Forum
owncloud authentication does not work for chrome with csrf
Hans-Cees
11 April 2016, 23:19
Not sure if it is a bug. I have owncloud as backend of Hiawatha.
Authentication in firefox works, but in chrome fails with logging:
192.168.0.2|Mon 11 Apr 2016 22:36:10 +0200|invalid referer while checking for CSRF
Mon 11 Apr 2016 22:36:16 +0200|Reverse proxy timeout for 192.168.0.42
chrome gives an error:
192.168.0.2|Mon 11 Apr 2016 22:52:55 +0200|504|2202||POST / HTTP/1.1|Host: oc9.hanscees.com|Connection: keep-alive|Content-Length: 194|Cache-Control: max-age=0|Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8|Origin: null|Upgrade-Insecure-Requests: 1|User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.112 Safari/537.36|Content-Type: application/x-www-form-urlencoded|DNT: 1|Accept-Encoding: gzip, deflate|Accept-Language: nl-NL,nl;q=0.8,en-US;q=0.6,en;q=0.4
Firefox works good
192.168.0.2|Mon 11 Apr 2016 22:57:00 +0200|302|2399||POST / HTTP/1.1|Host: oc9.hanscees.com|User-Agent: Mozilla/5.0 (W
indows NT 6.1; WOW64; rv:45.0) Gecko/20100101 Firefox/45.0|Accept: text/html,application/xhtml+xml,application/xml;q=0
.9,*/*;q=0.8|Accept-Language: nl,en-US;q=0.7,en;q=0.3|Accept-Encoding: gzip, deflate, br|DNT: 1|Connection: keep-alive
|Content-Type: application/x-www-form-urlencoded|Content-Length: 194
Authentication in firefox works, but in chrome fails with logging:
192.168.0.2|Mon 11 Apr 2016 22:36:10 +0200|invalid referer while checking for CSRF
Mon 11 Apr 2016 22:36:16 +0200|Reverse proxy timeout for 192.168.0.42
chrome gives an error:
192.168.0.2|Mon 11 Apr 2016 22:52:55 +0200|504|2202||POST / HTTP/1.1|Host: oc9.hanscees.com|Connection: keep-alive|Content-Length: 194|Cache-Control: max-age=0|Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8|Origin: null|Upgrade-Insecure-Requests: 1|User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.112 Safari/537.36|Content-Type: application/x-www-form-urlencoded|DNT: 1|Accept-Encoding: gzip, deflate|Accept-Language: nl-NL,nl;q=0.8,en-US;q=0.6,en;q=0.4
Firefox works good
192.168.0.2|Mon 11 Apr 2016 22:57:00 +0200|302|2399||POST / HTTP/1.1|Host: oc9.hanscees.com|User-Agent: Mozilla/5.0 (W
indows NT 6.1; WOW64; rv:45.0) Gecko/20100101 Firefox/45.0|Accept: text/html,application/xhtml+xml,application/xml;q=0
.9,*/*;q=0.8|Accept-Language: nl,en-US;q=0.7,en;q=0.3|Accept-Encoding: gzip, deflate, br|DNT: 1|Connection: keep-alive
|Content-Type: application/x-www-form-urlencoded|Content-Length: 194
Hugo Leisink
12 April 2016, 14:16
My guess is it's a bug in ownCloud. I've had many issues with it before. I stopped giving it a try. It appears to be more of an Apache application instead of a generic web application.
hanscees
12 April 2016, 22:15
Hmm. To be exact, I have installed hiawatha as a frontend. The backend is an apache server with owncloud.
So the reverse-proxy hiawatha server throws the error. Does that change anything?
I will make a tcpdump.
So the reverse-proxy hiawatha server throws the error. Does that change anything?
I will make a tcpdump.
Hugo Leisink
13 April 2016, 11:26
Did you enable the PreventCSRF option? In that case, turn it off.
This topic has been closed.
Copyright © by Hugo Leisink. All rights reserved.
Built upon the Banshee PHP framework.
Built upon the Banshee PHP framework.
