We are happy to announce that Vesta is back under active development as of 25 February 2024. We are working on v1 candidate and expect to engage more with the community over the coming months. We are committed to open source, and we encourage contributors to help us build the future of Vesta.
Owncloud 9.x or 10.x CSRF check failed
Owncloud 9.x or 10.x CSRF check failed
Hi everyone,
Using Centos 6.9 with Vesta 0.9.18
Need some help here. I have tried to install Owncloud v9.1.7 and Owncloud 10.0.3 and both are installing fine but when logging in the first time I always get this:
Access forbidden
CSRF check failed
I have looked at the Owncloud help and it seems something to do with PHP config.
https://github.com/owncloud/core/issues ... -262703655
I have tried the fixes suggested:
- A too low or wrong configured post_max_size
- enable_post_data_reading = 0 or Off in php.ini
- session.auto_start = 1 or On in php.ini
- Outdated oC version
I have not tried:
- Missing permissions or wrong configured session.save_path
As i am not 100% what that means yet.
Does anyone have any other suggestions?
Thanks
Using Centos 6.9 with Vesta 0.9.18
Need some help here. I have tried to install Owncloud v9.1.7 and Owncloud 10.0.3 and both are installing fine but when logging in the first time I always get this:
Access forbidden
CSRF check failed
I have looked at the Owncloud help and it seems something to do with PHP config.
https://github.com/owncloud/core/issues ... -262703655
I have tried the fixes suggested:
- A too low or wrong configured post_max_size
- enable_post_data_reading = 0 or Off in php.ini
- session.auto_start = 1 or On in php.ini
- Outdated oC version
I have not tried:
- Missing permissions or wrong configured session.save_path
As i am not 100% what that means yet.
Does anyone have any other suggestions?
Thanks
Re: Owncloud 9.x or 10.x CSRF check failed
OK, worked it out myself.
It was this point:
- Missing permissions or wrong configured session.save_path
Specifically, the permission to the php 'tmp' directory in this case. I create a phpinfo.php to see what the tmp directory was and per VestaCP standard it was
session.save_path /home/myusername/tmp
so i checked the permissions to /tmp and it was set to 771
I did a quick "chmod 777 tmp" and refreshed the page and it worked. I know that I should not leave it as 777 so I am curious as to why httpd/php does not have access to this dir if its specified as a tmp directory?
UPDATE: It seems it needs a chmod 667 for it to function. Still would like to know why ??
Thanks
It was this point:
- Missing permissions or wrong configured session.save_path
Specifically, the permission to the php 'tmp' directory in this case. I create a phpinfo.php to see what the tmp directory was and per VestaCP standard it was
session.save_path /home/myusername/tmp
so i checked the permissions to /tmp and it was set to 771
I did a quick "chmod 777 tmp" and refreshed the page and it worked. I know that I should not leave it as 777 so I am curious as to why httpd/php does not have access to this dir if its specified as a tmp directory?
UPDATE: It seems it needs a chmod 667 for it to function. Still would like to know why ??
Thanks