[RCU] Problem with CSRF

Michael Orlitzky michael at orlitzky.com
Tue Apr 9 02:23:20 CEST 2019


On 4/8/19 6:50 PM, Andreas Meyer wrote:
> 
> What happend here that all of the sudden I don't have a working roundcube
> anymore? Where does this CSRF problem come from? I just upgraded to version
> 1.3.9 and the problem remains.
> 

This just happens every once in a while, and nobody has a good answer.
Our users certainly don't know what to do. They call us, we don't know
what to do. I started disabling the CSRF protection entirely:

  1. Open program/lib/Roundcube/rcube.php
  2. Search for "public function check_request"
  3. Have it always return true.


More information about the users mailing list