Nextcloud version (eg, 20.0.5): 27.1.8
Operating system and version (eg, Ubuntu 20.04): webhosted
Apache or nginx version (eg, Apache 2.4.25): webhosted
PHP version (eg, 7.4): 8.3
The issue you are facing:
There is an error protocolled CSRF check failed
Is this the first time you’ve seen this error? (Y/N): Y
Steps to replicate it:
- Open Admin Log
The output of your Nextcloud log in Admin > Logging:
OC\AppFramework\Middleware\Security\Exceptions\CrossSiteRequestForgeryException: CSRF check failed
/www/htdocs/TOPSECRET/lib/private/AppFramework/Middleware/MiddlewareDispatcher.php - line 96:
OC\AppFramework\Middleware\Security\SecurityMiddleware->beforeController([ "OCA\\Prov ... "], "getGroups")
/www/htdocs/TOPSECRET/lib/private/AppFramework/Http/Dispatcher.php - line 129:
OC\AppFramework\Middleware\MiddlewareDispatcher->beforeController([ "OCA\\Prov ... "], "getGroups")
/www/htdocs/TOPSECRET/lib/private/AppFramework/App.php - line 183:
OC\AppFramework\Http\Dispatcher->dispatch([ "OCA\\Prov ... "], "getGroups")
/www/htdocs/TOPSECRET/lib/private/Route/Router.php - line 315:
OC\AppFramework\App::main("OCA\\Provis ... r", "getGroups", [ "OC\\AppFr ... "], [ "ocs.provi ... "])
/www/htdocs/TOPSECRET/ocs/v1.php - line 65:
OC\Route\Router->match("/ocsapp/cloud/groups")
/www/htdocs/TOPSECRET/ocs/v2.php - line 23:
require_once("/www/htdocs ... p")
The output of your config.php file in /path/to/nextcloud
(make sure you remove any identifiable information!):
<?php
$CONFIG = array (
'instanceid' => 'SuperId',
'passwordsalt' => 'SuperSecure',
'secret' => 'SuperSecret',
'trusted_domains' =>
array (
0 => 'ushur.bestof.world',
),
'datadirectory' => '/www/htdocs/TOPSECRET/data',
'dbtype' => 'mysql',
'version' => '27.1.8.1',
'overwrite.cli.url' => 'ushur.bestof.world',
'dbname' => 'yes',
'dbhost' => 'localhost',
'dbport' => '',
'dbtableprefix' => 'oc_',
'mysql.utf8mb4' => true,
'dbuser' => 'yes',
'dbpassword' => 'Password1',
'installed' => true,
'tempdirectory' => '/www/htdocs/TOPSECRET/data/tmp',
'profile.enabled' => true,
'default_language' => 'de',
'default_locale' => 'de_DE',
'default_phone_region' => 'DE',
'versions_retention_obligation' => '90, auto',
'account_manager.default_property_scope' =>
array (
'email' => 'v2-private',
'displayname' => 'v2-local',
),
'maintenance' => false,
'theme' => '',
'loglevel' => 0,
'mail_smtpmode' => 'smtp',
'mail_smtphost' => 'MyServer',
'mail_sendmailmode' => 'smtp',
'mail_smtpport' => '465',
'mail_smtpsecure' => 'ssl',
'mail_from_address' => 'yes',
'mail_domain' => 'BestDomain.ever',
'mail_smtpauth' => 1,
'mail_smtpname' => 'yes@funny.world',
'mail_smtppassword' => 'MyPassword',
'updater.secret' => 'SuperSecret',
'skeletondirectory' => '/www/htdocs/TOPSECRET/data/skeleton-neu',
);
The output of your Apache/nginx/system log in /var/log/____
:
Don't have that webhosted
Output errors in nextcloud.log in /var/www/ or as admin user in top right menu, filtering for errors. Use a pastebin service if necessary.
{"reqId":"ZhhaN_R49fs2hSXTC_ZuIAAAmRQ","level":0,"time":"2024-04-11T21:46:31+00:00","remoteAddr":"95.223.39.107","user":"hol_admin_ingo","app":"no app in context","method":"GET","url":"/index.php/apps/bruteforcesettings/ipwhitelist","message":"CSRF check failed","userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0","version":"27.1.8.1","exception":{"Exception":"OC\\AppFramework\\Middleware\\Security\\Exceptions\\CrossSiteRequestForgeryException","Message":"CSRF check failed","Code":412,"Trace":[{"file":"/www/htdocs/TOPSECRET/lib/private/AppFramework/Middleware/MiddlewareDispatcher.php","line":96,"function":"beforeController","class":"OC\\AppFramework\\Middleware\\Security\\SecurityMiddleware","type":"->","args":[["OCA\\BruteForceSettings\\Controller\\IPWhitelistController"],"getAll"]},{"file":"/www/htdocs/TOPSECRET/lib/private/AppFramework/Http/Dispatcher.php","line":129,"function":"beforeController","class":"OC\\AppFramework\\Middleware\\MiddlewareDispatcher","type":"->","args":[["OCA\\BruteForceSettings\\Controller\\IPWhitelistController"],"getAll"]},{"file":"/www/htdocs/TOPSECRET/lib/private/AppFramework/App.php","line":183,"function":"dispatch","class":"OC\\AppFramework\\Http\\Dispatcher","type":"->","args":[["OCA\\BruteForceSettings\\Controller\\IPWhitelistController"],"getAll"]},{"file":"/www/htdocs/TOPSECRET/lib/private/Route/Router.php","line":315,"function":"main","class":"OC\\AppFramework\\App","type":"::","args":["OCA\\BruteForceSettings\\Controller\\IPWhitelistController","getAll",["OC\\AppFramework\\DependencyInjection\\DIContainer"],["bruteforcesettings.IPWhitelist.getAll"]]},{"file":"/www/htdocs/TOPSECRET/lib/base.php","line":1068,"function":"match","class":"OC\\Route\\Router","type":"->","args":["/apps/bruteforcesettings/ipwhitelist"]},{"file":"/www/htdocs/TOPSECRET/index.php","line":38,"function":"handleRequest","class":"OC","type":"::","args":[]}],"File":"/www/htdocs/TOPSECRET/lib/private/AppFramework/Middleware/Security/SecurityMiddleware.php","Line":224,"message":"CSRF check failed","exception":{},"CustomMessage":"CSRF check failed"}}