Error CSRF check failed logout from web intreface All Navigator on OVH Web hosting

Steps to reproduce

1.Connect to the owncloud platform via web interface
2.Disconnect session from the logout link
3.

Expected behaviour

When I click on the logout link, the session should be destroy and redirect to the authentification page

Actual behaviour

The disconnect display the error : Deny access - CSRF check failed Expected behaviour

Server configuration

Operating system: Linux OVH Shared web hosting

Web server: Apache/2.4.

Database: Mysql

PHP version: 7.0

ownCloud version: 10.0.2

Updated from an older ownCloud or fresh install: Fresh install

Where did you install ownCloud from: Php ownCloud install page on shared web hosting

Signing status (ownCloud 9.0 and above): No errors have

Login as admin user into your ownCloud and access 
http://example.com/index.php/settings/integrity/failed 
paste the results into https://gist.github.com/ and puth the link here
anonymous/gist:c7b5783d5019d34151b7a2f67ed1df50

The content of config/config.php:
<?php
$CONFIG = array (
'instanceid' => 'ocouig20l6zz',
'passwordsalt' => 'hkkaeQltxvDP/A0DIb4S3dM6B6KbGL',
'secret' => 'UYlec4DTo1XylbhRD69kDr6c5DcEIoMVBK6LB+WqYn5axr1x',
'trusted_domains' => array (
0 => 'cloud.pensora.fr',
),
'datadirectory' => '/home/pensorafgn/wwwown/data',
'overwrite.cli.url' => 'https://cloud.pensora.fr',
'dbtype' => 'mysql',
'version' => '10.0.2.1',
'dbname' => '****************,
'dbhost' => '*****************',
'dbtableprefix' => 'oc_',
'dbuser' => '************',
'dbpassword' => '***************',
'logtimezone' => 'UTC',
'installed' => true,
'session_lifetime' => 60,

);

Log in to the web-UI with an administrator account and click on
'admin' -> 'Generate Config Report' -> 'Download ownCloud config report'
This report includes the config.php settings, the list of activated apps
and other details in a well sanitized form.

or 

If you have access to your command line run e.g.:
sudo -u www-data php occ config:list system
from within your ownCloud installation folder

*ATTENTION:* Do not post your config.php file in public as is. Please use one of the above
methods whenever possible. Both, the generated reports from the web-ui and from occ config:list
consistently remove sensitive data. You still may want to review the report before sending.
If done manually then it is critical for your own privacy to dilligently
remove *all* host names, passwords, usernames, salts and other credentials before posting.
You should assume that attackers find such information and will use them against your systems.

List of activated apps: none additional

If you have access to your command line run e.g.:
sudo -u www-data php occ app:list
from within your ownCloud installation folder.

Are you using external storage, if yes which one: No...

Are you using encryption: no

Are you using an external user-backend, if yes which one: No...

Client configuration

Browser: Firefox & Chrome

Operating system: Windows 8.1

Logs

Web server error log

"

