WebDAV

Web Distributed Authoring and Versioning (WebDAV) is a set of HTTP method extensions enabling clients to author, move, copy, and lock files directly on an HTTP web server. WebDAV adds methods like PROPFIND, PROPPATCH, MKCOL, COPY, MOVE, LOCK, and UNLOCK alongside new headers and XML request/response bodies.

Table of Contents

Usage

Standard HTTP treats web servers as read-only content delivery systems. WebDAV extends this model by turning a web server into a collaborative file store. Clients create directories (collections), upload and rename files, set metadata properties, and coordinate edits through locking.

All property and collection metadata travels as XML in request and response bodies. A PROPFIND request, for example, sends an XML body specifying which properties to retrieve, and the server responds with a 207 Multi-Status XML document containing the results for each resource.

XML bodies

WebDAV methods rely on XML for structured request and response payloads. PROPFIND and PROPPATCH both send XML bodies describing the properties to read or modify, and most responses use a multistatus XML envelope.

Collections

A WebDAV collection maps to a directory in a traditional filesystem. Collections contain member resources (files) and sub-collections (subdirectories). The MKCOL method creates a new collection, and PROPFIND with a Depth: 1 header lists its immediate members.

MKCOL /projects/alpha/ HTTP/1.1
Host: dav.example.re

A successful MKCOL returns 201 Created. Retrieving the collection contents works through PROPFIND:

PROPFIND /projects/ HTTP/1.1
Host: dav.example.re
Depth: 1
Content-Type: application/xml

<?xml version="1.0" encoding="utf-8"?>
<D:propfind xmlns:D="DAV:">
  <D:prop>
    <D:displayname/>
    <D:getlastmodified/>
  </D:prop>
</D:propfind>

The server responds with a 207 Multi-Status body listing each member and its requested properties.

Methods

WebDAV defines seven additional HTTP methods.

PROPFIND

PROPFIND retrieves properties from a resource or collection. The Depth header controls scope: 0 for the resource itself, 1 for immediate children, and infinity for the entire subtree. The response is a 207 Multi-Status XML document.

PROPPATCH

PROPPATCH sets or removes properties on a resource. The request body is an XML propertyupdate element containing set and remove instructions. Multiple property changes execute as a single atomic operation.

MKCOL

MKCOL creates a new collection at the request URI. The server returns 201 Created on success. Common error responses include:

COPY

COPY duplicates a resource or collection to a location specified by the Destination header. The Depth header controls whether a collection copy includes members. The Overwrite header (default T) determines whether an existing resource at the destination is replaced.

MOVE

MOVE relocates a resource or collection to the URI in the Destination header. A MOVE on a collection always operates at infinite depth. If the destination already exists and Overwrite is F, the server returns 412 Precondition Failed.

LOCK

LOCK places a shared or exclusive lock on a resource to prevent conflicting edits. The server returns a lock token in the Lock-Token header. Locked resources return 423 Locked to unauthorized modification attempts.

UNLOCK

UNLOCK removes a lock from a resource. The request includes the lock token in the Lock-Token header. A successful unlock returns 204 No Content.

Headers

In addition to standard HTTP headers, WebDAV defines several request and response headers.

DAV

The DAV response header appears in replies to OPTIONS requests. The value lists the compliance classes the server supports. Class 1 indicates basic WebDAV support, class 2 adds locking, and class 3 signals compliance with the current specification.

DAV: 1, 2, 3

Depth

The Depth request header controls the scope of PROPFIND, COPY, LOCK, and DELETE operations on collections. Valid values are 0 (the resource only), 1 (immediate members), and infinity (the entire subtree). MOVE always operates at infinity.

Depth: 1

Destination

The Destination header specifies the target URI for COPY and MOVE operations.

Destination: https://dav.example.re/archive/report.pdf

Overwrite

The Overwrite header controls whether COPY or MOVE replaces an existing resource at the destination. T (true) allows replacement, F (false) prevents the operation and returns 412 Precondition Failed if the destination exists.

Overwrite: T

If

The If header provides conditional execution similar to If-Match, extended to support lock tokens in addition to ETags. Requests modifying locked resources include the lock token in this header.

Lock-Token

The Lock-Token header carries the token identifying a specific lock. UNLOCK requires this header to release the locked resource.

Lock-Token: <urn:uuid:a515cfa4-5da4-22e1-f5b5-00a0451e6bf7>

Timeout

The Timeout header accompanies LOCK requests to suggest a lock duration. Values take the form Second-N or Infinite.

Timeout: Second-3600

Status codes

WebDAV introduced several HTTP status codes now registered in the IANA HTTP Status Code Registry.

  • 207 Multi-Status conveys results for multiple sub-operations inside a single XML response body. PROPFIND, PROPPATCH, COPY, and MOVE all return this status.
  • 422 Unprocessable Content indicates a syntactically valid request with semantic errors the server cannot process.
  • 423 Locked signals the target resource is locked and the request did not include a valid lock token.
  • 424 Failed Dependency means the operation failed because a prior operation in the same request failed.
  • 507 Insufficient Storage reports the server lacks space to complete the operation.

Extensions

Several protocols build on WebDAV for domain-specific data.

CalDAV adds calendaring and scheduling through iCalendar-formatted resources stored in WebDAV collections. CardDAV applies the same model to vCard contact data. Apple iCloud, Google, and Fastmail all use CalDAV and CardDAV for calendar and contact synchronization.

DeltaV adds version control operations such as CHECKOUT, CHECKIN, and VERSION-CONTROL. WebDAV ACL defines access control properties and the ACL method.

Clients

WebDAV has broad native operating system support. macOS Finder mounts WebDAV shares as network volumes through the Connect to Server dialog. Windows File Explorer connects to WebDAV shares as mapped network drives. Linux file managers such as Nautilus and Dolphin support WebDAV through GVfs and KIO.

Third-party clients include Cyberduck, Mountain Duck, and various mobile file manager apps. Many cloud storage providers expose WebDAV endpoints for interoperability with these clients.

WebDAV and FTP

Both WebDAV and FTP transfer files to and from remote servers, but WebDAV operates over HTTP/HTTPS on standard ports 80 and 443. This means WebDAV traffic passes through firewalls, proxies, and load balancers without special configuration. FTP requires additional ports for data channels and often needs firewall rules for passive mode.

WebDAV uses a single TCP connection for all operations. FTP opens separate connections for each transfer, adding overhead when moving many small files.

HTTP Compression is standard for WebDAV traffic. FTP compression (Mode Z) requires explicit support and configuration on both client and server.

Takeaway

Web Distributed Authoring and Versioning (WebDAV) extends HTTP with methods for file authoring, property management, collection operations, and locking. The protocol operates over standard HTTP/HTTPS, making remote file management accessible through native OS clients and third-party tools.

See also

Last updated: March 6, 2026