CSRF check failed when trying to share files

mackerl · January 11, 2021, 9:35am

After updating the core from 10.5.0 to 10.6.0 the sharing feature in the macOS and iOS app does not work anymore.

When using the web interface, sharing works as expected.

Expected behaviour

Right-click on a file in my ownCloud folder, -> copy public link -> paste the link in the browser -> file can be downloaded.

Actual behaviour

Right-click on a file in my ownCloud folder, -> copy public link -> the window with the sharing options opens, displaying “CSRF check failed” in red. All options for creating shares are greyed out.

The iOS app displays the same message when trying to create a public link to a file.

Steps to reproduce

As described above.

Server configuration

Operating system: Linux info 3.0 #1337 SMP Tue Jan 01 00:00:00 CEST 2000 all GNU/Linux

Web server: Apache

Database: MySQL 5.5

PHP version: 7.4

ownCloud version: 10.6.0

Storage backend (external storage): none

Client configuration

Client version: Desktop: 2.7.4 (build 2934)
iOS: 11.4.5 build 182

Operating system: MacOS 10.14.6; MacOS 11.1; iOS 14.2

OS language: german

Installation path of client:
/Applications/

Logs

Client logfile: Output of owncloud --logwindow or owncloud --logfile log.txt
01-11 10:14:57:710 [ warning gui.sharing.ocs ]: Reply to “GET” QUrl(“https://(urlDELETEDforPRIVACY)/ocs/v1.php/apps/files_sharing/api/v1/shares”) (QPair(“path”,"/Bildschirmfoto 2021-01-03 um 12.50.59.png"), QPair(“reshares”,“true”)) has unexpected status code: 996 “{“ocs”:{“meta”:{“status”:“failure”,“statuscode”:996,“message”:“CSRF check failed”,“totalitems”:”",“itemsperpage”:""},“data”:[]}}"
01-11 10:14:57:710 [ warning gui.socketapi.publiclink ]: Share fetch/create error 996 “CSRF check failed”
Web server error log:
(IP-ADRESS-DELETED) - - [11/Jan/2021:10:14:57 +0100] “GET /ocs/v1.php/apps/files_sharing/api/v1/shares?path=%2FBildschirmfoto%202021-01-03%20um%2012.50.59.png&reshares=true&format=json HTTP/1.1” 200 128 (urlDELETEDforPRIVACY) “-” “Mozilla/5.0 (Macintosh) mirall/2.7.4 (build 2934) (ownCloud, osx-18.7.0 ClientArchitecture: x86_64 OsArchitecture: x86_64)” “-”
(IP-ADRESS-DELETED) - - [11/Jan/2021:10:14:57 +0100] “GET /index.php/apps/files/api/v1/thumbnail/150/150//Bildschirmfoto%202021-01-03%20um%2012.50.59.png HTTP/1.1” 200 16667 (urlDELETEDforPRIVACY) “-” “Mozilla/5.0 (Macintosh) mirall/2.7.4 (build 2934) (ownCloud, osx-18.7.0 ClientArchitecture: x86_64 OsArchitecture: x86_64)” “-”
(IP-ADRESS-DELETED) - - [11/Jan/2021:10:14:58 +0100] “PROPFIND /remote.php/dav/files/octestuser/Bildschirmfoto%202021-01-03%20um%2012.50.59.png HTTP/1.1” 207 548 (urlDELETEDforPRIVACY) “-” “Mozilla/5.0 (Macintosh) mirall/2.7.4 (build 2934) (ownCloud, osx-18.7.0 ClientArchitecture: x86_64 OsArchitecture: x86_64)” “-”
(IP-ADRESS-DELETED) - - [11/Jan/2021:10:14:58 +0100] “GET /ocs/v1.php/apps/files_sharing/api/v1/shares?path=%2FBildschirmfoto%202021-01-03%20um%2012.50.59.png&reshares=true&format=json HTTP/1.1” 200 128 (urlDELETEDforPRIVACY) “-” “Mozilla/5.0 (Macintosh) mirall/2.7.4 (build 2934) (ownCloud, osx-18.7.0 ClientArchitecture: x86_64 OsArchitecture: x86_64)” “-”
(IP-ADRESS-DELETED) - - [11/Jan/2021:10:14:58 +0100] “GET /ocs/v1.php/apps/files_sharing/api/v1/shares?path=%2FBildschirmfoto%202021-01-03%20um%2012.50.59.png&reshares=true&format=json HTTP/1.1” 200 128 (urlDELETEDforPRIVACY) “-” “Mozilla/5.0 (Macintosh) mirall/2.7.4 (build 2934) (ownCloud, osx-18.7.0 ClientArchitecture: x86_64 OsArchitecture: x86_64)” “-”
Server logfile: ownCloud log (data/owncloud.log):
Can’t find unusual messages.

michaelstingl · January 11, 2021, 9:58am

I wasn’t able to reproduce with the 11.4.5 iOS app and 10.6.0 demo.owncloud.com (test:test)

Maybe difficult to investigate without knowing the exact ionos setup.

mackerl · January 11, 2021, 10:19am

Thanks for the reply. If you are interested, I can create a test account for you on my server.

sysjtv · January 12, 2021, 1:48pm

Hello, I have the same error in my system after updating to version 10.6.0 and it also works correctly when accessing from the web interface. I appreciate your help in case of solving it.

corby · January 13, 2021, 2:08pm

Hi @mackerl,

I’m also struggling to reproduce your issue with my local setup.
Could you show me the client log with the requests included?

Also which authentication method are you using? Do you have the oauth2 ownCloud app or any other ownCloud app installed?

mackerl · January 13, 2021, 2:39pm

Hi @corby, thank you!

It is a pretty standard installation of ownCloud, I run it since Version 8 I think. No oauth2 app is used.
Installed apps are:

Admin Config Report 0.2.0
Deleted files 0.9.1
Federation 0.1.0
Provisioning API 0.5.0
Share Files 0.14.0
Update notification 0.2.1
Versions 1.3.0
Activity 2.6.0
Collaborative tags 0.3.0
Comments 0.3.0
Contacts 1.5.5
First run wizard 1.2.0
Gallery 16.1.1
Mail Template Editor 0.4.0
Market 0.6.0
Media Viewer 1.0.3
Notifications 0.5.2
PDF Viewer 0.11.2
Text Editor 2.3.0

I use the standard username password authentification. Everything works fine via the Browser. The problem is only with the client apps on Mac and iOS. This is the most recent log of the client, when I tried to share a file:

01-13 15:22:08:076 [ info gui.folder.manager ]:	<========== Sync finished for folder [ownCloud] of account [martin.privat@REMOVED-URL-FOR-PRIVACY] with remote [https://REMOVED-URL-FOR-PRIVACY/remote.php/dav/files/martin.privat/]
01-13 15:22:08:179 [ warning default ]:	QString::arg: 2 argument(s) missing in <p>Version %1. Weitere Informationen unter <a href="%3">https://%4</a></p><p>Für bekannte Fehler und die Hilfe, besuchen Sie bitte: <a href="https://central.owncloud.org/c/desktop-client">https://central.owncloud.org</a></p><p><small>Von Klaas Freitag, Daniel Molkentin, Olivier Goffart, Markus Götz, Jan-Christoph Borchardt,  Thomas Müller, Dominik Schmidt, Michael Stingl, Hannah von Reth und anderen.</small></p><p>Copyright ownCloud GmbH</p><p>Lizenziert unter den Bedingungen der GNU General Public License (GPL) Version 2.0.<br/>%5 und das %5 Logo sind eingetragene Warenzeichen von %4 in den USA, anderen Ländern, oder beidem.</p>
01-13 15:22:12:085 [ info gui.socketapi ]:	Received SocketAPI message <-- "GET_MENU_ITEMS:/Users/martin/ownCloud/file-to-be-shared.png" from SocketApiSocket(0x600001bd5f80)
01-13 15:22:12:085 [ info gui.socketapi ]:	Sending SocketAPI message --> "GET_MENU_ITEMS:BEGIN" to SocketApiSocket(0x600001bd5f80)
01-13 15:22:12:085 [ debug sync.database.sql ]	[ OCC::SqlQuery::bindValue ]:	SQL bind 1 4733511307310152863
01-13 15:22:12:085 [ debug sync.database.sql ]	[ OCC::SqlQuery::exec ]:	SQL exec "SELECT path, inode, modtime, type, md5, fileid, remotePerm, filesize,  ignoredChildrenRemote, contentchecksumtype.name || ':' || contentChecksum FROM metadata  LEFT JOIN checksumtype as contentchecksumtype ON metadata.contentChecksumTypeId == contentchecksumtype.id WHERE phash=?1"
01-13 15:22:12:085 [ debug sync.database.sql ]	[ OCC::SqlQuery::bindValue ]:	SQL bind 1 4733511307310152863
01-13 15:22:12:085 [ debug sync.database.sql ]	[ OCC::SqlQuery::exec ]:	SQL exec "SELECT path, inode, modtime, type, md5, fileid, remotePerm, filesize,  ignoredChildrenRemote, contentchecksumtype.name || ':' || contentChecksum FROM metadata  LEFT JOIN checksumtype as contentchecksumtype ON metadata.contentChecksumTypeId == contentchecksumtype.id WHERE phash=?1"
01-13 15:22:12:085 [ info gui.socketapi ]:	Sending SocketAPI message --> "MENU_ITEM:SHARE::Teilen…" to SocketApiSocket(0x600001bd5f80)
01-13 15:22:12:086 [ info gui.socketapi ]:	Sending SocketAPI message --> "MENU_ITEM:COPY_PUBLIC_LINK::Öffentlichen Link in die Zwischenablage kopieren" to SocketApiSocket(0x600001bd5f80)
01-13 15:22:12:086 [ info gui.socketapi ]:	Sending SocketAPI message --> "MENU_ITEM:COPY_PRIVATE_LINK::Privater Link in die Zwischenablage kopiert" to SocketApiSocket(0x600001bd5f80)
01-13 15:22:12:086 [ info gui.socketapi ]:	Sending SocketAPI message --> "MENU_ITEM:OPEN_PRIVATE_LINK::Im Browser öffnen" to SocketApiSocket(0x600001bd5f80)
01-13 15:22:12:086 [ info gui.socketapi ]:	Sending SocketAPI message --> "MENU_ITEM:OPEN_PRIVATE_LINK_VERSIONS::Zeige Dateiversionen im Browser" to SocketApiSocket(0x600001bd5f80)
01-13 15:22:12:086 [ info gui.socketapi ]:	Sending SocketAPI message --> "GET_MENU_ITEMS:END" to SocketApiSocket(0x600001bd5f80)
01-13 15:22:14:620 [ info gui.socketapi ]:	Received SocketAPI message <-- "SHARE:/Users/martin/ownCloud/file-to-be-shared.png" from SocketApiSocket(0x600001bd5f80)
01-13 15:22:14:620 [ debug sync.database.sql ]	[ OCC::SqlQuery::bindValue ]:	SQL bind 1 4733511307310152863
01-13 15:22:14:621 [ debug sync.database.sql ]	[ OCC::SqlQuery::exec ]:	SQL exec "SELECT path, inode, modtime, type, md5, fileid, remotePerm, filesize,  ignoredChildrenRemote, contentchecksumtype.name || ':' || contentChecksum FROM metadata  LEFT JOIN checksumtype as contentchecksumtype ON metadata.contentChecksumTypeId == contentchecksumtype.id WHERE phash=?1"
01-13 15:22:14:621 [ info gui.socketapi ]:	Sending SocketAPI message --> "SHARE:OK:/Users/martin/ownCloud/file-to-be-shared.png" to SocketApiSocket(0x600001bd5f80)
01-13 15:22:14:621 [ debug sync.database.sql ]	[ OCC::SqlQuery::bindValue ]:	SQL bind 1 4733511307310152863
01-13 15:22:14:621 [ debug sync.database.sql ]	[ OCC::SqlQuery::exec ]:	SQL exec "SELECT path, inode, modtime, type, md5, fileid, remotePerm, filesize,  ignoredChildrenRemote, contentchecksumtype.name || ':' || contentChecksum FROM metadata  LEFT JOIN checksumtype as contentchecksumtype ON metadata.contentChecksumTypeId == contentchecksumtype.id WHERE phash=?1"
01-13 15:22:14:623 [ info gui.application ]:	Opening share dialog "/file-to-be-shared.png" "/Users/martin/ownCloud/file-to-be-shared.png" QFlags(0x1|0x2|0x4|0x8|0x10)
01-13 15:22:14:629 [ info sync.accessmanager ]:	2 "" "https://REMOVED-URL-FOR-PRIVACY/index.php/apps/files/api/v1/thumbnail/150/150//file-to-be-shared.png" has X-Request-ID "29b37518-0196-4dfa-aada-872c8714e6d4"
01-13 15:22:14:629 [ debug sync.cookiejar ]	[ OCC::CookieJar::cookiesForUrl ]:	QUrl("https://REMOVED-URL-FOR-PRIVACY/index.php/apps/files/api/v1/thumbnail/150/150//file-to-be-shared.png") requests: (QNetworkCookie("oc_sessionPassphrase=lRWY0WFBOhkIH6Oct5xGh0%2FCvk3R79KcESQE2LTop8RYTOv2qTrI8CzICqlD1Mggt229rE0l7zgfDVi%2Bl%2BCUblzMn9qrxsd3HvBoXfVvjGbqtSxjqBAh0QWxh0ebaxB3; secure; HttpOnly; domain=REMOVED-URL-FOR-PRIVACY; path=/"), QNetworkCookie("oc26woi8wlh2=eecbbc52602f5f8a69243ccdc5fd1279; secure; HttpOnly; domain=REMOVED-URL-FOR-PRIVACY; path=/"))
01-13 15:22:14:629 [ info sync.networkjob ]:	OCC::ThumbnailJob created for "https://REMOVED-URL-FOR-PRIVACY" + "index.php/apps/files/api/v1/thumbnail/150/150//file-to-be-shared.png" "OCC::ShareDialog"
01-13 15:22:14:630 [ info sync.accessmanager ]:	6 "PROPFIND" "https://REMOVED-URL-FOR-PRIVACY/remote.php/dav/files/martin.privat/file-to-be-shared.png" has X-Request-ID "e41b8310-39dc-4bf6-a398-f7630ae0bc14"
01-13 15:22:14:630 [ debug sync.cookiejar ]	[ OCC::CookieJar::cookiesForUrl ]:	QUrl("https://REMOVED-URL-FOR-PRIVACY/remote.php/dav/files/martin.privat/file-to-be-shared.png") requests: (QNetworkCookie("oc_sessionPassphrase=lRWY0WFBOhkIH6Oct5xGh0%2FCvk3R79KcESQE2LTop8RYTOv2qTrI8CzICqlD1Mggt229rE0l7zgfDVi%2Bl%2BCUblzMn9qrxsd3HvBoXfVvjGbqtSxjqBAh0QWxh0ebaxB3; secure; HttpOnly; domain=REMOVED-URL-FOR-PRIVACY; path=/"), QNetworkCookie("oc26woi8wlh2=eecbbc52602f5f8a69243ccdc5fd1279; secure; HttpOnly; domain=REMOVED-URL-FOR-PRIVACY; path=/"))
01-13 15:22:14:630 [ info sync.networkjob ]:	OCC::PropfindJob created for "https://REMOVED-URL-FOR-PRIVACY" + "/file-to-be-shared.png" ""
01-13 15:22:15:027 [ warning default ]:	setActivationPolicy 0 failed
01-13 15:22:15:057 [ debug gui.account.state ]	[ OCC::AccountState::checkConnectivity ]:	"martin.privat@REMOVED-URL-FOR-PRIVACY" The last ETag check succeeded within the last  30  secs. No connection check needed!
01-13 15:22:16:367 [ info sync.networkjob.propfind ]:	PROPFIND of QUrl("https://REMOVED-URL-FOR-PRIVACY/remote.php/dav/files/martin.privat/file-to-be-shared.png") FINISHED WITH STATUS "OK"
01-13 15:22:16:367 [ info gui.sharing ]:	Received sharing permissions for "/file-to-be-shared.png" QFlags(0x1|0x2|0x10)
01-13 15:22:16:367 [ info gui.sharing ]:	Received private link url for "/file-to-be-shared.png" "https://REMOVED-URL-FOR-PRIVACY/index.php/f/112033"
01-13 15:22:16:379 [ info sync.accessmanager ]:	6 "GET" "https://REMOVED-URL-FOR-PRIVACY/ocs/v1.php/apps/files_sharing/api/v1/shares?path=%2Ffile-to-be-shared.png&reshares=true&format=json" has X-Request-ID "87e33d9b-5b7a-48dd-be0c-b2d9385f755c"
01-13 15:22:16:379 [ debug sync.cookiejar ]	[ OCC::CookieJar::cookiesForUrl ]:	QUrl("https://REMOVED-URL-FOR-PRIVACY/ocs/v1.php/apps/files_sharing/api/v1/shares?path=%2Ffile-to-be-shared.png&reshares=true&format=json") requests: (QNetworkCookie("oc_sessionPassphrase=lRWY0WFBOhkIH6Oct5xGh0%2FCvk3R79KcESQE2LTop8RYTOv2qTrI8CzICqlD1Mggt229rE0l7zgfDVi%2Bl%2BCUblzMn9qrxsd3HvBoXfVvjGbqtSxjqBAh0QWxh0ebaxB3; secure; HttpOnly; domain=REMOVED-URL-FOR-PRIVACY; path=/"), QNetworkCookie("oc26woi8wlh2=eecbbc52602f5f8a69243ccdc5fd1279; secure; HttpOnly; domain=REMOVED-URL-FOR-PRIVACY; path=/"))
01-13 15:22:16:379 [ info sync.networkjob ]:	OCC::OcsShareJob created for "https://REMOVED-URL-FOR-PRIVACY" + "ocs/v1.php/apps/files_sharing/api/v1/shares" ""
01-13 15:22:16:390 [ info sync.accessmanager ]:	6 "GET" "https://REMOVED-URL-FOR-PRIVACY/ocs/v1.php/apps/files_sharing/api/v1/shares?path=%2Ffile-to-be-shared.png&reshares=true&format=json" has X-Request-ID "2abf00f6-d6f3-414f-918d-4b1ad7ebddc5"
01-13 15:22:16:390 [ debug sync.cookiejar ]	[ OCC::CookieJar::cookiesForUrl ]:	QUrl("https://REMOVED-URL-FOR-PRIVACY/ocs/v1.php/apps/files_sharing/api/v1/shares?path=%2Ffile-to-be-shared.png&reshares=true&format=json") requests: (QNetworkCookie("oc_sessionPassphrase=lRWY0WFBOhkIH6Oct5xGh0%2FCvk3R79KcESQE2LTop8RYTOv2qTrI8CzICqlD1Mggt229rE0l7zgfDVi%2Bl%2BCUblzMn9qrxsd3HvBoXfVvjGbqtSxjqBAh0QWxh0ebaxB3; secure; HttpOnly; domain=REMOVED-URL-FOR-PRIVACY; path=/"), QNetworkCookie("oc26woi8wlh2=eecbbc52602f5f8a69243ccdc5fd1279; secure; HttpOnly; domain=REMOVED-URL-FOR-PRIVACY; path=/"))
01-13 15:22:16:390 [ info sync.networkjob ]:	OCC::OcsShareJob created for "https://REMOVED-URL-FOR-PRIVACY" + "ocs/v1.php/apps/files_sharing/api/v1/shares" ""
01-13 15:22:16:390 [ debug sync.networkjob ]	[ OCC::AbstractNetworkJob::slotFinished ]:	Network job OCC::PropfindJob finished for "/file-to-be-shared.png"
01-13 15:22:16:391 [ debug sync.networkjob ]	[ OCC::AbstractNetworkJob::slotFinished ]:	Network job OCC::ThumbnailJob finished for "index.php/apps/files/api/v1/thumbnail/150/150//file-to-be-shared.png"
01-13 15:22:17:015 [ warning gui.sharing.ocs ]:	Reply to "GET" QUrl("https://REMOVED-URL-FOR-PRIVACY/ocs/v1.php/apps/files_sharing/api/v1/shares") (QPair("path","/file-to-be-shared.png"), QPair("reshares","true")) has unexpected status code: 996 "{\"ocs\":{\"meta\":{\"status\":\"failure\",\"statuscode\":996,\"message\":\"CSRF check failed\",\"totalitems\":\"\",\"itemsperpage\":\"\"},\"data\":[]}}"
01-13 15:22:17:015 [ warning gui.sharing ]:	Sharing error from server 996 "CSRF check failed"
01-13 15:22:17:016 [ debug sync.networkjob ]	[ OCC::AbstractNetworkJob::slotFinished ]:	Network job OCC::OcsShareJob finished for "ocs/v1.php/apps/files_sharing/api/v1/shares"
01-13 15:22:17:085 [ warning gui.sharing.ocs ]:	Reply to "GET" QUrl("https://REMOVED-URL-FOR-PRIVACY/ocs/v1.php/apps/files_sharing/api/v1/shares") (QPair("path","/file-to-be-shared.png"), QPair("reshares","true")) has unexpected status code: 996 "{\"ocs\":{\"meta\":{\"status\":\"failure\",\"statuscode\":996,\"message\":\"CSRF check failed\",\"totalitems\":\"\",\"itemsperpage\":\"\"},\"data\":[]}}"
01-13 15:22:17:085 [ warning gui.sharing ]:	Error from server 996 "CSRF check failed"
01-13 15:22:17:085 [ debug sync.networkjob ]	[ OCC::AbstractNetworkJob::slotFinished ]:	Network job OCC::OcsShareJob finished for "ocs/v1.php/apps/files_sharing/api/v1/shares"