78.231.132.89 cloud.pensora.fr - [18/Aug/2017:10:35:46 +0200] "GET /cron.php HTTP/1.1" 200 20 "-" "Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.101 Safari/537.36"
78.231.132.89 cloud.pensora.fr - [18/Aug/2017:10:35:46 +0200] "GET /ocs/v2.php/apps/notifications/api/v1/notifications?format=json HTTP/1.1" 200 74 "-" "Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.101 Safari/537.36"
78.231.132.89 cloud.pensora.fr - [18/Aug/2017:10:35:46 +0200] "GET /index.php/avatar/Tests-OC/42 HTTP/1.1" 200 35 "-" "Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.101 Safari/537.36"
78.231.132.89 cloud.pensora.fr - [18/Aug/2017:10:35:46 +0200] "PROPFIND /remote.php/webdav/ HTTP/1.1" 207 4885 "-" "Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.101 Safari/537.36"
78.231.132.89 cloud.pensora.fr - [18/Aug/2017:10:35:46 +0200] "PROPFIND /remote.php/webdav/ HTTP/1.1" 207 4885 "-" "Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.101 Safari/537.36"
78.231.132.89 cloud.pensora.fr - [18/Aug/2017:10:35:47 +0200] "GET /index.php/avatar/Tests-OC/42 HTTP/1.1" 200 35 "-" "Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.101 Safari/537.36"
78.231.132.89 cloud.pensora.fr - [18/Aug/2017:10:35:47 +0200] "GET /index.php/apps/files/ajax/getstoragestats.php?dir=%2F HTTP/1.1" 200 185 "-" "Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.101 Safari/537.36"
78.231.132.89 cloud.pensora.fr - [18/Aug/2017:10:35:47 +0200] "GET /index.php/avatar/Tests-OC/42 HTTP/1.1" 200 35 "-" "Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.101 Safari/537.36"
78.231.132.89 cloud.pensora.fr - [18/Aug/2017:10:36:13 +0200] "GET /ocs/v2.php/apps/notifications/api/v1/notifications?format=json HTTP/1.1" 200 74 "-" "Mozilla/5.0 (Windows NT 6.3; WOW64; rv:54.0) Gecko/20100101 Firefox/54.0"
78.231.132.89 cloud.pensora.fr - [18/Aug/2017:10:36:16 +0200] "GET /ocs/v2.php/apps/notifications/api/v1/notifications?format=json HTTP/1.1" 200 74 "-" "Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.101 Safari/537.36"
78.231.132.89 cloud.pensora.fr - [18/Aug/2017:10:36:18 +0200] "GET /index.php/logout?requesttoken=PxU2NFZmBAAiKAh/LB0LWAV0Ny1TAiI9NQkMBSE2EjE%3D%3ATfDm1ImMigyOkWG0F1ml6GkPDeKmiQByz/BSGJTkHKs%3D HTTP/1.1" 302 295 "-" "Mozilla/5.0 (Windows NT 6.3; WOW64; rv:54.0) Gecko/20100101 Firefox/54.0"
78.231.132.89 cloud.pensora.fr - [18/Aug/2017:10:36:18 +0200] "GET /index.php/logout?requesttoken=PxU2NFZmBAAiKAh/LB0LWAV0Ny1TAiI9NQkMBSE2EjE%253D%253ATfDm1ImMigyOkWG0F1ml6GkPDeKmiQByz/BSGJTkHKs%253D HTTP/1.1" 412 1613 "-" "Mozilla/5.0 (Windows NT 6.3; WOW64; rv:54.0) Gecko/20100101 Firefox/54.0"
78.231.132.89 cloud.pensora.fr - [18/Aug/2017:10:36:19 +0200] "GET /index.php/core/js/oc.js?v=e81ad89ccd551814ed7c72139b5cf64d HTTP/1.1" 200 1147 "-" "Mozilla/5.0 (Windows NT 6.3; WOW64; rv:54.0) Gecko/20100101 Firefox/54.0"
78.231.132.89 cloud.pensora.fr - [18/Aug/2017:10:36:19 +0200] "GET /core/img/background.jpg HTTP/1.1" 200 133536 "-" "Mozilla/5.0 (Windows NT 6.3; WOW64; rv:54.0) Gecko/20100101 Firefox/54.0"
78.231.132.89 cloud.pensora.fr - [18/Aug/2017:10:36:19 +0200] "GET /core/img/logo-icon.svg HTTP/1.1" 304 - "-" "Mozilla/5.0 (Windows NT 6.3; WOW64; rv:54.0) Gecko/20100101 Firefox/54.0"
