.com left intact

I receive '201 Created' and DAV headers as expected

Here's a non-working example (a different account):

curl -v -X PUT -H "Content-Type:text/calendar" -u "[email protected]:zzzz-zzzz-zzzz-zzzz" --data-binary @- https://p53-caldav.icloud.com/yyyyyyyyy/calendars/{calendarId2}/not-working-event-1.ics  <<EOF
> BEGIN:VCALENDAR
> VERSION:2.0
> BEGIN:VEVENT
> DTSTAMP:20180827T204058Z
> UID:not-working-event-1
> SUMMARY:Test
> DTSTART;TZID=America/Chicago:20180812
> DTEND;TZID=America/Chicago:20180813
> LOCATION:
> DESCRIPTION:
> LAST-MODIFIED:20180827T204058Z
> END:VEVENT
> END:VCALENDAR
> EOF
*   Trying 17.248.142.18...
* TCP_NODELAY set
* Connected to p53-caldav.icloud.com (17.248.142.18) port 443 (#0)
* TLS 1.2 connection using TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
* Server certificate: *.icloud.com
* Server certificate: Apple IST CA 2 - G1
* Server certificate: GeoTrust Global CA
* Server auth using Basic with user '[email protected]'
> PUT /yyyyyyyyy/calendars/{calendarId2}/not-working-event-1.ics HTTP/1.1
> Host: p53-caldav.icloud.com
> Authorization: Basic <redacted>
> User-Agent: curl/7.54.0
> Accept: */*
> Content-Type:text/calendar
> Content-Length: 256
>
* upload completely sent off: 256 out of 256 bytes
< HTTP/1.1 403 Forbidden
< Server: AppleHttpServer/2f080fc0
< Date: Tue, 28 Aug 2018 14:01:18 GMT
< Content-Length: 0
< Connection: keep-alive
< X-Apple-Jingle-Correlation-Key: S4UK6BYWHBHAHPOFOJX7APFQXU
< apple-seq: 0
< apple-tk: false
< Apple-Originating-System: UnknownOriginatingSystem
< X-Responding-Instance: caldavj:45301001:pv43p53ic-zteg03082001:8501:1815B46:de9f14897
< X-Apple-API-Version: v1
< Strict-Transport-Security: max-age=31536000; includeSubDomains
< via: icloudedge:ch41p00ic-zteu03152101:7401:18RC398:Chicago
< X-Apple-Request-UUID: 9728af07-1638-4e03-bdc5-726ff03cb0bd
< access-control-expose-headers: X-Apple-Request-UUID
< access-control-expose-headers: Via
<
* Connection #0 to host p53-caldav.icloud.com left intact

I receive '403 Forbidden', no 'DAV' header, and a couple new headers. The user says they are able to use their iCal apps as normal, and they appear to have write access to the calendar. Any ideas?

Solution

  • Interestingly, in the last few days, this became an issue with seemingly all Apple accounts. Evidently, Apple's servers are now requiring the PRODID field on the VCALENDAR object...like so:

    BEGIN:VCALENDAR
VERSION:2.0
PRODID:-//MyProductId//EN
BEGIN:VEVENT
DTSTAMP:20180827T204058Z
UID:not-working-event-1
SUMMARY:Test
DTSTART;TZID=America/Chicago:20180812
DTEND;TZID=America/Chicago:20180813
LOCATION:
DESCRIPTION:
LAST-MODIFIED:20180827T204058Z
END:VEVENT
END:VCALENDAR