I have written an application to help me migrate thousands of files from another system into our Nextcloud.
This sometimes works, and sometimes I get CSRF check not passed. errors. These errors do not appear in my nextcloud.log, but are passed back to my application.
Here are the details of what I am sending and receiving:
Can someone explain what I have to do to prevent this happening?
Note that I have removed individual user and folder names, and other info. The user and folder1 above exist. The authorisation string is OK (works elsewhere).
I guess I could write some code to reproduce the problem on our server. Of course, the code would then reveal the admin name and password on our server, which might not be a good idea. (The auth string contains the admin name and password.)
If I could find where the check happens, I could perhaps help debug it, but I don’t know that.
PASS CSRF checks? I haven’t found ANY documentation on this so far!
As workaround I would try to tell the Nextcloud server that I’m a official client To debug this further could you validate that the request also fails with curl and if so share the curl command? Also Nextcloud’s “dav implementation” has some strange oddities like requiring cookies. It’s actually stateless but Nextcloud sometimes expects some cookies to be set.
I’ve got a bit further with this - I think it works if you clear your cookies. I was opening a connection to Nextcloud, with a cookie container, and leaving it open for days on end.
I changed the code to close the connection and open a new one with a new, empty cookie container every few minutes, and it’s OK now.