78.231.132.89 cloud.pensora.fr - [18/Aug/2017:10:36:19 +0200] "GET /apps/notifications/img/notifications.svg HTTP/1.1" 304 - "-" "Mozilla/5.0 (Windows NT 6.3; WOW64; rv:54.0) Gecko/20100101 Firefox/54.0"
78.231.132.89 cloud.pensora.fr - [18/Aug/2017:10:36:19 +0200] "GET /cron.php HTTP/1.1" 200 20 "-" "Mozilla/5.0 (Windows NT 6.3; WOW64; rv:54.0) Gecko/20100101 Firefox/54.0"
78.231.132.89 cloud.pensora.fr - [18/Aug/2017:10:36:19 +0200] "GET /ocs/v2.php/apps/notifications/api/v1/notifications?format=json HTTP/1.1" 200 74 "-" "Mozilla/5.0 (Windows NT 6.3; WOW64; rv:54.0) Gecko/20100101 Firefox/54.0"
78.231.132.89 cloud.pensora.fr - [18/Aug/2017:10:36:31 +0200] "GET / HTTP/1.1" 302 25 "-" "Mozilla/5.0 (Windows NT 6.3; WOW64; rv:54.0) Gecko/20100101 Firefox/54.0"
78.231.132.89 cloud.pensora.fr - [18/Aug/2017:10:36:31 +0200] "GET /index.php/apps/files/ HTTP/1.1" 302 199 "-" "Mozilla/5.0 (Windows NT 6.3; WOW64; rv:54.0) Gecko/20100101 Firefox/54.0"
78.231.132.89 cloud.pensora.fr - [18/Aug/2017:10:36:31 +0200] "GET /index.php/apps/files/ HTTP/1.1" 200 4767 "-" "Mozilla/5.0 (Windows NT 6.3; WOW64; rv:54.0) Gecko/20100101 Firefox/54.0"
78.231.132.89 cloud.pensora.fr - [18/Aug/2017:10:36:32 +0200] "GET /index.php/core/js/oc.js?v=e81ad89ccd551814ed7c72139b5cf64d HTTP/1.1" 200 1147 "-" "Mozilla/5.0 (Windows NT 6.3; WOW64; rv:54.0) Gecko/20100101 Firefox/54.0"
78.231.132.89 cloud.pensora.fr - [18/Aug/2017:10:36:32 +0200] "GET /settings/img/admin.svg HTTP/1.1" 304 - "-" "Mozilla/5.0 (Windows NT 6.3; WOW64; rv:54.0) Gecko/20100101 Firefox/54.0"
78.231.132.89 cloud.pensora.fr - [18/Aug/2017:10:36:32 +0200] "GET /settings/img/help.svg HTTP/1.1" 304 - "-" "Mozilla/5.0 (Windows NT 6.3; WOW64; rv:54.0) Gecko/20100101 Firefox/54.0"
78.231.132.89 cloud.pensora.fr - [18/Aug/2017:10:36:32 +0200] "GET /core/img/actions/logout.svg HTTP/1.1" 304 - "-" "Mozilla/5.0 (Windows NT 6.3; WOW64; rv:54.0) Gecko/20100101 Firefox/54.0"
78.231.132.89 cloud.pensora.fr - [18/Aug/2017:10:36:32 +0200] "GET /apps/files/img/app.svg HTTP/1.1" 304 - "-" "Mozilla/5.0 (Windows NT 6.3; WOW64; rv:54.0) Gecko/20100101 Firefox/54.0"
78.231.132.89 cloud.pensora.fr - [18/Aug/2017:10:36:32 +0200] "GET /apps/files/img/folder.svg HTTP/1.1" 304 - "-" "Mozilla/5.0 (Windows NT 6.3; WOW64; rv:54.0) Gecko/20100101 Firefox/54.0"
78.231.132.89 cloud.pensora.fr - [18/Aug/2017:10:36:32 +0200] "GET /settings/img/users.svg HTTP/1.1" 304 - "-" "Mozilla/5.0 (Windows NT 6.3; WOW64; rv:54.0) Gecko/20100101 Firefox/54.0"
78.231.132.89 cloud.pensora.fr - [18/Aug/2017:10:36:32 +0200] "GET /cron.php HTTP/1.1" 200 20 "-" "Mozilla/5.0 (Windows NT 6.3; WOW64; rv:54.0) Gecko/20100101 Firefox/54.0"
78.231.132.89 cloud.pensora.fr - [18/Aug/2017:10:36:32 +0200] "GET /ocs/v2.php/apps/notifications/api/v1/notifications?format=json HTTP/1.1" 200 74 "-" "Mozilla/5.0 (Windows NT 6.3; WOW64; rv:54.0) Gecko/20100101 Firefox/54.0"
78.231.132.89 cloud.pensora.fr - [18/Aug/2017:10:36:32 +0200] "GET /core/img/actions/search-white.svg HTTP/1.1" 304 - "-" "Mozilla/5.0 (Windows NT 6.3; WOW64; rv:54.0) Gecko/20100101 Firefox/54.0"
78.231.132.89 cloud.pensora.fr - [18/Aug/2017:10:36:32 +0200] "GET /apps/market/img/market.svg HTTP/1.1" 304 - "-" "Mozilla/5.0 (Windows NT 6.3; WOW64; rv:54.0) Gecko/20100101 Firefox/54.0"



