Error CSRF check failed logout from web intreface All Navigator on OVH Web hosting

ocussac · August 18, 2017, 11:16am

Steps to reproduce

1.Connect to the owncloud platform via web interface
2.Disconnect session from the logout link
3.

Expected behaviour

When I click on the logout link, the session should be destroy and redirect to the authentification page

Actual behaviour

The disconnect display the error : Deny access - CSRF check failed Expected behaviour

Server configuration

Operating system: Linux OVH Shared web hosting

Web server: Apache/2.4.

Database: Mysql

PHP version: 7.0

ownCloud version: 10.0.2

Updated from an older ownCloud or fresh install: Fresh install

Where did you install ownCloud from: Php ownCloud install page on shared web hosting

Signing status (ownCloud 9.0 and above): No errors have

Login as admin user into your ownCloud and access 
http://example.com/index.php/settings/integrity/failed 
paste the results into https://gist.github.com/ and puth the link here
anonymous/gist:c7b5783d5019d34151b7a2f67ed1df50

The content of config/config.php:
<?php
$CONFIG = array (
'instanceid' => 'ocouig20l6zz',
'passwordsalt' => 'hkkaeQltxvDP/A0DIb4S3dM6B6KbGL',
'secret' => 'UYlec4DTo1XylbhRD69kDr6c5DcEIoMVBK6LB+WqYn5axr1x',
'trusted_domains' => array (
0 => 'cloud.pensora.fr',
),
'datadirectory' => '/home/pensorafgn/wwwown/data',
'overwrite.cli.url' => 'https://cloud.pensora.fr',
'dbtype' => 'mysql',
'version' => '10.0.2.1',
'dbname' => '****************,
'dbhost' => '*****************',
'dbtableprefix' => 'oc_',
'dbuser' => '************',
'dbpassword' => '***************',
'logtimezone' => 'UTC',
'installed' => true,
'session_lifetime' => 60,

);

Log in to the web-UI with an administrator account and click on
'admin' -> 'Generate Config Report' -> 'Download ownCloud config report'
This report includes the config.php settings, the list of activated apps
and other details in a well sanitized form.

or 

If you have access to your command line run e.g.:
sudo -u www-data php occ config:list system
from within your ownCloud installation folder

*ATTENTION:* Do not post your config.php file in public as is. Please use one of the above
methods whenever possible. Both, the generated reports from the web-ui and from occ config:list
consistently remove sensitive data. You still may want to review the report before sending.
If done manually then it is critical for your own privacy to dilligently
remove *all* host names, passwords, usernames, salts and other credentials before posting.
You should assume that attackers find such information and will use them against your systems.

List of activated apps: none additional

If you have access to your command line run e.g.:
sudo -u www-data php occ app:list
from within your ownCloud installation folder.

Are you using external storage, if yes which one: No...

Are you using encryption: no

Are you using an external user-backend, if yes which one: No...

Client configuration

Browser: Firefox & Chrome

Operating system: Windows 8.1

Logs

Web server error log

"

