CSRF check failed when trying to share files

Hello,

Thanks I checked my server and Mod_security is disabled.

Info: ModSecurity is not enabled on your server.

Not sure what to look at next.

  • Mike

Hey,

i would check the whole linked issue as i think that not only mod_security was mentioned there as a reason.

Hello,

After much googling and much testing. I determined that my configuration has all of the correct Apache settings. I check required modules and PHP extensions etc.

I was still stuck with CSRF check failed on desktop clients when trying to share folders or files.

I read here that it seems like Apache was not passing the headers correctly. However, all of the setting were in place to allow for headers to pass so why would they not pass??

They were not passing due to how the .htaccess files was using if statements to logically apply specific header setting based on available modules. This is fine for base installations. However, on cPanel many of these module while installed and functioning do not present correctly in the .htaccess logic.

in htaccess file after the last /IfModule
“#### DO NOT CHANGE ANYTHING ABOVE THIS LINE ####”

I copied the this:
SetEnvIfNoCase ^Authorization$ “(.+)” XAUTHORIZATION=$1
RequestHeader set XAuthorization %{XAUTHORIZATION}e env=XAUTHORIZATION

from the IfModule mod_fcgid.c section and pasted it into to the area below the “#### DO NOT CHANGE ANYTHING ABOVE THIS LINE ####” line.

Now it works. I’m no longer receiving the CSRF check failure.

I’m thinking this fix is unique to cPanel servers and may even be unique to my cpanel server.

Hope this helps some else here.

2 Likes

I can confirm, this solves the problem! Thank you! :clap:
Maybe the developers can fix this in the next release.

1 Like

Yes, or at least run this down to see why its related to the htaccess file and above changes to it.

1 Like

Are there any other ideas what could cause this? I’ve also been experiencing since the update to 10.6. I have no header changing going on in the .htaccess file. I can also confirm mod rewrite is enabled. I’m not sure what else could be causing this. No cPanel either in my case, dedicated owncloud server.