Sorry I was too busy yesterday to respond to your post on RCU.
When I glanced at your post, I thought it might be mod_security
causing the issue.
[file "/etc/httpd/modsecurity.d/ modsecurity_crs_21_protocol_anomalies.conf"] [line "41"] [id "960015"] [msg "Reque st Missing an Accept Header"] [severity "CRITICAL"] [tag "PROTOCOL_VIOLATION/MISSING_HEADER"] [hostname
"roundcube.renelacrout e.fr"] [uri "/"] [unique_id "bdt3UVdiuugAAHbbVjAAAAAA"] [Mon Nov 23 00:54:27 2009] [error] [client 81.56.161.95] ModSecurity: Warning. Match of "rx ^OPTIONS$" against "REQUEST_METHOD " required.
There are several errors related to this. Some Googling indicates a header needs to be added to the output.
A quick search indicates several files that would need to be modified :
[chasd@mail roundcube]$ find . -name '*.php' -exec grep -l "header ('Content-Type:" {} ; ./program/js/tiny_mce/plugins/spellchecker/rpc.php ./program/include/rcube_html_page.php ./program/include/rcube_json_output.php ./bin/html2text.php ./bin/modcss.php
This page : http://framework.zend.com/issues/browse/ZF-3017
indicates this line should be added to each of those files after the
content type header :
header('Accept: text/xml');
As for the
Match of "rx ^OPTIONS$" against "REQUEST_METHOD"
that is a warning and shouldn't impact the functionality of RoundCube.
I did not find a fix for that warning, and I'm not familiar enough
with mod_security to know exactly what it is complaining about.
My Google search indicates that other web apps that control their
headers run into this issue with mod_security, notably Gallery2.