78.231.132.89 cloud.pensora.fr - [18/Aug/2017:10:35:46 +0200] "GET /cron.php HTTP/1.1" 200 20 "-" "Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.101 Safari/537.36"
78.231.132.89 cloud.pensora.fr - [18/Aug/2017:10:35:46 +0200] "GET /ocs/v2.php/apps/notifications/api/v1/notifications?format=json HTTP/1.1" 200 74 "-" "Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.101 Safari/537.36"
78.231.132.89 cloud.pensora.fr - [18/Aug/2017:10:35:46 +0200] "GET /index.php/avatar/Tests-OC/42 HTTP/1.1" 200 35 "-" "Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.101 Safari/537.36"
78.231.132.89 cloud.pensora.fr - [18/Aug/2017:10:35:46 +0200] "PROPFIND /remote.php/webdav/ HTTP/1.1" 207 4885 "-" "Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.101 Safari/537.36"
78.231.132.89 cloud.pensora.fr - [18/Aug/2017:10:35:46 +0200] "PROPFIND /remote.php/webdav/ HTTP/1.1" 207 4885 "-" "Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.101 Safari/537.36"
78.231.132.89 cloud.pensora.fr - [18/Aug/2017:10:35:47 +0200] "GET /index.php/avatar/Tests-OC/42 HTTP/1.1" 200 35 "-" "Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.101 Safari/537.36"
78.231.132.89 cloud.pensora.fr - [18/Aug/2017:10:35:47 +0200] "GET /index.php/apps/files/ajax/getstoragestats.php?dir=%2F HTTP/1.1" 200 185 "-" "Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.101 Safari/537.36"
78.231.132.89 cloud.pensora.fr - [18/Aug/2017:10:35:47 +0200] "GET /index.php/avatar/Tests-OC/42 HTTP/1.1" 200 35 "-" "Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.101 Safari/537.36"
78.231.132.89 cloud.pensora.fr - [18/Aug/2017:10:36:13 +0200] "GET /ocs/v2.php/apps/notifications/api/v1/notifications?format=json HTTP/1.1" 200 74 "-" "Mozilla/5.0 (Windows NT 6.3; WOW64; rv:54.0) Gecko/20100101 Firefox/54.0"
78.231.132.89 cloud.pensora.fr - [18/Aug/2017:10:36:16 +0200] "GET /ocs/v2.php/apps/notifications/api/v1/notifications?format=json HTTP/1.1" 200 74 "-" "Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.101 Safari/537.36"
78.231.132.89 cloud.pensora.fr - [18/Aug/2017:10:36:18 +0200] "GET /index.php/logout?requesttoken=PxU2NFZmBAAiKAh/LB0LWAV0Ny1TAiI9NQkMBSE2EjE%3D%3ATfDm1ImMigyOkWG0F1ml6GkPDeKmiQByz/BSGJTkHKs%3D HTTP/1.1" 302 295 "-" "Mozilla/5.0 (Windows NT 6.3; WOW64; rv:54.0) Gecko/20100101 Firefox/54.0"
78.231.132.89 cloud.pensora.fr - [18/Aug/2017:10:36:18 +0200] "GET /index.php/logout?requesttoken=PxU2NFZmBAAiKAh/LB0LWAV0Ny1TAiI9NQkMBSE2EjE%253D%253ATfDm1ImMigyOkWG0F1ml6GkPDeKmiQByz/BSGJTkHKs%253D HTTP/1.1" 412 1613 "-" "Mozilla/5.0 (Windows NT 6.3; WOW64; rv:54.0) Gecko/20100101 Firefox/54.0"
78.231.132.89 cloud.pensora.fr - [18/Aug/2017:10:36:19 +0200] "GET /index.php/core/js/oc.js?v=e81ad89ccd551814ed7c72139b5cf64d HTTP/1.1" 200 1147 "-" "Mozilla/5.0 (Windows NT 6.3; WOW64; rv:54.0) Gecko/20100101 Firefox/54.0"
78.231.132.89 cloud.pensora.fr - [18/Aug/2017:10:36:19 +0200] "GET /core/img/background.jpg HTTP/1.1" 200 133536 "-" "Mozilla/5.0 (Windows NT 6.3; WOW64; rv:54.0) Gecko/20100101 Firefox/54.0"
78.231.132.89 cloud.pensora.fr - [18/Aug/2017:10:36:19 +0200] "GET /core/img/logo-icon.svg HTTP/1.1" 304 - "-" "Mozilla/5.0 (Windows NT 6.3; WOW64; rv:54.0) Gecko/20100101 Firefox/54.0"
