Hi, I recently ran into a problem which I'm documenting here in the hope it saves others some time (possibly also RC devs could be aware and consider logging a warning)
The symptoms are that roundcube mostly works, but hangs with a Saving/Sending message at the bottom of the screen if you try and save/send. The browser is "frozen", in that you cannot click on other items on the page, and it's necessary to close the browser tab or do a full page reload to escape.
The resolution was to remove security headers from my default nginx config:
#add_header X-Frame-Options DENY;
#add_header X-Content-Type-Options nosniff;
I presume that the iframe option interferes with save/send process, hence why it breaks. I think it's not unreasonable, however, just documenting the problem here since it's a common option shown as a good default for a tightly secured webserver setup.
Thanks to all developers for the excellent Roundcube product!
Ed W
On Wed, Sep 10, 2014 at 11:23 AM, Ed W lists@wildgooses.com wrote:
Hi, I recently ran into a problem which I'm documenting here in the hope it saves others some time (possibly also RC devs could be aware and consider logging a warning)
The symptoms are that roundcube mostly works, but hangs with a Saving/Sending message at the bottom of the screen if you try and save/send. The browser is "frozen", in that you cannot click on other items on the page, and it's necessary to close the browser tab or do a full page reload to escape.
The resolution was to remove security headers from my default nginx config:
#add_header X-Frame-Options DENY; #add_header X-Content-Type-Options nosniff;
I presume that the iframe option interferes with save/send process, hence why it breaks. I think it's not unreasonable, however, just documenting the problem here since it's a common option shown as a good default for a tightly secured webserver setup.
Thanks for sharing this. There's some basic documentation about webserver config in our wiki: http://trac.roundcube.net/wiki/Howto_Config/Webservers Feel free to update that page.
FWIW: Roundcube itself sets the X-Frame-Options headers according to config: https://github.com/roundcube/roundcubemail/blob/master/config/defaults.inc.p...
~Thomas