[horde] Horde form tokens
Andrew Morgan
morgan at orst.edu
Mon Jul 6 20:55:18 UTC 2009
I am running the latest stable releases of Horde (3.3.4) and IMP (4.3.4).
I have a user reporting the following:
-------------------------------------------------------
I've been getting this message a lot, lately, and now it appears when
I want to delete messages:
"We cannot verify that this request was really sent by you. It could
be a malicious request. If you intended to perform this action, you
can retry it now."
1) I log in through the web by use of Safari on my own laptop, using
the wireless available at the house where I'm staying in Australia.
The network name is akck21jk09, but I haven't tracked it down yet.
2) I delete any unwanted messages.
3) I click on purge deleted.
4) Then the message sometimes (not always) appears, "We cannot verify...."
5. Then I try purging again, as the message indicates. Usually it will
let me purge, but sometimes it won't unless I close Safire, reopen,
and log in again.
The irritating message sometimes appears when I try to send a new
message or even when I reply to a message that did not produce any
warning. In that case, after I write my reply, I click send, and
sometimes (not always) the message appears. I reclick on send, and
usually (not always), it permits the message to be sent.
-------------------------------------------------------
Is this triggered by the CSRF form token protection?
Right now, I have the Token System disabled ($conf[token][driver] =
"none").
So far as I know, this is the only person reporting this problem. Any
advice on how I can track down what is happening here?
Thanks,
Andy
More information about the horde
mailing list