[RCU] Content Security Policy for Roundcube

James Brown jlbrown at bordo.com.au
Thu Jul 25 10:23:41 CEST 2019

Turning on 'Show Javascript Console' from Safari Develop menu showed me that my Content Security Policy was preventing emails displaying in mailboxes. 

Additionally at logout I get the message

"PHP Error: Request security check failed
For your protection, access to this resource is secured against CSRF.
If you see this, you probably didn't log out before leaving the web application.

Human interaction is now required to continue."
Please contact your server-administrator.

Commenting out the CSP line in https.conf fixed it.

Currently using:

Header set Content-Security-Policy "default-src 'self'; form-action 'self'; frame-ancestors 'self'; base-uri ‘self'

Which fails. 

Is there a recommended CSP for Roundcube?



More information about the users mailing list