HTTP status should be 415(Unsupported Media Type) for MOVE, DELETE, COPY request with body

[grgprarup]

Steps to reproduce

1. Create user uu1
2. Create a file test.txt
3. Send MOVE request for test.txt with the body using curl

curl -ks -u uu1:uu1 -XMOVE -H "DESTINATION: http://localhost/core/remote.php/webdav/test2.txt" --data "doesnotmatter"  http://localhost/core/remote.php/webdav/test.txt

curl -ks -u uu1:uu1 -XMOVE -H "DESTINATION: http://localhost/core/remote.php/dav/files/uu1/test2.txt" --data "doesnotmatter"  http://localhost/core/remote.php/dav/files/uu1/test.txt

Expected behaviour

webDAV DELETE, COPY or MOVE requests should not send a body in the request. If a body is sent, then the server is supposed to return HTTP status 415 (Unsupported Media Type):
https://datatracker.ietf.org/doc/html/rfc4918#section-8.4

In oCIS: HTTP/1.1 415 Unsupported Media Type

Actual behaviour

In oC10: HTTP/1.1 403 Forbidden
https://drone.owncloud.com/owncloud/core/36451/51/13#:~:text=Scenario%3A%20send%20MOVE%20requests%20to%20webDav%20endpoints%20with,470

Server configuration

Operating system: Ubuntu 20.04 LTS

[phil-davis]

Note: oCIS correctly returns status 415 for this case.

Someone needs to decide if oC10 should be adjusted to also return status 415 or keep the existing behavior, which ignores the content in the body, and does the MOVE, DELETE or COPY.