#### ownCloud log (data/owncloud.log)

I{"reqId":"WZWxgQoUFBkAABrhehAAAAA3","level":3,"time":"2017-08-17T15:08:50+00:00","remoteAddr":"78.231.132.89","user":"--","app":"PHP","method":"GET","url":"\/","message":"chmod(): No such file or directory at \/home\/pensorafgn\/wwwown\/lib\/private\/Log\/Owncloud.php#122"}
{"reqId":"WZWzfgoUFBkAABrhhFMAAAAf","level":3,"time":"2017-08-17T15:17:18+00:00","remoteAddr":"78.231.132.89","user":"--","app":"PHP","method":"POST","url":"\/index.php","message":"Zend OPcache API is restricted by \"restrict_api\" configuration directive at \/home\/pensorafgn\/wwwown\/lib\/private\/legacy\/util.php#1349"}
{"reqId":"WZWzfgoUFBkAABrhhFMAAAAf","level":3,"time":"2017-08-17T15:17:18+00:00","remoteAddr":"78.231.132.89","user":"--","app":"PHP","method":"POST","url":"\/index.php","message":"Zend OPcache API is restricted by \"restrict_api\" configuration directive at \/home\/pensorafgn\/wwwown\/lib\/private\/legacy\/util.php#1349"}
{"reqId":"WZW25goUFBkAABrhls0AAAAn","level":3,"time":"2017-08-17T15:31:51+00:00","remoteAddr":"78.231.132.89","user":"--","app":"PHP","method":"POST","url":"\/index.php","message":"Zend OPcache API is restricted by \"restrict_api\" configuration directive at \/home\/pensorafgn\/wwwown\/lib\/private\/legacy\/util.php#1349"}
{"reqId":"WZW25goUFBkAABrhls0AAAAn","level":3,"time":"2017-08-17T15:31:51+00:00","remoteAddr":"78.231.132.89","user":"--","app":"PHP","method":"POST","url":"\/index.php","message":"Zend OPcache API is restricted by \"restrict_api\" configuration directive at \/home\/pensorafgn\/wwwown\/lib\/private\/legacy\/util.php#1349"}
{"reqId":"WZW25goUFBkAABrhls0AAAAn","level":3,"time":"2017-08-17T15:31:52+00:00","remoteAddr":"78.231.132.89","user":"--","app":"mysql.setup","method":"POST","url":"\/index.php","message":"Specific user creation failed: An exception occurred while executing 'SELECT user FROM mysql.user WHERE user=?' with params [\"oc_Admin-cloud\"]:\n\nSQLSTATE[42000]: Syntax error or access violation: 1142 SELECT command denied to user 'pensorafgnadmin'@'10.2.100.25' for table 'user'"}
{"reqId":"WZW25goUFBkAABrhls0AAAAn","level":3,"time":"2017-08-17T15:31:52+00:00","remoteAddr":"78.231.132.89","user":"--","app":"PHP","method":"POST","url":"\/index.php","message":"Zend OPcache API is restricted by \"restrict_api\" configuration directive at \/home\/pensorafgn\/wwwown\/lib\/private\/legacy\/util.php#1349"}
{"reqId":"WZW25goUFBkAABrhls0AAAAn","level":3,"time":"2017-08-17T15:31:55+00:00","remoteAddr":"78.231.132.89","user":"--","app":"PHP","method":"POST","url":"\/index.php","message":"Zend OPcache API is restricted by \"restrict_api\" configuration directive at \/home\/pensorafgn\/wwwown\/lib\/private\/legacy\/util.php#1349"}