corby · January 13, 2021, 3:57pm

Ok no oauth2, that narrows it down.
What I wanted to check isn’t included in the logs but you can do that yourself.
You have to include the http requests in your log. To do that open the ownCloud Client and press F12. Then check the option Log Http traffic.

Then do the sharing stuff again and check the logs.
There should be logs from sync.httplogger. Check if your requests contain basic auth headers.
Example:
01-13 13:54:17:185 [ info sync.httplogger ]: “d47353e0-8dc4-408a-974d-8e6c8093f1cd: Request: POST http://localhost:8
080/ocs/v1.php/apps/files_sharing/api/v1/shares?format=json Header: { Ocs-APIREQUEST: true, Content-Type: application/x
-www-form-urlencoded, Authorization: Basic [redacted], User-Agent: Mozilla/5.0 (Linux) mirall/2.7.4 (ownCloud, arch-5.1
0.6-arch1-1 ClientArchitecture: x86_64 OsArchitecture: x86_64), Accept: /, X-Request-ID: d47353e0-8dc4-408a-974d-8e6c
8093f1cd, Content-Length: 83, Cookie: oc_sessionPassphrase=redacted ocmokzbj5kw4=redacted, } Da
ta: [path=%2F2020-10-23-100802_672x191_scrot.png&shareType=3&name=Context%20menu%20share]”

mackerl · January 13, 2021, 4:43pm

This is the log with http traffic:

