Hi everyone.
I've found this discussion because I have the same problem, but no solution:
https://github.com/roundcube/roundcubemail/issues/5175
Using the button "download all attachments" in a mail, I have this error in my roundcube:
"REQUEST CHECK FAILED" / "CSRF validation error"
On my roundcube log I find this:
The same happen if I right click on logout button and press "open in a new window", I know this is borderline but It's the same error.
We use current version of RoundCube (1.2.3) on HTTPS <- that appear to be related to the problem
with log:
Thank you,
Alvise Nicoletti
ELAN42
These are not intended to use right-click on them. If you do this the browser does not use javascript, but follows the url which might not contain the security token in such a case. Works for me.
Right-click problem happens only with logout link.
The "download all attachments" problem happens always, so there is something wrong somewhere.
I can disclose for you login+password of a testing user to troubleshoot if you want.
Did you update from some previous version? If you didn't update the zipdownload plugin or app.js file properly, or some of them are cached by the browser in older version, that would cause such issues.
We did a fresh install of roundcube, using the latest tgz from roundcube website ...
Also, this is not a cache problem ... we already emptyed cache client-side.
What can we do ?
Do you have a Content-Security-Policy header being returned under HTTPS?
I had the same error (as this and #5175), have removed CSP header and it works. Now I need to figure out exactly what part by making it more lenient step-by-step: e.g. unsafe-inline scripts etc.
Thank you,
we checked,
but unfortunately the problem is another one.
How can we troubleshoot ? Do someone want a mail account to test this issue ?
What PHP version? This looks strange. The URL should contain _token argument, but it's not there. So, either some problem with session (which is supposed to store the token) or token generation. Are there any errors in log when you open the message?
PHP 5.6.29-0+deb8u1
As I wrote this is in my error log when I find this error:
I really would like to show you the problem giving a login+password,
we have demo users for this ...
That's something that is not possible to solve seeing the frontend. I'd need to have access to the filesystem to digg into the Roundcube code there. As I said before, this is a strange issue and I have no more clues.
Not enough info to find out what's going on here. Closing.
Hello,
I am also experiencing this issue on a server running nginx-1.15.1-1.el7_4.ngx.x86_64 and php56u-fpm-nginx-5.6.36-1.ius.centos7.noarch
However I was able to solve the issue by updating Nginx configuration from
proxy_pass $scheme://$host$request_uri$is_args;
to
proxy_pass $scheme://$host$request_uri;
Hope this help.
Thanks.
I can confirm I'm having the same issue on Ubuntu 18.04, Apache 2.4.29, and PHP 7.2.10-0ubuntu0.18.04.1.
same issue with roundcubemail-1.3.8, ubuntu 16.04, apache 2.4.18 and PHP 7.3.1-3+ubuntu16.04.1
I managed to fix this issue by installing the JavaScript dependencies as described in INSTALL:
bin/install-jsdeps.sh
Having the ability to read the install instructions is clearly an advantage...
However, is there any chance that this could be moved to the composer instructions? You could either add it as a post-installation hook or even require the respective packages?
Most helpful comment
I managed to fix this issue by installing the JavaScript dependencies as described in INSTALL:
bin/install-jsdeps.shHaving the ability to read the install instructions is clearly an advantage...
However, is there any chance that this could be moved to the composer instructions? You could either add it as a post-installation hook or even
requirethe respective packages?