[horde] We cannot verify that this request was really sent by you.

Paul Faure faurep at agr.gc.ca
Thu Oct 23 19:19:22 UTC 2008

If I open a message and click on forward, it uses this link:


And always throws that error you described.

If instead I over over the word "Forward" and use any of the 3 links
which appear, then I dont get that error:


The difference being the actionID=forwardall instead of

Webmail Edition 1.2
Mail (imp) H3 (4.3)

On Tue, 2008-10-14 at 16:20 -0400, Steve Devine wrote:
> We have one user who is consistently getting this error.
> "We cannot verify that this request was really sent by you. It could  
> be a malicious request."  He will get it 3 or 4 times a day most often  
> right after he has logged in but not always.
> I think this error comes from "function checkRequestToken" in imp/lib/IMP.php
> Whats the purpose of this? I see it gets called from folders.php, mailbox.php
> and message.php
> It's description is "check if a token for form is valid" .. so is this  
> supposed to check for cross-site scripting or some other trickery?
> Any suggestions on trouble shooting this?
> We are running horde-webmail-1.1.3
> Thanks
> Steve Devine
> Email & Storage
> Academic Technical Services
> Michigan State University
> 313 Computer Center
> East Lansing, MI 48824-1042
> 1-517-432-7327
> --
> Horde mailing list - Join the hunt: http://horde.org/bounties/#horde
> Frequently Asked Questions: http://horde.org/faq/
> To unsubscribe, mail: horde-unsubscribe at lists.horde.org

More information about the horde mailing list