01-13 17:33:59:643 [ info gui.folder ]:	Trying to check "https://REMOVED-URL-FOR-PRIVACY/remote.php/dav/files/martin.privat/" for changes via ETag check. (time since last sync: 173 s)
01-13 17:33:59:643 [ debug gui.folder.manager ]	[ OCC::FolderMan::slotRunOneEtagJob ]:	Scheduling "https://REMOVED-URL-FOR-PRIVACY/remote.php/dav/files/martin.privat/" to check remote ETag
01-13 17:33:59:643 [ info sync.accessmanager ]:	6 "PROPFIND" "https://REMOVED-URL-FOR-PRIVACY/remote.php/dav/files/martin.privat/" has X-Request-ID "89cfad4d-87d6-4f49-a35a-c2ef5a22c954"
01-13 17:33:59:643 [ debug sync.cookiejar ]	[ OCC::CookieJar::cookiesForUrl ]:	QUrl("https://REMOVED-URL-FOR-PRIVACY/remote.php/dav/files/martin.privat/") requests: (QNetworkCookie("oc_sessionPassphrase=o6rFY2MFzIpScIZNDyj%2FEvYy0zLW16SI1xeO%2B%2Fb8qkFg6BALYf3e0xmGxFS8ntkDDotuwNoVDwjuK3GxaENqMvdvQXwhKbv6BjkMqoRjwgIRJYFR3uAjbMt5UJ1nwrgM; secure; HttpOnly; domain=REMOVED-URL-FOR-PRIVACY; path=/"), QNetworkCookie("oc26woi8wlh2=2f20e0e9968c27437485bfe65ea692eb; secure; HttpOnly; domain=REMOVED-URL-FOR-PRIVACY; path=/"))
01-13 17:33:59:643 [ info sync.httplogger ]:	"89cfad4d-87d6-4f49-a35a-c2ef5a22c954: Request: PROPFIND https://REMOVED-URL-FOR-PRIVACY/remote.php/dav/files/martin.privat/ Header: { Depth: 0, Authorization: Basic [redacted], User-Agent: Mozilla/5.0 (Macintosh) mirall/2.7.4 (build 2934) (ownCloud, osx-18.7.0 ClientArchitecture: x86_64 OsArchitecture: x86_64), Accept: */*, Content-Type: text/xml; charset=utf-8, X-Request-ID: 89cfad4d-87d6-4f49-a35a-c2ef5a22c954, Content-Length: 105, Cookie: oc_sessionPassphrase=o6rFY2MFzIpScIZNDyj%2FEvYy0zLW16SI1xeO%2B%2Fb8qkFg6BALYf3e0xmGxFS8ntkDDotuwNoVDwjuK3GxaENqMvdvQXwhKbv6BjkMqoRjwgIRJYFR3uAjbMt5UJ1nwrgM; oc26woi8wlh2=2f20e0e9968c27437485bfe65ea692eb, } Data: [<?xml version=\"1.0\" ?>\n<d:propfind xmlns:d=\"DAV:\">\n  <d:prop>\n    <d:getetag/>\n  </d:prop>\n</d:propfind>\n]"
01-13 17:33:59:644 [ info sync.networkjob ]:	OCC::RequestEtagJob created for "https://REMOVED-URL-FOR-PRIVACY" + "/" "OCC::Folder"
01-13 17:34:00:132 [ info sync.httplogger ]:	"89cfad4d-87d6-4f49-a35a-c2ef5a22c954: Response: PROPFIND 207 https://REMOVED-URL-FOR-PRIVACY/remote.php/dav/files/martin.privat/ Header: { Content-Type: application/xml; charset=utf-8, Transfer-Encoding: chunked, Connection: keep-alive, Keep-Alive: timeout=15, Date: Wed, 13 Jan 2021 16:33:59 GMT, Server: Apache, X-Powered-By: PHP/7.4.14, Expires: Thu, 19 Nov 1981 08:52:00 GMT, Cache-Control: no-store, no-cache, must-revalidate, Pragma: no-cache, X-XSS-Protection: 1; mode=block, X-Content-Type-Options: nosniff, X-Frame-Options: SAMEORIGIN, X-Robots-Tag: none, X-Download-Options: noopen, X-Permitted-Cross-Domain-Policies: none, Content-Security-Policy: default-src 'none';, Vary: Brief,Prefer, DAV: 1, 3, extended-mkcol, 2, } Data: [<?xml version=\"1.0\"?>\n<d:multistatus xmlns:d=\"DAV:\" xmlns:s=\"http://sabredav.org/ns\" xmlns:oc=\"http://owncloud.org/ns\"><d:response><d:href>/remote.php/dav/files/martin.privat/</d:href><d:propstat><d:prop><d:getetag>&quot;9cae2c6972489b9cc67f42a06b48d3d5&quot;</d:getetag></d:prop><d:status>HTTP/1.1 200 OK</d:status></d:propstat></d:response></d:multistatus>\n]"
01-13 17:34:00:132 [ info sync.networkjob.etag ]:	Request Etag of QUrl("https://REMOVED-URL-FOR-PRIVACY/remote.php/dav/files/martin.privat/") FINISHED WITH STATUS "OK"
01-13 17:34:00:133 [ debug sync.networkjob ]	[ OCC::AbstractNetworkJob::slotFinished ]:	Network job OCC::RequestEtagJob finished for "/"
01-13 17:34:00:618 [ info gui.socketapi ]:	Received SocketAPI message <-- "GET_MENU_ITEMS:/Users/martin/ownCloud/file-to-be-shared.png" from SocketApiSocket(0x600002650bc0)
01-13 17:34:00:618 [ info gui.socketapi ]:	Sending SocketAPI message --> "GET_MENU_ITEMS:BEGIN" to SocketApiSocket(0x600002650bc0)
01-13 17:34:00:618 [ debug sync.database.sql ]	[ OCC::SqlQuery::bindValue ]:	SQL bind 1 4733511307310152863
01-13 17:34:00:618 [ debug sync.database.sql ]	[ OCC::SqlQuery::exec ]:	SQL exec "SELECT path, inode, modtime, type, md5, fileid, remotePerm, filesize,  ignoredChildrenRemote, contentchecksumtype.name || ':' || contentChecksum FROM metadata  LEFT JOIN checksumtype as contentchecksumtype ON metadata.contentChecksumTypeId == contentchecksumtype.id WHERE phash=?1"
01-13 17:34:00:618 [ debug sync.database.sql ]	[ OCC::SqlQuery::bindValue ]:	SQL bind 1 4733511307310152863
01-13 17:34:00:618 [ debug sync.database.sql ]	[ OCC::SqlQuery::exec ]:	SQL exec "SELECT path, inode, modtime, type, md5, fileid, remotePerm, filesize,  ignoredChildrenRemote, contentchecksumtype.name || ':' || contentChecksum FROM metadata  LEFT JOIN checksumtype as contentchecksumtype ON metadata.contentChecksumTypeId == contentchecksumtype.id WHERE phash=?1"
01-13 17:34:00:618 [ info gui.socketapi ]:	Sending SocketAPI message --> "MENU_ITEM:SHARE::Teilen…" to SocketApiSocket(0x600002650bc0)
01-13 17:34:00:619 [ info gui.socketapi ]:	Sending SocketAPI message --> "MENU_ITEM:COPY_PUBLIC_LINK::Öffentlichen Link in die Zwischenablage kopieren" to SocketApiSocket(0x600002650bc0)
01-13 17:34:00:619 [ info gui.socketapi ]:	Sending SocketAPI message --> "MENU_ITEM:COPY_PRIVATE_LINK::Privater Link in die Zwischenablage kopiert" to SocketApiSocket(0x600002650bc0)
01-13 17:34:00:620 [ info gui.socketapi ]:	Sending SocketAPI message --> "MENU_ITEM:OPEN_PRIVATE_LINK::Im Browser öffnen" to SocketApiSocket(0x600002650bc0)
01-13 17:34:00:620 [ info gui.socketapi ]:	Sending SocketAPI message --> "MENU_ITEM:OPEN_PRIVATE_LINK_VERSIONS::Zeige Dateiversionen im Browser" to SocketApiSocket(0x600002650bc0)
01-13 17:34:00:620 [ info gui.socketapi ]:	Sending SocketAPI message --> "GET_MENU_ITEMS:END" to SocketApiSocket(0x600002650bc0)
01-13 17:34:02:143 [ warning default ]:	QString::arg: 2 argument(s) missing in <p>Version %1. Weitere Informationen unter <a href="%3">https://%4</a></p><p>Für bekannte Fehler und die Hilfe, besuchen Sie bitte: <a href="https://central.owncloud.org/c/desktop-client">https://central.owncloud.org</a></p><p><small>Von Klaas Freitag, Daniel Molkentin, Olivier Goffart, Markus Götz, Jan-Christoph Borchardt,  Thomas Müller, Dominik Schmidt, Michael Stingl, Hannah von Reth und anderen.</small></p><p>Copyright ownCloud GmbH</p><p>Lizenziert unter den Bedingungen der GNU General Public License (GPL) Version 2.0.<br/>%5 und das %5 Logo sind eingetragene Warenzeichen von %4 in den USA, anderen Ländern, oder beidem.</p>