78.231.132.89 cloud.pensora.fr - [18/Aug/2017:10:36:19 +0200] "GET /apps/notifications/img/notifications.svg HTTP/1.1" 304 - "-" "Mozilla/5.0 (Windows NT 6.3; WOW64; rv:54.0) Gecko/20100101 Firefox/54.0"
78.231.132.89 cloud.pensora.fr - [18/Aug/2017:10:36:19 +0200] "GET /cron.php HTTP/1.1" 200 20 "-" "Mozilla/5.0 (Windows NT 6.3; WOW64; rv:54.0) Gecko/20100101 Firefox/54.0"
78.231.132.89 cloud.pensora.fr - [18/Aug/2017:10:36:19 +0200] "GET /ocs/v2.php/apps/notifications/api/v1/notifications?format=json HTTP/1.1" 200 74 "-" "Mozilla/5.0 (Windows NT 6.3; WOW64; rv:54.0) Gecko/20100101 Firefox/54.0"
78.231.132.89 cloud.pensora.fr - [18/Aug/2017:10:36:31 +0200] "GET / HTTP/1.1" 302 25 "-" "Mozilla/5.0 (Windows NT 6.3; WOW64; rv:54.0) Gecko/20100101 Firefox/54.0"
78.231.132.89 cloud.pensora.fr - [18/Aug/2017:10:36:31 +0200] "GET /index.php/apps/files/ HTTP/1.1" 302 199 "-" "Mozilla/5.0 (Windows NT 6.3; WOW64; rv:54.0) Gecko/20100101 Firefox/54.0"
78.231.132.89 cloud.pensora.fr - [18/Aug/2017:10:36:31 +0200] "GET /index.php/apps/files/ HTTP/1.1" 200 4767 "-" "Mozilla/5.0 (Windows NT 6.3; WOW64; rv:54.0) Gecko/20100101 Firefox/54.0"
78.231.132.89 cloud.pensora.fr - [18/Aug/2017:10:36:32 +0200] "GET /index.php/core/js/oc.js?v=e81ad89ccd551814ed7c72139b5cf64d HTTP/1.1" 200 1147 "-" "Mozilla/5.0 (Windows NT 6.3; WOW64; rv:54.0) Gecko/20100101 Firefox/54.0"
78.231.132.89 cloud.pensora.fr - [18/Aug/2017:10:36:32 +0200] "GET /settings/img/admin.svg HTTP/1.1" 304 - "-" "Mozilla/5.0 (Windows NT 6.3; WOW64; rv:54.0) Gecko/20100101 Firefox/54.0"
78.231.132.89 cloud.pensora.fr - [18/Aug/2017:10:36:32 +0200] "GET /settings/img/help.svg HTTP/1.1" 304 - "-" "Mozilla/5.0 (Windows NT 6.3; WOW64; rv:54.0) Gecko/20100101 Firefox/54.0"
78.231.132.89 cloud.pensora.fr - [18/Aug/2017:10:36:32 +0200] "GET /core/img/actions/logout.svg HTTP/1.1" 304 - "-" "Mozilla/5.0 (Windows NT 6.3; WOW64; rv:54.0) Gecko/20100101 Firefox/54.0"
78.231.132.89 cloud.pensora.fr - [18/Aug/2017:10:36:32 +0200] "GET /apps/files/img/app.svg HTTP/1.1" 304 - "-" "Mozilla/5.0 (Windows NT 6.3; WOW64; rv:54.0) Gecko/20100101 Firefox/54.0"
78.231.132.89 cloud.pensora.fr - [18/Aug/2017:10:36:32 +0200] "GET /apps/files/img/folder.svg HTTP/1.1" 304 - "-" "Mozilla/5.0 (Windows NT 6.3; WOW64; rv:54.0) Gecko/20100101 Firefox/54.0"
78.231.132.89 cloud.pensora.fr - [18/Aug/2017:10:36:32 +0200] "GET /settings/img/users.svg HTTP/1.1" 304 - "-" "Mozilla/5.0 (Windows NT 6.3; WOW64; rv:54.0) Gecko/20100101 Firefox/54.0"
78.231.132.89 cloud.pensora.fr - [18/Aug/2017:10:36:32 +0200] "GET /cron.php HTTP/1.1" 200 20 "-" "Mozilla/5.0 (Windows NT 6.3; WOW64; rv:54.0) Gecko/20100101 Firefox/54.0"
78.231.132.89 cloud.pensora.fr - [18/Aug/2017:10:36:32 +0200] "GET /ocs/v2.php/apps/notifications/api/v1/notifications?format=json HTTP/1.1" 200 74 "-" "Mozilla/5.0 (Windows NT 6.3; WOW64; rv:54.0) Gecko/20100101 Firefox/54.0"
78.231.132.89 cloud.pensora.fr - [18/Aug/2017:10:36:32 +0200] "GET /core/img/actions/search-white.svg HTTP/1.1" 304 - "-" "Mozilla/5.0 (Windows NT 6.3; WOW64; rv:54.0) Gecko/20100101 Firefox/54.0"
78.231.132.89 cloud.pensora.fr - [18/Aug/2017:10:36:32 +0200] "GET /apps/market/img/market.svg HTTP/1.1" 304 - "-" "Mozilla/5.0 (Windows NT 6.3; WOW64; rv:54.0) Gecko/20100101 Firefox/54.0"