{"reqId":"WZW25goUFBkAABrhls0AAAAn","level":3,"time":"2017-08-17T15:31:55+00:00","remoteAddr":"78.231.132.89","user":"--","app":"PHP","method":"POST","url":"\/index.php","message":"Zend OPcache API is restricted by \"restrict_api\" configuration directive at \/home\/pensorafgn\/wwwown\/lib\/private\/legacy\/util.php#1349"}
{"reqId":"WZW3KwoUFBkAABrhmA4AAAAt","level":2,"time":"2017-08-17T15:33:00+00:00","remoteAddr":"78.231.132.89","user":"--","app":"core","method":"POST","url":"\/index.php\/login?redirect_url=%252Findex.php%252Fapps%252Ffiles%252F","message":"Login failed: 'Admin-cloud' (Remote IP: '78.231.132.89')"}
{"reqId":"WZaKuQoUFAsAAGqWvXQAAAAo","level":4,"time":"2017-08-18T06:35:38+00:00","remoteAddr":"78.231.132.89","user":"Admin-cloud","app":"webdav","method":"DELETE","url":"\/remote.php\/webdav\/Photos\/Squirrel.jpg","message":"Exception: {\"Message\":\"An exception occurred while executing 'INSERT INTO oc_filecache (mimepart,mimetype,mtime,size,etag,storage_mtime,permissions,checksum,path_hash,path,parent,name,storage) SELECT ?,?,?,?,?,?,?,?,?,?,?,?,? FROMoc_filecacheWHEREstorage= ? ANDpath_hash= ? HAVING COUNT(*) = 0' with params [\\\"1\\\", \\\"2\\\", 1503038138, -1, \\\"59968aba22b25\\\", 1503038138, 31, \\\"\\\", \\\"fb66dca5f27af6f15c1d1d81e6f8d28b\\\", \\\"files_trashbin\\\", 1, \\\"files_trashbin\\\", 1, 1, \\\"fb66dca5f27af6f15c1d1d81e6f8d28b\\\"]:\\n\\nSQLSTATE[23000]: Integrity constraint violation: 1062 Duplicate entry '1-fb66dca5f27af6f15c1d1d81e6f8d28b' for key 'fs_storage_path_hash'\",\"Exception\":\"Doctrine\\\\DBAL\\\\Exception\\\\UniqueConstraintViolationException\",\"Code\":0,\"Trace\":\"#0 \\\/home\\\/pensorafgn\\\/wwwown\\\/lib\\\/composer\\\/doctrine\\\/dbal\\\/lib\\\/Doctrine\\\/DBAL\\\/DBALException.php(128): Doctrine\\\\DBAL\\\\Driver\\\\AbstractMySQLDriver->convertException('An exception oc...', Object(Doctrine\\\\DBAL\\\\Driver\\\\PDOException))\\n#1 \\\/home\\\/pensorafgn\\\/wwwown\\\/lib\\\/composer\\\/doctrine\\\/dbal\\\/lib\\\/Doctrine\\\/DBAL\\\/Connection.php(1015): Doctrine\\\\DBAL\\\\DBALException::driverExceptionDuringQuery(Object(Doctrine\\\\DBAL\\\\Driver\\\\PDOMySql\\\\Driver), Object(Doctrine\\\\DBAL\\\\Driver\\\\PDOException), 'INSERT INTOoc...', Array)\\n#2 \\\/home\\\/pensorafgn\\\/wwwown\\\/lib\\\/private\\\/DB\\\/Connection.php(211): Doctrine\\\\DBAL\\\\Connection->executeUpdate('INSERT INTOoc...', Array, Array)\\n#3 \\\/home\\\/pensorafgn\\\/wwwown\\\/lib\\\/private\\\/DB\\\/Adapter.php(113): OC\\\\DB\\\\Connection->executeUpdate('INSERT INTO`oc...', Array)\n#4 \\/home\\/pensorafgn\\/wwwown\\/lib\\/private\\/DB\\/Connection.php(249): OC\\DB\\Adapter->insertIfNotExist('PREFIXfilecac...', Array, Array)\n#5 \\/home\\/pensorafgn\\/wwwown\\/lib\\/private\\/Files\\/Cache\\/Cache.php(263): OC\\DB\\Connection->insertIfNotExist('PREFIXfilecac...', Array, Array)\n#6 \\/home\\/pensorafgn\\/wwwown\\/lib\\/private\\/Files\\/Cache\\/Cache.php(220): OC\\Files\\Cache\\Cache->insert('files_trashbin', Array)\n#7 \\/home\\/pensorafgn\\/wwwown\\/lib\\/private\\/Files\\/Cache\\/Scanner.php(266): OC\\Files\\Cache\\Cache->put('files_trashbin', Array)\n#8 \\/home\\/pensorafgn\\/wwwown\\/lib\\/private\\/Files\\/Cache\\/Scanner.php(206): OC\\Files\\Cache\\Scanner->addToCache('files_trashbin', Array, -1)\n#9 \\/home\\/pensorafgn\\/wwwown\\/lib\\/private\\/Files\\/Cache\\/Scanner.php(309): OC\\Files\\Cache\\Scanner->scanFile('files_trashbin', 3, '1', false, false)\n#10 \\/home\\/pensorafgn\\/wwwown\\/lib\\/private\\/Files\\/Cache\\/Updater.php(124): OC\\Files\\Cache\\Scanner->scan('files_trashbin', false, 3, false)\n#11 \\/home\\/pensorafgn\\/wwwown\\/lib\\/private\\/Files\\/View.php(314): OC\\Files\\Cache\\Updater->update('files_trashbin', 1503038138)\n#12 \\/home\\/pensorafgn\\/wwwown\\/lib\\/private\\/Files\\/View.php(1138): OC\\Files\\View->writeUpdate(Object(OCA\\Files_Trashbin\\Storage), 'files_trashbin')\n#13 \\/home\\/pensorafgn\\/wwwown\\/lib\\/private\\/Files\\/View.php(262): OC\\Files\\View->basicOperation('mkdir', '\\/files_trashbin', Array)\n#14 \\/home\\/pensorafgn\\/wwwown\\/apps\\/files_trashbin\\/lib\\/Trashbin.php(150): OC\\Files\\View->mkdir('files_trashbin')\n#15 \\/home\\/pensorafgn\\/wwwown\\/apps\\/files_trashbin\\/lib\\/Trashbin.php(250): OCA\\Files_Trashbin\\Trashbin::setUpTrash('Admin-cloud')\n#16 \\/home\\/pensorafgn\\/wwwown\\/apps\\/files_trashbin\\/lib\\/Storage.php(185): OCA\\Files_Trashbin\\Trashbin::move2trash('Photos\\/Squirrel...')\n#17 \\/home\\/pensorafgn\\/wwwown\\/apps\\/files_trashbin\\/lib\\/Storage.php(120): OCA\\Files_Trashbin\\Storage->doDelete('files\\/Photos\\/Sq...', 'unlink')\n#18 \\/home\\/pensorafgn\\/wwwown\\/lib\\/private\\/Files\\/View.php(1123): OCA\\Files_Trashbin\\Storage->unlink('files\\/Photos\\/Sq...')\n#19 \\/home\\/pensorafgn\\/wwwown\\/lib\\/private\\/Files\\/View.php(693): OC\\Files\\View->basicOperation('unlink', '\\/Photos\\/Squirre...', Array)\n#20 \\/home\\/pensorafgn\\/wwwown\\/apps\\/dav\\/lib\\/Connector\\/Sabre\\/File.php(346): OC\\Files\\View->unlink('\\/Photos\\/Squirre...')\n#21 \\/home\\/pensorafgn\\/wwwown\\/lib\\/composer\\/sabre\\/dav\\/lib\\/DAV\\/Tree.php(179): OCA\\DAV\\Connector\\Sabre\\File->delete()\n#22 \\/home\\/pensorafgn\\/wwwown\\/lib\\/composer\\/sabre\\/dav\\/lib\\/DAV\\/CorePlugin.php(287): Sabre\\DAV\\Tree->delete('Photos\\/Squirrel...')\n#23 [internal function]: Sabre\\DAV\\CorePlugin->httpDelete(Object(Sabre\\HTTP\\Request), Object(Sabre\\HTTP\\Response))\n#24 \\/home\\/pensorafgn\\/wwwown\\/lib\\/composer\\/sabre\\/event\\/lib\\/EventEmitterTrait.php(105): call_user_func_array(Array, Array)\n#25 \\/home\\/pensorafgn\\/wwwown\\/lib\\/composer\\/sabre\\/dav\\/lib\\/DAV\\/Server.php(479): Sabre\\Event\\EventEmitter->emit('method:DELETE', Array)\n#26 \\/home\\/pensorafgn\\/wwwown\\/lib\\/composer\\/sabre\\/dav\\/lib\\/DAV\\/Server.php(254): Sabre\\DAV\\Server->invokeMethod(Object(Sabre\\HTTP\\Request), Object(Sabre\\HTTP\\Response))\n#27 \\/home\\/pensorafgn\\/wwwown\\/apps\\/dav\\/appinfo\\/v1\\/webdav.php(63): Sabre\\DAV\\Server->exec()\n#28 \\/home\\/pensorafgn\\/wwwown\\/remote.php(165): require_once('\\/home\\/pensorafg...')