01-13 17:34:04:742 [ info gui.socketapi ]:	Received SocketAPI message <-- "COPY_PUBLIC_LINK:/Users/martin/ownCloud/file-to-be-shared.png" from SocketApiSocket(0x600002650bc0)
01-13 17:34:04:742 [ debug gui.socketapi.publiclink ]	[ OCC::GetOrCreatePublicLinkShare::run ]:	Fetching shares
01-13 17:34:04:742 [ info sync.accessmanager ]:	6 "GET" "https://REMOVED-URL-FOR-PRIVACY/ocs/v1.php/apps/files_sharing/api/v1/shares?path=%2Ffile-to-be-shared.png&reshares=true&format=json" has X-Request-ID "89b35df2-b44e-4627-84fa-dc3a9f02ee14"
01-13 17:34:04:742 [ debug sync.cookiejar ]	[ OCC::CookieJar::cookiesForUrl ]:	QUrl("https://REMOVED-URL-FOR-PRIVACY/ocs/v1.php/apps/files_sharing/api/v1/shares?path=%2Ffile-to-be-shared.png&reshares=true&format=json") requests: (QNetworkCookie("oc_sessionPassphrase=o6rFY2MFzIpScIZNDyj%2FEvYy0zLW16SI1xeO%2B%2Fb8qkFg6BALYf3e0xmGxFS8ntkDDotuwNoVDwjuK3GxaENqMvdvQXwhKbv6BjkMqoRjwgIRJYFR3uAjbMt5UJ1nwrgM; secure; HttpOnly; domain=REMOVED-URL-FOR-PRIVACY; path=/"), QNetworkCookie("oc26woi8wlh2=2f20e0e9968c27437485bfe65ea692eb; secure; HttpOnly; domain=REMOVED-URL-FOR-PRIVACY; path=/"))
01-13 17:34:04:742 [ info sync.httplogger ]:	"89b35df2-b44e-4627-84fa-dc3a9f02ee14: Request: GET https://REMOVED-URL-FOR-PRIVACY/ocs/v1.php/apps/files_sharing/api/v1/shares?path=%2Ffile-to-be-shared.png&reshares=true&format=json Header: { Ocs-APIREQUEST: true, Content-Type: application/x-www-form-urlencoded, Authorization: Basic [redacted], User-Agent: Mozilla/5.0 (Macintosh) mirall/2.7.4 (build 2934) (ownCloud, osx-18.7.0 ClientArchitecture: x86_64 OsArchitecture: x86_64), Accept: */*, X-Request-ID: 89b35df2-b44e-4627-84fa-dc3a9f02ee14, Content-Length: 0, Cookie: oc_sessionPassphrase=o6rFY2MFzIpScIZNDyj%2FEvYy0zLW16SI1xeO%2B%2Fb8qkFg6BALYf3e0xmGxFS8ntkDDotuwNoVDwjuK3GxaENqMvdvQXwhKbv6BjkMqoRjwgIRJYFR3uAjbMt5UJ1nwrgM; oc26woi8wlh2=2f20e0e9968c27437485bfe65ea692eb, } Data: []"
01-13 17:34:04:743 [ info sync.networkjob ]:	OCC::OcsShareJob created for "https://REMOVED-URL-FOR-PRIVACY" + "ocs/v1.php/apps/files_sharing/api/v1/shares" ""
01-13 17:34:05:151 [ info sync.httplogger ]:	"89b35df2-b44e-4627-84fa-dc3a9f02ee14: Response: GET 200 https://REMOVED-URL-FOR-PRIVACY/ocs/v1.php/apps/files_sharing/api/v1/shares?path=%2Ffile-to-be-shared.png&reshares=true&format=json Header: { Content-Type: application/json; charset=utf-8, Content-Length: 128, Connection: keep-alive, Keep-Alive: timeout=15, Date: Wed, 13 Jan 2021 16:34:04 GMT, Server: Apache, X-Powered-By: PHP/7.4.14, Expires: Thu, 19 Nov 1981 08:52:00 GMT, Pragma: no-cache, X-XSS-Protection: 1; mode=block, X-Content-Type-Options: nosniff, X-Frame-Options: SAMEORIGIN, X-Robots-Tag: none, X-Download-Options: noopen, X-Permitted-Cross-Domain-Policies: none, Cache-Control: no-cache, no-store, must-revalidate, Content-Security-Policy: default-src 'none';manifest-src 'self';script-src 'self' 'unsafe-eval';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self';connect-src 'self';media-src 'self', } Data: [{\"ocs\":{\"meta\":{\"status\":\"failure\",\"statuscode\":996,\"message\":\"CSRF check failed\",\"totalitems\":\"\",\"itemsperpage\":\"\"},\"data\":[]}}]"
01-13 17:34:05:151 [ warning gui.sharing.ocs ]:	Reply to "GET" QUrl("https://REMOVED-URL-FOR-PRIVACY/ocs/v1.php/apps/files_sharing/api/v1/shares") (QPair("path","/file-to-be-shared.png"), QPair("reshares","true")) has unexpected status code: 996 "{\"ocs\":{\"meta\":{\"status\":\"failure\",\"statuscode\":996,\"message\":\"CSRF check failed\",\"totalitems\":\"\",\"itemsperpage\":\"\"},\"data\":[]}}"
01-13 17:34:05:151 [ warning gui.socketapi.publiclink ]:	Share fetch/create error 996 "CSRF check failed"
01-13 17:34:05:151 [ debug sync.database.sql ]	[ OCC::SqlQuery::bindValue ]:	SQL bind 1 4733511307310152863
01-13 17:34:05:151 [ debug sync.database.sql ]	[ OCC::SqlQuery::exec ]:	SQL exec "SELECT path, inode, modtime, type, md5, fileid, remotePerm, filesize,  ignoredChildrenRemote, contentchecksumtype.name || ':' || contentChecksum FROM metadata  LEFT JOIN checksumtype as contentchecksumtype ON metadata.contentChecksumTypeId == contentchecksumtype.id WHERE phash=?1"
01-13 17:34:05:151 [ info gui.application ]:	Opening share dialog "/file-to-be-shared.png" "/Users/martin/ownCloud/file-to-be-shared.png" QFlags(0x1|0x2|0x4|0x8|0x10)
01-13 17:34:05:152 [ info sync.accessmanager ]:	2 "" "https://REMOVED-URL-FOR-PRIVACY/index.php/apps/files/api/v1/thumbnail/150/150//file-to-be-shared.png" has X-Request-ID "12a1a895-95f1-4bec-998a-97d9d6051bce"
01-13 17:34:05:152 [ debug sync.cookiejar ]	[ OCC::CookieJar::cookiesForUrl ]:	QUrl("https://REMOVED-URL-FOR-PRIVACY/index.php/apps/files/api/v1/thumbnail/150/150//file-to-be-shared.png") requests: (QNetworkCookie("oc_sessionPassphrase=o6rFY2MFzIpScIZNDyj%2FEvYy0zLW16SI1xeO%2B%2Fb8qkFg6BALYf3e0xmGxFS8ntkDDotuwNoVDwjuK3GxaENqMvdvQXwhKbv6BjkMqoRjwgIRJYFR3uAjbMt5UJ1nwrgM; secure; HttpOnly; domain=REMOVED-URL-FOR-PRIVACY; path=/"), QNetworkCookie("oc26woi8wlh2=2f20e0e9968c27437485bfe65ea692eb; secure; HttpOnly; domain=REMOVED-URL-FOR-PRIVACY; path=/"))
01-13 17:34:05:152 [ info sync.httplogger ]:	"12a1a895-95f1-4bec-998a-97d9d6051bce: Request: GET https://REMOVED-URL-FOR-PRIVACY/index.php/apps/files/api/v1/thumbnail/150/150//file-to-be-shared.png Header: { Authorization: Basic [redacted], User-Agent: Mozilla/5.0 (Macintosh) mirall/2.7.4 (build 2934) (ownCloud, osx-18.7.0 ClientArchitecture: x86_64 OsArchitecture: x86_64), Accept: */*, X-Request-ID: 12a1a895-95f1-4bec-998a-97d9d6051bce, Cookie: oc_sessionPassphrase=o6rFY2MFzIpScIZNDyj%2FEvYy0zLW16SI1xeO%2B%2Fb8qkFg6BALYf3e0xmGxFS8ntkDDotuwNoVDwjuK3GxaENqMvdvQXwhKbv6BjkMqoRjwgIRJYFR3uAjbMt5UJ1nwrgM; oc26woi8wlh2=2f20e0e9968c27437485bfe65ea692eb, } Data: []"
01-13 17:34:05:152 [ info sync.networkjob ]:	OCC::ThumbnailJob created for "https://REMOVED-URL-FOR-PRIVACY" + "index.php/apps/files/api/v1/thumbnail/150/150//file-to-be-shared.png" "OCC::ShareDialog"