#### ownCloud log (data/owncloud.log)

I{"reqId":"WZWxgQoUFBkAABrhehAAAAA3","level":3,"time":"2017-08-17T15:08:50+00:00","remoteAddr":"78.231.132.89","user":"--","app":"PHP","method":"GET","url":"\/","message":"chmod(): No such file or directory at \/home\/pensorafgn\/wwwown\/lib\/private\/Log\/Owncloud.php#122"}
{"reqId":"WZWzfgoUFBkAABrhhFMAAAAf","level":3,"time":"2017-08-17T15:17:18+00:00","remoteAddr":"78.231.132.89","user":"--","app":"PHP","method":"POST","url":"\/index.php","message":"Zend OPcache API is restricted by \"restrict_api\" configuration directive at \/home\/pensorafgn\/wwwown\/lib\/private\/legacy\/util.php#1349"}
{"reqId":"WZWzfgoUFBkAABrhhFMAAAAf","level":3,"time":"2017-08-17T15:17:18+00:00","remoteAddr":"78.231.132.89","user":"--","app":"PHP","method":"POST","url":"\/index.php","message":"Zend OPcache API is restricted by \"restrict_api\" configuration directive at \/home\/pensorafgn\/wwwown\/lib\/private\/legacy\/util.php#1349"}
{"reqId":"WZW25goUFBkAABrhls0AAAAn","level":3,"time":"2017-08-17T15:31:51+00:00","remoteAddr":"78.231.132.89","user":"--","app":"PHP","method":"POST","url":"\/index.php","message":"Zend OPcache API is restricted by \"restrict_api\" configuration directive at \/home\/pensorafgn\/wwwown\/lib\/private\/legacy\/util.php#1349"}
{"reqId":"WZW25goUFBkAABrhls0AAAAn","level":3,"time":"2017-08-17T15:31:51+00:00","remoteAddr":"78.231.132.89","user":"--","app":"PHP","method":"POST","url":"\/index.php","message":"Zend OPcache API is restricted by \"restrict_api\" configuration directive at \/home\/pensorafgn\/wwwown\/lib\/private\/legacy\/util.php#1349"}
{"reqId":"WZW25goUFBkAABrhls0AAAAn","level":3,"time":"2017-08-17T15:31:52+00:00","remoteAddr":"78.231.132.89","user":"--","app":"mysql.setup","method":"POST","url":"\/index.php","message":"Specific user creation failed: An exception occurred while executing 'SELECT user FROM mysql.user WHERE user=?' with params [\"oc_Admin-cloud\"]:\n\nSQLSTATE[42000]: Syntax error or access violation: 1142 SELECT command denied to user 'pensorafgnadmin'@'10.2.100.25' for table 'user'"}
{"reqId":"WZW25goUFBkAABrhls0AAAAn","level":3,"time":"2017-08-17T15:31:52+00:00","remoteAddr":"78.231.132.89","user":"--","app":"PHP","method":"POST","url":"\/index.php","message":"Zend OPcache API is restricted by \"restrict_api\" configuration directive at \/home\/pensorafgn\/wwwown\/lib\/private\/legacy\/util.php#1349"}
{"reqId":"WZW25goUFBkAABrhls0AAAAn","level":3,"time":"2017-08-17T15:31:55+00:00","remoteAddr":"78.231.132.89","user":"--","app":"PHP","method":"POST","url":"\/index.php","message":"Zend OPcache API is restricted by \"restrict_api\" configuration directive at \/home\/pensorafgn\/wwwown\/lib\/private\/legacy\/util.php#1349"}
{"reqId":"WZW25goUFBkAABrhls0AAAAn","level":3,"time":"2017-08-17T15:31:55+00:00","remoteAddr":"78.231.132.89","user":"--","app":"PHP","method":"POST","url":"\/index.php","message":"Zend OPcache API is restricted by \"restrict_api\" configuration directive at \/home\/pensorafgn\/wwwown\/lib\/private\/legacy\/util.php#1349"}
{"reqId":"WZW3KwoUFBkAABrhmA4AAAAt","level":2,"time":"2017-08-17T15:33:00+00:00","remoteAddr":"78.231.132.89","user":"--","app":"core","method":"POST","url":"\/index.php\/login?redirect_url=%252Findex.php%252Fapps%252Ffiles%252F","message":"Login failed: 'Admin-cloud' (Remote IP: '78.231.132.89')"}
{"reqId":"WZaKuQoUFAsAAGqWvXQAAAAo","level":4,"time":"2017-08-18T06:35:38+00:00","remoteAddr":"78.231.132.89","user":"Admin-cloud","app":"webdav","method":"DELETE","url":"\/remote.php\/webdav\/Photos\/Squirrel.jpg","message":"Exception: {\"Message\":\"An exception occurred while executing 'INSERT INTO oc_filecache (mimepart,mimetype,mtime,size,etag,storage_mtime,permissions,checksum,path_hash,path,parent,name,storage) SELECT ?,?,?,?,?,?,?,?,?,?,?,?,? FROMoc_filecacheWHEREstorage= ? ANDpath_hash= ? HAVING COUNT(*) = 0' with params [\\\"1\\\", \\\"2\\\", 1503038138, -1, \\\"59968aba22b25\\\", 1503038138, 31, \\\"\\\", \\\"fb66dca5f27af6f15c1d1d81e6f8d28b\\\", \\\"files_trashbin\\\", 1, \\\"files_trashbin\\\", 1, 1, \\\"fb66dca5f27af6f15c1d1d81e6f8d28b\\\"]:\\n\\nSQLSTATE[23000]: Integrity constraint violation: 1062 Duplicate entry '1-fb66dca5f27af6f15c1d1d81e6f8d28b' for key 'fs_storage_path_hash'\",\"Exception\":\"Doctrine\\\\DBAL\\\\Exception\\\\UniqueConstraintViolationException\",\"Code\":0,\"Trace\":\"#0 \\\/home\\\/pensorafgn\\\/wwwown\\\/lib\\\/composer\\\/doctrine\\\/dbal\\\/lib\\\/Doctrine\\\/DBAL\\\/DBALException.php(128): Doctrine\\\\DBAL\\\\Driver\\\\AbstractMySQLDriver->convertException('An exception oc...', Object(Doctrine\\\\DBAL\\\\Driver\\\\PDOException))\\n#1 \\\/home\\\/pensorafgn\\\/wwwown\\\/lib\\\/composer\\\/doctrine\\\/dbal\\\/lib\\\/Doctrine\\\/DBAL\\\/Connection.php(1015): Doctrine\\\\DBAL\\\\DBALException::driverExceptionDuringQuery(Object(Doctrine\\\\DBAL\\\\Driver\\\\PDOMySql\\\\Driver), Object(Doctrine\\\\DBAL\\\\Driver\\\\PDOException), 'INSERT INTOoc...', Array)\\n#2 \\\/home\\\/pensorafgn\\\/wwwown\\\/lib\\\/private\\\/DB\\\/Connection.php(211): Doctrine\\\\DBAL\\\\Connection->executeUpdate('INSERT INTOoc...', Array, Array)\\n#3 \\\/home\\\/pensorafgn\\\/wwwown\\\/lib\\\/private\\\/DB\\\/Adapter.php(113): OC\\\\DB\\\\Connection->executeUpdate('INSERT INTO`oc...', Array)\n#4 \\/home\\/pensorafgn\\/wwwown\\/lib\\/private\\/DB\\/Connection.php(249): OC\\DB\\Adapter->insertIfNotExist('PREFIXfilecac...', Array, Array)\n#5 \\/home\\/pensorafgn\\/wwwown\\/lib\\/private\\/Files\\/Cache\\/Cache.php(263): OC\\DB\\Connection->insertIfNotExist('PREFIXfilecac...', Array, Array)\n#6 \\/home\\/pensorafgn\\/wwwown\\/lib\\/private\\/Files\\/Cache\\/Cache.php(220): OC\\Files\\Cache\\Cache->insert('files_trashbin', Array)\n#7 \\/home\\/pensorafgn\\/wwwown\\/lib\\/private\\/Files\\/Cache\\/Scanner.php(266): OC\\Files\\Cache\\Cache->put('files_trashbin', Array)\n#8 \\/home\\/pensorafgn\\/wwwown\\/lib\\/private\\/Files\\/Cache\\/Scanner.php(206): OC\\Files\\Cache\\Scanner->addToCache('files_trashbin', Array, -1)\n#9 \\/home\\/pensorafgn\\/wwwown\\/lib\\/private\\/Files\\/Cache\\/Scanner.php(309): OC\\Files\\Cache\\Scanner->scanFile('files_trashbin', 3, '1', false, false)\n#10 \\/home\\/pensorafgn\\/wwwown\\/lib\\/private\\/Files\\/Cache\\/Updater.php(124): OC\\Files\\Cache\\Scanner->scan('files_trashbin', false, 3, false)\n#11 \\/home\\/pensorafgn\\/wwwown\\/lib\\/private\\/Files\\/View.php(314): OC\\Files\\Cache\\Updater->update('files_trashbin', 1503038138)\n#12 \\/home\\/pensorafgn\\/wwwown\\/lib\\/private\\/Files\\/View.php(1138): OC\\Files\\View->writeUpdate(Object(OCA\\Files_Trashbin\\Storage), 'files_trashbin')\n#13 \\/home\\/pensorafgn\\/wwwown\\/lib\\/private\\/Files\\/View.php(262): OC\\Files\\View->basicOperation('mkdir', '\\/files_trashbin', Array)\n#14 \\/home\\/pensorafgn\\/wwwown\\/apps\\/files_trashbin\\/lib\\/Trashbin.php(150): OC\\Files\\View->mkdir('files_trashbin')\n#15 \\/home\\/pensorafgn\\/wwwown\\/apps\\/files_trashbin\\/lib\\/Trashbin.php(250): OCA\\Files_Trashbin\\Trashbin::setUpTrash('Admin-cloud')\n#16 \\/home\\/pensorafgn\\/wwwown\\/apps\\/files_trashbin\\/lib\\/Storage.php(185): OCA\\Files_Trashbin\\Trashbin::move2trash('Photos\\/Squirrel...')\n#17 \\/home\\/pensorafgn\\/wwwown\\/apps\\/files_trashbin\\/lib\\/Storage.php(120): OCA\\Files_Trashbin\\Storage->doDelete('files\\/Photos\\/Sq...', 'unlink')\n#18 \\/home\\/pensorafgn\\/wwwown\\/lib\\/private\\/Files\\/View.php(1123): OCA\\Files_Trashbin\\Storage->unlink('files\\/Photos\\/Sq...')\n#19 \\/home\\/pensorafgn\\/wwwown\\/lib\\/private\\/Files\\/View.php(693): OC\\Files\\View->basicOperation('unlink', '\\/Photos\\/Squirre...', Array)\n#20 \\/home\\/pensorafgn\\/wwwown\\/apps\\/dav\\/lib\\/Connector\\/Sabre\\/File.php(346): OC\\Files\\View->unlink('\\/Photos\\/Squirre...')\n#21 \\/home\\/pensorafgn\\/wwwown\\/lib\\/composer\\/sabre\\/dav\\/lib\\/DAV\\/Tree.php(179): OCA\\DAV\\Connector\\Sabre\\File->delete()\n#22 \\/home\\/pensorafgn\\/wwwown\\/lib\\/composer\\/sabre\\/dav\\/lib\\/DAV\\/CorePlugin.php(287): Sabre\\DAV\\Tree->delete('Photos\\/Squirrel...')\n#23 [internal function]: Sabre\\DAV\\CorePlugin->httpDelete(Object(Sabre\\HTTP\\Request), Object(Sabre\\HTTP\\Response))\n#24 \\/home\\/pensorafgn\\/wwwown\\/lib\\/composer\\/sabre\\/event\\/lib\\/EventEmitterTrait.php(105): call_user_func_array(Array, Array)\n#25 \\/home\\/pensorafgn\\/wwwown\\/lib\\/composer\\/sabre\\/dav\\/lib\\/DAV\\/Server.php(479): Sabre\\Event\\EventEmitter->emit('method:DELETE', Array)\n#26 \\/home\\/pensorafgn\\/wwwown\\/lib\\/composer\\/sabre\\/dav\\/lib\\/DAV\\/Server.php(254): Sabre\\DAV\\Server->invokeMethod(Object(Sabre\\HTTP\\Request), Object(Sabre\\HTTP\\Response))\n#27 \\/home\\/pensorafgn\\/wwwown\\/apps\\/dav\\/appinfo\\/v1\\/webdav.php(63): Sabre\\DAV\\Server->exec()\n#28 \\/home\\/pensorafgn\\/wwwown\\/remote.php(165): require_once('\\/home\\/pensorafg...')