\n#29 {main}\",\"File\":\"\\/home\\/pensorafgn\\/wwwown\\/lib\\/composer\\/doctrine\\/dbal\\/lib\\/Doctrine\\/DBAL\\/Driver\\/AbstractMySQLDriver.php\",\"Line\":66,\"User\":\"Admin-cloud\"}"}
{"reqId":"WZaM2AoUFAsAAGqWxo8AAAAA","level":2,"time":"2017-08-18T06:44:41+00:00","remoteAddr":"78.231.132.89","user":"--","app":"core","method":"PROPFIND","url":"\/remote.php\/webdav\/","message":"Login failed: 'Admin-cloud' (Remote IP: '78.231.132.89')"}
{"reqId":"WZaM7QoUFAsAAGqWxs0AAAA8","level":2,"time":"2017-08-18T06:45:02+00:00","remoteAddr":"78.231.132.89","user":"--","app":"core","method":"PROPFIND","url":"\/remote.php\/webdav\/","message":"Login failed: 'Admin-cloud' (Remote IP: '78.231.132.89')"}
{"reqId":"WZaNRQoUFAsAAGqWyIIAAAAG","level":2,"time":"2017-08-18T06:46:30+00:00","remoteAddr":"78.231.132.89","user":"--","app":"core","method":"PROPFIND","url":"\/remote.php\/webdav\/","message":"Login failed: 'Admin-cloud' (Remote IP: '78.231.132.89')"}
{"reqId":"WZaNSAoUFAsAAGqWyIgAAAAy","level":2,"time":"2017-08-18T06:46:32+00:00","remoteAddr":"78.231.132.89","user":"--","app":"core","method":"PROPFIND","url":"\/remote.php\/webdav\/","message":"Login failed: 'Admin-cloud' (Remote IP: '78.231.132.89')"}
{"reqId":"WZaNYQoUFAsAAGqWyNUAAAAt","level":2,"time":"2017-08-18T06:46:57+00:00","remoteAddr":"78.231.132.89","user":"--","app":"core","method":"PROPFIND","url":"\/remote.php\/webdav\/","message":"Login failed: 'Admin-cloud' (Remote IP: '78.231.132.89')"}
{"reqId":"WZaV7AoUFAsAAA1GHSsAAAAu","level":2,"time":"2017-08-18T07:23:24+00:00","remoteAddr":"78.231.132.89","user":"--","app":"core","method":"PROPFIND","url":"\/remote.php\/webdav\/","message":"Login failed: 'Admin-cloud' (Remote IP: '78.231.132.89')"}
{"reqId":"WZawNAoUFAsAAC-kSecAAACY","level":2,"time":"2017-08-18T09:15:32+00:00","remoteAddr":"78.231.132.89","user":"Admin-cloud","app":"core","method":"GET","url":"\/index.php\/apps\/files\/?dir=\/&fileid=3","message":"Trusted domain error. \"78.231.132.89\" tried to access using \"cloud.pensora.fr\" as host."}
{"reqId":"WZawNQoUFAsAACBFjQQAAABD","level":2,"time":"2017-08-18T09:15:33+00:00","remoteAddr":"78.231.132.89","user":"Admin-cloud","app":"core","method":"GET","url":"\/index.php\/core\/js\/oc.js?v=e81ad89ccd551814ed7c72139b5cf64d","message":"Trusted domain error. \"78.231.132.89\" tried to access using \"cloud.pensora.fr\" as host."}
