owncloud authentication does not work for chrome with csrf

11 April 2016, 23:19
Not sure if it is a bug. I have owncloud as backend of Hiawatha.
Authentication in firefox works, but in chrome fails with logging:|Mon 11 Apr 2016 22:36:10 +0200|invalid referer while checking for CSRF
Mon 11 Apr 2016 22:36:16 +0200|Reverse proxy timeout for

chrome gives an error:|Mon 11 Apr 2016 22:52:55 +0200|504|2202||POST / HTTP/1.1|Host:|Connection: keep-alive|Content-Length: 194|Cache-Control: max-age=0|Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8|Origin: null|Upgrade-Insecure-Requests: 1|User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.112 Safari/537.36|Content-Type: application/x-www-form-urlencoded|DNT: 1|Accept-Encoding: gzip, deflate|Accept-Language: nl-NL,nl;q=0.8,en-US;q=0.6,en;q=0.4

Firefox works good|Mon 11 Apr 2016 22:57:00 +0200|302|2399||POST / HTTP/1.1|Host:|User-Agent: Mozilla/5.0 (W
indows NT 6.1; WOW64; rv:45.0) Gecko/20100101 Firefox/45.0|Accept: text/html,application/xhtml+xml,application/xml;q=0
.9,*/*;q=0.8|Accept-Language: nl,en-US;q=0.7,en;q=0.3|Accept-Encoding: gzip, deflate, br|DNT: 1|Connection: keep-alive
|Content-Type: application/x-www-form-urlencoded|Content-Length: 194

Hugo Leisink
12 April 2016, 14:16
My guess is it's a bug in ownCloud. I've had many issues with it before. I stopped giving it a try. It appears to be more of an Apache application instead of a generic web application.
12 April 2016, 22:15
Hmm. To be exact, I have installed hiawatha as a frontend. The backend is an apache server with owncloud.

So the reverse-proxy hiawatha server throws the error. Does that change anything?
I will make a tcpdump.
Hugo Leisink
13 April 2016, 11:26
Did you enable the PreventCSRF option? In that case, turn it off.
This topic has been closed.