\n#29 {main}\",\"File\":\"\\/home\\/pensorafgn\\/wwwown\\/lib\\/composer\\/doctrine\\/dbal\\/lib\\/Doctrine\\/DBAL\\/Driver\\/AbstractMySQLDriver.php\",\"Line\":66,\"User\":\"Admin-cloud\"}"}
{"reqId":"WZaM2AoUFAsAAGqWxo8AAAAA","level":2,"time":"2017-08-18T06:44:41+00:00","remoteAddr":"78.231.132.89","user":"--","app":"core","method":"PROPFIND","url":"\/remote.php\/webdav\/","message":"Login failed: 'Admin-cloud' (Remote IP: '78.231.132.89')"}
{"reqId":"WZaM7QoUFAsAAGqWxs0AAAA8","level":2,"time":"2017-08-18T06:45:02+00:00","remoteAddr":"78.231.132.89","user":"--","app":"core","method":"PROPFIND","url":"\/remote.php\/webdav\/","message":"Login failed: 'Admin-cloud' (Remote IP: '78.231.132.89')"}
{"reqId":"WZaNRQoUFAsAAGqWyIIAAAAG","level":2,"time":"2017-08-18T06:46:30+00:00","remoteAddr":"78.231.132.89","user":"--","app":"core","method":"PROPFIND","url":"\/remote.php\/webdav\/","message":"Login failed: 'Admin-cloud' (Remote IP: '78.231.132.89')"}
{"reqId":"WZaNSAoUFAsAAGqWyIgAAAAy","level":2,"time":"2017-08-18T06:46:32+00:00","remoteAddr":"78.231.132.89","user":"--","app":"core","method":"PROPFIND","url":"\/remote.php\/webdav\/","message":"Login failed: 'Admin-cloud' (Remote IP: '78.231.132.89')"}
{"reqId":"WZaNYQoUFAsAAGqWyNUAAAAt","level":2,"time":"2017-08-18T06:46:57+00:00","remoteAddr":"78.231.132.89","user":"--","app":"core","method":"PROPFIND","url":"\/remote.php\/webdav\/","message":"Login failed: 'Admin-cloud' (Remote IP: '78.231.132.89')"}
{"reqId":"WZaV7AoUFAsAAA1GHSsAAAAu","level":2,"time":"2017-08-18T07:23:24+00:00","remoteAddr":"78.231.132.89","user":"--","app":"core","method":"PROPFIND","url":"\/remote.php\/webdav\/","message":"Login failed: 'Admin-cloud' (Remote IP: '78.231.132.89')"}
{"reqId":"WZawNAoUFAsAAC-kSecAAACY","level":2,"time":"2017-08-18T09:15:32+00:00","remoteAddr":"78.231.132.89","user":"Admin-cloud","app":"core","method":"GET","url":"\/index.php\/apps\/files\/?dir=\/&fileid=3","message":"Trusted domain error. \"78.231.132.89\" tried to access using \"cloud.pensora.fr\" as host."}
{"reqId":"WZawNQoUFAsAACBFjQQAAABD","level":2,"time":"2017-08-18T09:15:33+00:00","remoteAddr":"78.231.132.89","user":"Admin-cloud","app":"core","method":"GET","url":"\/index.php\/core\/js\/oc.js?v=e81ad89ccd551814ed7c72139b5cf64d","message":"Trusted domain error. \"78.231.132.89\" tried to access using \"cloud.pensora.fr\" as host."}
