Hello,
I have a very recent install of roundcube where the users are (were) experiencing an error "request check failed" in two places. I traced this to a referer error in the logs, which I then chased to the referer_check setting in main.inc.php. Setting referer_check to false has solved both symptoms.
The first place this was happening is viewing attachments within the browser. when one clicks on a pdf attachment he has received, for example, the new tab/window will open with the link to download and the request check failed error message where you would normally view the document. with referer_check=false, the new tab/window opens, shows the download link and the document.
The second place I was seeing the error message was with the login page. If I open a second tab and brought it to the login page while I was already logged in, I would get the error, or if I closed the browser without logging out I would usually get that error. Once it happens, the only way I found to clear it was to delete the related cookies. I haven't tested extensively yet, but so far it appears referer_check=false has also corrected this problem.
Having just read up a bit on http referer headers, I start to see that it would be better to not leave the referer_check option at false. However, the above symptoms aren't really going over with the users to well, especially the login page one. I do not find anyone reporting similar on the web yet, so I am thinking I must have missed something in my config, but I went over it and didn't find anything. Have I missed an obvious configuration option somewhere that would allow me to keep referer_check=true and still let my users see their documents and not have to clear their cookies every time they encounter the error on the log on page?