[imp] Upload attachments NOT using Drag'n'Drop
Anton Köstlbacher
horde3 at dingsbums.org
Wed Apr 29 22:46:04 UTC 2015
Am 29.04.2015 um 23:23 schrieb Michael M Slusarz:
> Quoting Anton Köstlbacher <horde3 at dingsbums.org>:
>
>> Hello List,
>>
>> can anyone reproduce this: uploading attachments using drag and drop
>> works fine, using the "normal" dialog does not work at all.
>>
>> Tested with chrome and firefox (latest Horde Webmail 5.2.6., Apache
>> fcgi).
>>
>> Files are uploaded (chrome shows progress til 100%), but do not show
>> up and "Uploading..." never disapears.
>
> Can verify it works fine here, with Chrome 42/Win8.
Thanks! Found it, js errors occuring after upload of file is completed:
Load denied by X-Frame-Options:
https://www.webmail.zz/webmail/services/ajax.php/imp/addAttachment?jsonhtml=1&token=7TERgBtev6mMTpHvxoBS1Ao
does not permit framing.
Error: Permission denied to access property "document"
...unction(sf){this.doActionComplete(form,{responseJSON:(sf.contentDocument||sf.con...
https://www.webmail.zz/webmail/static/29a5f80586645535.js
Line 15 (seems to come from cached version of hordecore.js)
Seems to come from some clickjacking-preventing header. I remembered
changing apache conf for better cipher list, according to
https://cipherli.st/ which additionaly recommends
Header always set X-Frame-Options DENY
Reason found. Change to:
Header always set X-Frame-Options SAMEORIGIN
Works.
More information about the imp
mailing list