{"reqId":"WZawNQoUFAsAACBFjQUAAABy","level":2,"time":"2017-08-18T09:15:33+00:00","remoteAddr":"78.231.132.89","user":"Admin-cloud","app":"core","method":"GET","url":"\/cron.php","message":"Trusted domain error. \"78.231.132.89\" tried to access using \"cloud.pensora.fr\" as host."}
{"reqId":"WZawOQoUFAsAAC-kSgUAAAC3","level":2,"time":"2017-08-18T09:15:37+00:00","remoteAddr":"78.231.132.89","user":"Tests-OC","app":"core","method":"GET","url":"\/ocs\/v2.php\/apps\/notifications\/api\/v1\/notifications?format=json","message":"Trusted domain error. \"78.231.132.89\" tried to access using \"cloud.pensora.fr\" as host."}
{"reqId":"WZawRQoUFAsAACBFjVEAAABe","level":2,"time":"2017-08-18T09:15:50+00:00","remoteAddr":"78.231.132.89","user":"svalentin","app":"core","method":"PROPFIND","url":"\/remote.php\/dav\/files\/svalentin\/","message":"Trusted domain error. \"78.231.132.89\" tried to access using \"cloud.pensora.fr\" as host."}
{"reqId":"WZawRgoUFAsAACBFjVIAAABh","level":2,"time":"2017-08-18T09:15:50+00:00","remoteAddr":"78.231.132.89","user":"Tests-OC","app":"core","method":"PROPFIND","url":"\/remote.php\/dav\/files\/Tests-OC\/","message":"Trusted domain error. \"78.231.132.89\" tried to access using \"cloud.pensora.fr\" as host."}
{"reqId":"WZawUQoUFAsAAC-kSksAAACM","level":2,"time":"2017-08-18T09:16:01+00:00","remoteAddr":"78.231.132.89","user":"svalentin","app":"core","method":"PROPFIND","url":"\/remote.php\/dav\/files\/svalentin\/","message":"Trusted domain error. \"78.231.132.89\" tried to access using \"cloud.pensora.fr\" as host."}
{"reqId":"WZawUQoUFAsAAC-kSkwAAAC-","level":2,"time":"2017-08-18T09:16:01+00:00","remoteAddr":"78.231.132.89","user":"Tests-OC","app":"core","method":"PROPFIND","url":"\/remote.php\/dav\/files\/Tests-OC\/","message":"Trusted domain error. \"78.231.132.89\" tried to access using \"cloud.pensora.fr\" as host."}

#### Browser log

I don't know where to find those informations
`

pako81 · August 18, 2017, 3:32pm

Hi ocussac,

plese ensure that "session.auto_start" is set to 0 or Off and "enable_post_data_reading" to 1 or On in your php.ini configuration. If not, this could be the reason why you see the error “Access denied. CSRF check failed” when logging in/out to/from ownCloud via the WebUI.

This is also documented here:

https://doc.owncloud.org/server/10.0/admin_manual/installation/configuration_notes_and_tips.html#session-auto-start-enable-post-data-reading

As additional note, it is also possible to disable the ownCloud’s built-in CSRF protection mechanism by adding the following in config.php:

'csrf.disabled' => false,

Indeed, in some specific setups CSRF protection is handled in the environment, e.g., running F5 ASM. In these cases the built-in mechanism is not needed and can be disabled.

Hope this helps.

ocussac · August 21, 2017, 1:52pm

Thank's for your usefull help.
My problem is solved

Olivier

pako81 · August 21, 2017, 1:54pm

Well, you did not solve the issue..you just "workarounded" it