[Tickets #9289] Re: Cannot save preferences after upgrade to 1.2.7. We cannot verify that this request was really sent by you. It could be a malicious request.

bugs at horde.org bugs at horde.org
Mon Mar 7 22:59:02 UTC 2011 

DO NOT REPLY TO THIS MESSAGE. THIS EMAIL ADDRESS IS NOT MONITORED.

Ticket URL: http://bugs.horde.org/ticket/9289
------------------------------------------------------------------------------
  Ticket             | 9289
  Updated By         | twoodard at woodardenterprises.com
  Summary            | Cannot save preferences after upgrade to 1.2.7. We
                     | cannot verify that this request was really sent by you.
                     | It could be a malicious request.
  Queue              | Horde Groupware Webmail Edition
  Version            | 1.2.7
  Type               | Bug
  State              | Resolved
  Priority           | 3. High
  Milestone          | 1.2.8
  Patch              |
  Owners             | Horde Developers, Jan Schneider, Michael Slusarz
------------------------------------------------------------------------------


twoodard at woodardenterprises.com (2011-03-07 22:59) wrote:

> The users cannot save their preferences anymore.
> They get the dreaded "We cannot verify that this request was really  
> sent by you. It could be a malicious request. If you intended to  
> perform this action, you can retry it now"
>
> It also happens without having to save anything, by just going to the page:
> services/prefs.php?app=imp&group=identities
>
> There is nothing in the Horde log, appart from
> IMAP errors: SECURITY PROBLEM: insecure server advertised AUTH=PLAIN
>
> I've tried disabling tokens, cookies, nothing helped.
> The server is running a dual IP stack (v4 and v6). Net_DNS has been  
> removed because it doesn't work with IPv6.
> We're using PHP sessions.

Folks,

I just had a new client call me about this issue when she logged into  
her webmail. I just wanted to attach my findings. In her case, when i  
had Virus Scan turned on to verify and check webpages, this error  
appeared, but when i turn it off the problem went away. So it looks  
like my issue is when a virus scan program is being utilized to verify  
webpages the error occurs. Basically you are creating your own  
personal proxy scanner, so this could be why it doesn't think it is  
coming from the same source.

Don't know if this helps you at all, just wanted to share my findings.

More information about the bugs mailing list