01-13 17:34:05:152 [ info sync.accessmanager ]:	6 "PROPFIND" "https://REMOVED-URL-FOR-PRIVACY/remote.php/dav/files/martin.privat/file-to-be-shared.png" has X-Request-ID "df4b6da1-3171-471c-919c-04933a056366"
01-13 17:34:05:152 [ debug sync.cookiejar ]	[ OCC::CookieJar::cookiesForUrl ]:	QUrl("https://REMOVED-URL-FOR-PRIVACY/remote.php/dav/files/martin.privat/file-to-be-shared.png") requests: (QNetworkCookie("oc_sessionPassphrase=o6rFY2MFzIpScIZNDyj%2FEvYy0zLW16SI1xeO%2B%2Fb8qkFg6BALYf3e0xmGxFS8ntkDDotuwNoVDwjuK3GxaENqMvdvQXwhKbv6BjkMqoRjwgIRJYFR3uAjbMt5UJ1nwrgM; secure; HttpOnly; domain=REMOVED-URL-FOR-PRIVACY; path=/"), QNetworkCookie("oc26woi8wlh2=2f20e0e9968c27437485bfe65ea692eb; secure; HttpOnly; domain=REMOVED-URL-FOR-PRIVACY; path=/"))
01-13 17:34:05:152 [ info sync.httplogger ]:	"df4b6da1-3171-471c-919c-04933a056366: Request: PROPFIND https://REMOVED-URL-FOR-PRIVACY/remote.php/dav/files/martin.privat/file-to-be-shared.png Header: { Depth: 0, Authorization: Basic [redacted], User-Agent: Mozilla/5.0 (Macintosh) mirall/2.7.4 (build 2934) (ownCloud, osx-18.7.0 ClientArchitecture: x86_64 OsArchitecture: x86_64), Accept: */*, Content-Type: text/xml; charset=utf-8, X-Request-ID: df4b6da1-3171-471c-919c-04933a056366, Content-Length: 261, Cookie: oc_sessionPassphrase=o6rFY2MFzIpScIZNDyj%2FEvYy0zLW16SI1xeO%2B%2Fb8qkFg6BALYf3e0xmGxFS8ntkDDotuwNoVDwjuK3GxaENqMvdvQXwhKbv6BjkMqoRjwgIRJYFR3uAjbMt5UJ1nwrgM; oc26woi8wlh2=2f20e0e9968c27437485bfe65ea692eb, } Data: [<?xml version=\"1.0\" ?>\n<d:propfind xmlns:d=\"DAV:\">\n  <d:prop>\n    <share-permissions xmlns=\"http://open-collaboration-services.org/ns\" />\n    <fileid xmlns=\"http://owncloud.org/ns\" />\n    <privatelink xmlns=\"http://owncloud.org/ns\" />\n  </d:prop>\n</d:propfind>\n]"
01-13 17:34:05:153 [ info sync.networkjob ]:	OCC::PropfindJob created for "https://REMOVED-URL-FOR-PRIVACY" + "/file-to-be-shared.png" ""
01-13 17:34:05:566 [ debug sync.networkjob ]	[ OCC::AbstractNetworkJob::slotFinished ]:	Network job OCC::OcsShareJob finished for "ocs/v1.php/apps/files_sharing/api/v1/shares"
01-13 17:34:05:705 [ info sync.httplogger ]:	"12a1a895-95f1-4bec-998a-97d9d6051bce: Response: GET 200 https://REMOVED-URL-FOR-PRIVACY/index.php/apps/files/api/v1/thumbnail/150/150//file-to-be-shared.png Header: { Content-Type: image/png, Content-Length: 16667, Connection: keep-alive, Keep-Alive: timeout=15, Date: Wed, 13 Jan 2021 16:34:05 GMT, Server: Apache, X-Powered-By: PHP/7.4.14, Expires: Thu, 19 Nov 1981 08:52:00 GMT, Pragma: no-cache, X-XSS-Protection: 1; mode=block, X-Content-Type-Options: nosniff, X-Frame-Options: SAMEORIGIN, X-Robots-Tag: none, X-Download-Options: noopen, X-Permitted-Cross-Domain-Policies: none, Cache-Control: no-cache, no-store, must-revalidate, Content-Security-Policy: default-src 'none';manifest-src 'self';script-src 'self' 'unsafe-eval';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self';connect-src 'self';media-src 'self', Content-Disposition: inline; filename=\"\", } Data: [16667 bytes of image/png data]"
01-13 17:34:05:707 [ debug sync.networkjob ]	[ OCC::AbstractNetworkJob::slotFinished ]:	Network job OCC::ThumbnailJob finished for "index.php/apps/files/api/v1/thumbnail/150/150//file-to-be-shared.png"
01-13 17:34:06:173 [ info sync.httplogger ]:	"df4b6da1-3171-471c-919c-04933a056366: Response: PROPFIND 207 https://REMOVED-URL-FOR-PRIVACY/remote.php/dav/files/martin.privat/file-to-be-shared.png Header: { Content-Type: application/xml; charset=utf-8, Transfer-Encoding: chunked, Connection: keep-alive, Keep-Alive: timeout=15, Date: Wed, 13 Jan 2021 16:34:05 GMT, Server: Apache, X-Powered-By: PHP/7.4.14, Expires: Thu, 19 Nov 1981 08:52:00 GMT, Cache-Control: no-store, no-cache, must-revalidate, Pragma: no-cache, X-XSS-Protection: 1; mode=block, X-Content-Type-Options: nosniff, X-Frame-Options: SAMEORIGIN, X-Robots-Tag: none, X-Download-Options: noopen, X-Permitted-Cross-Domain-Policies: none, Content-Security-Policy: default-src 'none';, Vary: Brief,Prefer, DAV: 1, 3, extended-mkcol, 2, } Data: [<?xml version=\"1.0\"?>\n<d:multistatus xmlns:d=\"DAV:\" xmlns:s=\"http://sabredav.org/ns\" xmlns:oc=\"http://owncloud.org/ns\"><d:response><d:href>/remote.php/dav/files/martin.privat/file-to-be-shared.png</d:href><d:propstat><d:prop><x1:share-permissions xmlns:x1=\"http://open-collaboration-services.org/ns\">19</x1:share-permissions><oc:fileid>112033</oc:fileid><oc:privatelink>https://REMOVED-URL-FOR-PRIVACY/index.php/f/112033</oc:privatelink></d:prop><d:status>HTTP/1.1 200 OK</d:status></d:propstat></d:response></d:multistatus>\n]"
01-13 17:34:06:173 [ info sync.networkjob.propfind ]:	PROPFIND of QUrl("https://REMOVED-URL-FOR-PRIVACY/remote.php/dav/files/martin.privat/file-to-be-shared.png") FINISHED WITH STATUS "OK"
01-13 17:34:06:174 [ info gui.sharing ]:	Received sharing permissions for "/file-to-be-shared.png" QFlags(0x1|0x2|0x10)
01-13 17:34:06:174 [ info gui.sharing ]:	Received private link url for "/file-to-be-shared.png" "https://REMOVED-URL-FOR-PRIVACY/index.php/f/112033"
01-13 17:34:06:177 [ info sync.accessmanager ]:	6 "GET" "https://REMOVED-URL-FOR-PRIVACY/ocs/v1.php/apps/files_sharing/api/v1/shares?path=%2Ffile-to-be-shared.png&reshares=true&format=json" has X-Request-ID "21370bf6-88cf-4a70-aa85-76b163fe20d2"
01-13 17:34:06:177 [ debug sync.cookiejar ]	[ OCC::CookieJar::cookiesForUrl ]:	QUrl("https://REMOVED-URL-FOR-PRIVACY/ocs/v1.php/apps/files_sharing/api/v1/shares?path=%2Ffile-to-be-shared.png&reshares=true&format=json") requests: (QNetworkCookie("oc_sessionPassphrase=o6rFY2MFzIpScIZNDyj%2FEvYy0zLW16SI1xeO%2B%2Fb8qkFg6BALYf3e0xmGxFS8ntkDDotuwNoVDwjuK3GxaENqMvdvQXwhKbv6BjkMqoRjwgIRJYFR3uAjbMt5UJ1nwrgM; secure; HttpOnly; domain=REMOVED-URL-FOR-PRIVACY; path=/"), QNetworkCookie("oc26woi8wlh2=2f20e0e9968c27437485bfe65ea692eb; secure; HttpOnly; domain=REMOVED-URL-FOR-PRIVACY; path=/"))
01-13 17:34:06:177 [ info sync.httplogger ]:	"21370bf6-88cf-4a70-aa85-76b163fe20d2: Request: GET https://REMOVED-URL-FOR-PRIVACY/ocs/v1.php/apps/files_sharing/api/v1/shares?path=%2Ffile-to-be-shared.png&reshares=true&format=json Header: { Ocs-APIREQUEST: true, Content-Type: application/x-www-form-urlencoded, Authorization: Basic [redacted], User-Agent: Mozilla/5.0 (Macintosh) mirall/2.7.4 (build 2934) (ownCloud, osx-18.7.0 ClientArchitecture: x86_64 OsArchitecture: x86_64), Accept: */*, X-Request-ID: 21370bf6-88cf-4a70-aa85-76b163fe20d2, Content-Length: 0, Cookie: oc_sessionPassphrase=o6rFY2MFzIpScIZNDyj%2FEvYy0zLW16SI1xeO%2B%2Fb8qkFg6BALYf3e0xmGxFS8ntkDDotuwNoVDwjuK3GxaENqMvdvQXwhKbv6BjkMqoRjwgIRJYFR3uAjbMt5UJ1nwrgM; oc26woi8wlh2=2f20e0e9968c27437485bfe65ea692eb, } Data: []"
01-13 17:34:06:177 [ info sync.networkjob ]:	OCC::OcsShareJob created for "https://REMOVED-URL-FOR-PRIVACY" + "ocs/v1.php/apps/files_sharing/api/v1/shares" ""
01-13 17:34:06:181 [ info sync.accessmanager ]:	6 "GET" "https://REMOVED-URL-FOR-PRIVACY/ocs/v1.php/apps/files_sharing/api/v1/shares?path=%2Ffile-to-be-shared.png&reshares=true&format=json" has X-Request-ID "dc9f5b80-adaa-462d-a773-459bd6d72fe0"
01-13 17:34:06:181 [ debug sync.cookiejar ]	[ OCC::CookieJar::cookiesForUrl ]:	QUrl("https://REMOVED-URL-FOR-PRIVACY/ocs/v1.php/apps/files_sharing/api/v1/shares?path=%2Ffile-to-be-shared.png&reshares=true&format=json") requests: (QNetworkCookie("oc_sessionPassphrase=o6rFY2MFzIpScIZNDyj%2FEvYy0zLW16SI1xeO%2B%2Fb8qkFg6BALYf3e0xmGxFS8ntkDDotuwNoVDwjuK3GxaENqMvdvQXwhKbv6BjkMqoRjwgIRJYFR3uAjbMt5UJ1nwrgM; secure; HttpOnly; domain=REMOVED-URL-FOR-PRIVACY; path=/"), QNetworkCookie("oc26woi8wlh2=2f20e0e9968c27437485bfe65ea692eb; secure; HttpOnly; domain=REMOVED-URL-FOR-PRIVACY; path=/"))
01-13 17:34:06:181 [ info sync.httplogger ]:	"dc9f5b80-adaa-462d-a773-459bd6d72fe0: Request: GET https://REMOVED-URL-FOR-PRIVACY/ocs/v1.php/apps/files_sharing/api/v1/shares?path=%2Ffile-to-be-shared.png&reshares=true&format=json Header: { Ocs-APIREQUEST: true, Content-Type: application/x-www-form-urlencoded, Authorization: Basic [redacted], User-Agent: Mozilla/5.0 (Macintosh) mirall/2.7.4 (build 2934) (ownCloud, osx-18.7.0 ClientArchitecture: x86_64 OsArchitecture: x86_64), Accept: */*, X-Request-ID: dc9f5b80-adaa-462d-a773-459bd6d72fe0, Content-Length: 0, Cookie: oc_sessionPassphrase=o6rFY2MFzIpScIZNDyj%2FEvYy0zLW16SI1xeO%2B%2Fb8qkFg6BALYf3e0xmGxFS8ntkDDotuwNoVDwjuK3GxaENqMvdvQXwhKbv6BjkMqoRjwgIRJYFR3uAjbMt5UJ1nwrgM; oc26woi8wlh2=2f20e0e9968c27437485bfe65ea692eb, } Data: []"
01-13 17:34:06:181 [ info sync.networkjob ]:	OCC::OcsShareJob created for "https://REMOVED-URL-FOR-PRIVACY" + "ocs/v1.php/apps/files_sharing/api/v1/shares" ""
01-13 17:34:06:183 [ debug sync.networkjob ]	[ OCC::AbstractNetworkJob::slotFinished ]:	Network job OCC::PropfindJob finished for "/file-to-be-shared.png"
01-13 17:34:06:515 [ info sync.httplogger ]:	"dc9f5b80-adaa-462d-a773-459bd6d72fe0: Response: GET 200 https://REMOVED-URL-FOR-PRIVACY/ocs/v1.php/apps/files_sharing/api/v1/shares?path=%2Ffile-to-be-shared.png&reshares=true&format=json Header: { Content-Type: application/json; charset=utf-8, Content-Length: 128, Connection: keep-alive, Keep-Alive: timeout=15, Date: Wed, 13 Jan 2021 16:34:06 GMT, Server: Apache, X-Powered-By: PHP/7.4.14, Expires: Thu, 19 Nov 1981 08:52:00 GMT, Pragma: no-cache, X-XSS-Protection: 1; mode=block, X-Content-Type-Options: nosniff, X-Frame-Options: SAMEORIGIN, X-Robots-Tag: none, X-Download-Options: noopen, X-Permitted-Cross-Domain-Policies: none, Cache-Control: no-cache, no-store, must-revalidate, Content-Security-Policy: default-src 'none';manifest-src 'self';script-src 'self' 'unsafe-eval';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self';connect-src 'self';media-src 'self', } Data: [{\"ocs\":{\"meta\":{\"status\":\"failure\",\"statuscode\":996,\"message\":\"CSRF check failed\",\"totalitems\":\"\",\"itemsperpage\":\"\"},\"data\":[]}}]"
01-13 17:34:06:515 [ warning gui.sharing.ocs ]:	Reply to "GET" QUrl("https://REMOVED-URL-FOR-PRIVACY/ocs/v1.php/apps/files_sharing/api/v1/shares") (QPair("path","/file-to-be-shared.png"), QPair("reshares","true")) has unexpected status code: 996 "{\"ocs\":{\"meta\":{\"status\":\"failure\",\"statuscode\":996,\"message\":\"CSRF check failed\",\"totalitems\":\"\",\"itemsperpage\":\"\"},\"data\":[]}}"
01-13 17:34:06:515 [ warning gui.sharing ]:	Error from server 996 "CSRF check failed"
01-13 17:34:06:516 [ debug sync.networkjob ]	[ OCC::AbstractNetworkJob::slotFinished ]:	Network job OCC::OcsShareJob finished for "ocs/v1.php/apps/files_sharing/api/v1/shares"
01-13 17:34:06:642 [ debug gui.account.state ]	[ OCC::AccountState::checkConnectivity ]:	"martin.privat@REMOVED-URL-FOR-PRIVACY" The last ETag check succeeded within the last  30  secs. No connection check needed!
01-13 17:34:06:675 [ info sync.httplogger ]:	"21370bf6-88cf-4a70-aa85-76b163fe20d2: Response: GET 200 https://REMOVED-URL-FOR-PRIVACY/ocs/v1.php/apps/files_sharing/api/v1/shares?path=%2Ffile-to-be-shared.png&reshares=true&format=json Header: { Content-Type: application/json; charset=utf-8, Content-Length: 128, Connection: keep-alive, Keep-Alive: timeout=15, Date: Wed, 13 Jan 2021 16:34:06 GMT, Server: Apache, X-Powered-By: PHP/7.4.14, Expires: Thu, 19 Nov 1981 08:52:00 GMT, Pragma: no-cache, X-XSS-Protection: 1; mode=block, X-Content-Type-Options: nosniff, X-Frame-Options: SAMEORIGIN, X-Robots-Tag: none, X-Download-Options: noopen, X-Permitted-Cross-Domain-Policies: none, Cache-Control: no-cache, no-store, must-revalidate, Content-Security-Policy: default-src 'none';manifest-src 'self';script-src 'self' 'unsafe-eval';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self';connect-src 'self';media-src 'self', } Data: [{\"ocs\":{\"meta\":{\"status\":\"failure\",\"statuscode\":996,\"message\":\"CSRF check failed\",\"totalitems\":\"\",\"itemsperpage\":\"\"},\"data\":[]}}]"
01-13 17:34:06:675 [ warning gui.sharing.ocs ]:	Reply to "GET" QUrl("https://REMOVED-URL-FOR-PRIVACY/ocs/v1.php/apps/files_sharing/api/v1/shares") (QPair("path","/file-to-be-shared.png"), QPair("reshares","true")) has unexpected status code: 996 "{\"ocs\":{\"meta\":{\"status\":\"failure\",\"statuscode\":996,\"message\":\"CSRF check failed\",\"totalitems\":\"\",\"itemsperpage\":\"\"},\"data\":[]}}"
01-13 17:34:06:675 [ warning gui.sharing ]:	Sharing error from server 996 "CSRF check failed"
01-13 17:34:06:675 [ debug sync.networkjob ]	[ OCC::AbstractNetworkJob::slotFinished ]:	Network job OCC::OcsShareJob finished for "ocs/v1.php/apps/files_sharing/api/v1/shares"

dmitry · January 13, 2021, 11:51pm

it does

01-13 17:34:06:177 [ info sync.httplogger ]:	
"21370bf6-88cf-4a70-aa85-76b163fe20d2: 
Request: GET https://REMOVED-URL-FOR-PRIVACY/
ocs/v1.php/apps/files_sharing/api/v1/
shares?path=%2Ffile-to-be-shared.png&r
eshares=true&format=json 
Header: { Ocs-APIREQUEST: true, 
Content-Type: application/x-www-form-urlencoded, 
Authorization: Basic [redacted]

dmitry · January 14, 2021, 12:02am

this is wrong imho. Copy public link should do exactly that, copy the link so you can paste it and get to the file. It does it for me on my installation.

The sharing window is opened only when I click on share.

corby · January 14, 2021, 8:39am

The sharing window is opened only when I click on share.

I don’t know why I didn’t try that yesterday but this did it for me…
Now, I can reproduce the issue and will dig into the code! Thanks!

mackerl · January 14, 2021, 9:44am

Thank you! FYI I also posted this on GitHub: https://github.com/owncloud/core/issues/38287

corby · January 15, 2021, 2:24pm

Solution here so you don’t have to switch to GitHub.
If you are using Apache then look if the mod_rewrite module is enabled and your virtual host has AllowOverride All configured.

dmitry · January 17, 2021, 11:21pm

this is also documented in our installation guide.

mackerl · January 29, 2021, 8:37am

My hosting support ensured me that mod_rewrite ist enabled and AllowOverride All is configured.

Still I get the CSRF error - on a brand new clean install.

Could you please take another look into the changes in 10.6 that trigger this error?
Would be much appreciated.

degol · January 29, 2021, 1:46pm

I’m experiencing this same issue, just started recently. Also on 10.6. I can confirm mod_rewrite is enabled.

mbrando · March 3, 2021, 10:19pm

Hello,
I just upgraded to v10.6.0.5 of owncloud. Desktop sync is 2.7.5 on Big Sur 11.2.2. I did not have this CRC check fail when sharing on 10.4.x.

jnweiger · March 11, 2021, 12:05pm

I just had the same issue in 10.7.0-beta2 - mod rewrite was missing in my setup.
a2enmod rewrite
and then
service apache2 restart
fixed it for me.

mbrando · March 12, 2021, 1:04pm

Mod_rewrite is enabled on my server.

root [/]# httpd -M|grep rewrite
rewrite_module (shared)

tom42 · March 12, 2021, 7:35pm

Hey,

i have searched a little bit if this had been reported to the ownCloud team and found the issue which i’m linking below. There i have found various posts about wrong server configurations or e.g. something called mod_security which could be responsible for your problem.