{"reqId":"WZawNQoUFAsAACBFjQUAAABy","level":2,"time":"2017-08-18T09:15:33+00:00","remoteAddr":"78.231.132.89","user":"Admin-cloud","app":"core","method":"GET","url":"\/cron.php","message":"Trusted domain error. \"78.231.132.89\" tried to access using \"cloud.pensora.fr\" as host."}
{"reqId":"WZawOQoUFAsAAC-kSgUAAAC3","level":2,"time":"2017-08-18T09:15:37+00:00","remoteAddr":"78.231.132.89","user":"Tests-OC","app":"core","method":"GET","url":"\/ocs\/v2.php\/apps\/notifications\/api\/v1\/notifications?format=json","message":"Trusted domain error. \"78.231.132.89\" tried to access using \"cloud.pensora.fr\" as host."}
{"reqId":"WZawRQoUFAsAACBFjVEAAABe","level":2,"time":"2017-08-18T09:15:50+00:00","remoteAddr":"78.231.132.89","user":"svalentin","app":"core","method":"PROPFIND","url":"\/remote.php\/dav\/files\/svalentin\/","message":"Trusted domain error. \"78.231.132.89\" tried to access using \"cloud.pensora.fr\" as host."}
{"reqId":"WZawRgoUFAsAACBFjVIAAABh","level":2,"time":"2017-08-18T09:15:50+00:00","remoteAddr":"78.231.132.89","user":"Tests-OC","app":"core","method":"PROPFIND","url":"\/remote.php\/dav\/files\/Tests-OC\/","message":"Trusted domain error. \"78.231.132.89\" tried to access using \"cloud.pensora.fr\" as host."}
{"reqId":"WZawUQoUFAsAAC-kSksAAACM","level":2,"time":"2017-08-18T09:16:01+00:00","remoteAddr":"78.231.132.89","user":"svalentin","app":"core","method":"PROPFIND","url":"\/remote.php\/dav\/files\/svalentin\/","message":"Trusted domain error. \"78.231.132.89\" tried to access using \"cloud.pensora.fr\" as host."}
{"reqId":"WZawUQoUFAsAAC-kSkwAAAC-","level":2,"time":"2017-08-18T09:16:01+00:00","remoteAddr":"78.231.132.89","user":"Tests-OC","app":"core","method":"PROPFIND","url":"\/remote.php\/dav\/files\/Tests-OC\/","message":"Trusted domain error. \"78.231.132.89\" tried to access using \"cloud.pensora.fr\" as host."}

#### Browser log

I don't know where to find those informations
`

Hi ocussac,

plese ensure that "session.auto_start" is set to 0 or Off and "enable_post_data_reading" to 1 or On in your php.ini configuration. If not, this could be the reason why you see the error “Access denied. CSRF check failed” when logging in/out to/from ownCloud via the WebUI.

This is also documented here:

https://doc.owncloud.org/server/10.0/admin_manual/installation/configuration_notes_and_tips.html#session-auto-start-enable-post-data-reading

As additional note, it is also possible to disable the ownCloud’s built-in CSRF protection mechanism by adding the following in config.php:

'csrf.disabled' => false,

Indeed, in some specific setups CSRF protection is handled in the environment, e.g., running F5 ASM. In these cases the built-in mechanism is not needed and can be disabled.

Hope this helps.

Thank's for your usefull help.
My problem is solved

Olivier

Well, you did not solve the issue..you just "workarounded" it :slight_smile: