CSRF check failed when trying to share files

Hello,

After much googling and much testing. I determined that my configuration has all of the correct Apache settings. I check required modules and PHP extensions etc.

I was still stuck with CSRF check failed on desktop clients when trying to share folders or files.

I read here that it seems like Apache was not passing the headers correctly. However, all of the setting were in place to allow for headers to pass so why would they not pass??

They were not passing due to how the .htaccess files was using if statements to logically apply specific header setting based on available modules. This is fine for base installations. However, on cPanel many of these module while installed and functioning do not present correctly in the .htaccess logic.

in htaccess file after the last /IfModule
“#### DO NOT CHANGE ANYTHING ABOVE THIS LINE ####”

I copied the this:
SetEnvIfNoCase ^Authorization$ “(.+)” XAUTHORIZATION=$1
RequestHeader set XAuthorization %{XAUTHORIZATION}e env=XAUTHORIZATION

from the IfModule mod_fcgid.c section and pasted it into to the area below the “#### DO NOT CHANGE ANYTHING ABOVE THIS LINE ####” line.

Now it works. I’m no longer receiving the CSRF check failure.

I’m thinking this fix is unique to cPanel servers and may even be unique to my cpanel server.

Hope this helps some else here.

3 Likes