Trying to complete upgrade, "Possible CSRF attack. Connection will be closed."

I am trying to upgrade from 17.0.9 to 18.0.9 (and eventually 19) but am having difficulty. I am getting a Start Update page, but upon trying to click the button, all I get is the same message, “Possible CSRF attack. Connection will be closed.” My webhost does not provide SSH access, so I am unable to use occ to upgrade. Tried multiple browsers on multiple devices. Tried clearing cookies.

Currently using php 7.2.33, am able to change via cPanel to different minor releases.

Unsure if its related, but I was originally running 16 prior to all this. I had problems getting to 17, but got it completed, mostly. I was getting errors when trying to upload files via both website and WEBDAV. Log message example when trying to upload a photo:

{“reqId”:"######",“level”:0,“time”:“2020-10-03T18:56:27+00:00”,“remoteAddr”:"######",“user”:"######",“app”:“webdav”,“method”:“HEAD”,“url”:"/remote.php/webdav/camera/2020/10/20201001_131624.jpg",“message”:{“Exception”:“Sabre\DAV\Exception\NotFound”,“Message”:“File with name camera/2020/10/20201001_131624.jpg could not be located”,“Code”:0,“Trace”:[{“file”:"/home/######/3rdparty/sabre/dav/lib/DAV/CorePlugin.php",“line”:81,“function”:“getNodeForPath”,“class”:“OCA\DAV\Connector\Sabre\ObjectTree”,“type”:"->",“args”:[“camera/2020/10/20201001_131624.jpg”]},{“function”:“httpGet”,“class”:“Sabre\DAV\CorePlugin”,“type”:"->",“args”:[{“absoluteUrl”:“https://######/remote.php/webdav/camera/2020/10/20201001_131624.jpg”,“class”:“Sabre\HTTP\Request”},{“class”:“Sabre\HTTP\Response”}]},{“file”:"/home/######/3rdparty/sabre/event/lib/EventEmitterTrait.php",“line”:105,“function”:“call_user_func_array”,“args”:[[{“class”:“Sabre\DAV\CorePlugin”},“httpGet”],[{“absoluteUrl”:“https://######/remote.php/webdav/camera/2020/10/20201001_131624.jpg”,“class”:“Sabre\HTTP\Request”},{“class”:“Sabre\HTTP\Response”}]]},{“file”:"/home/######/3rdparty/sabre/dav/lib/DAV/Server.php",“line”:479,“function”:“emit”,“class”:“Sabre\Event\EventEmitter”,“type”:"->",“args”:[“method:GET”,[{“absoluteUrl”:“https://######/remote.php/webdav/camera/2020/10/20201001_131624.jpg”,“class”:“Sabre\HTTP\Request”},{“class”:“Sabre\HTTP\Response”}]]},{“file”:"/home/######/3rdparty/sabre/dav/lib/DAV/CorePlugin.php",“line”:253,“function”:“invokeMethod”,“class”:“Sabre\DAV\Server”,“type”:"->",“args”:[{“absoluteUrl”:“https://######/remote.php/webdav/camera/2020/10/20201001_131624.jpg”,“class”:“Sabre\HTTP\Request”},{“class”:“Sabre\HTTP\Response”},false]},{“function”:“httpHead”,“class”:“Sabre\DAV\CorePlugin”,“type”:"->",“args”:[{“absoluteUrl”:“https://######/remote.php/webdav/camera/2020/10/20201001_131624.jpg”,“class”:“Sabre\HTTP\Request”},{“class”:“Sabre\HTTP\Response”}]},{“file”:"/home/######/3rdparty/sabre/event/lib/EventEmitterTrait.php",“line”:105,“function”:“call_user_func_array”,“args”:[[{“class”:“Sabre\DAV\CorePlugin”},“httpHead”],[{“absoluteUrl”:“https://######/remote.php/webdav/camera/2020/10/20201001_131624.jpg”,“class”:“Sabre\HTTP\Request”},{“class”:“Sabre\HTTP\Response”}]]},{“file”:"/home/######/3rdparty/sabre/dav/lib/DAV/Server.php",“line”:479,“function”:“emit”,“class”:“Sabre\Event\EventEmitter”,“type”:"->",“args”:[“method:HEAD”,[{“absoluteUrl”:“https://######/remote.php/webdav/camera/2020/10/20201001_131624.jpg”,“class”:“Sabre\HTTP\Request”},{“class”:“Sabre\HTTP\Response”}]]},{“file”:"/home/######/3rdparty/sabre/dav/lib/DAV/Server.php",“line”:254,“function”:“invokeMethod”,“class”:“Sabre\DAV\Server”,“type”:"->",“args”:[{“absoluteUrl”:“https://######/remote.php/webdav/camera/2020/10/20201001_131624.jpg”,“class”:“Sabre\HTTP\Request”},{“class”:“Sabre\HTTP\Response”}]},{“file”:"/home/######/apps/dav/appinfo/v1/webdav.php",“line”:80,“function”:“exec”,“class”:“Sabre\DAV\Server”,“type”:"->",“args”:[]},{“file”:"/home/######/remote.php",“line”:163,“args”:["/home/######/apps/dav/appinfo/v1/webdav.php"],“function”:“require_once”}],“File”:"/home/######/apps/dav/lib/Connector/Sabre/ObjectTree.php",“Line”:173,“CustomMessage”:"–"},“userAgent”:“Mozilla/5.0 (Android) Nextcloud-android/3.13.1”,“version”:“17.0.9.2”,“id”:"######"}

I’m not sure it’s the same contexte but with https:// before the url of my nextcloud site it has been ok
if it could be helpfull
Regards :wink:

1 Like

Hello. I’m fighting this too. Did you find a solution (aside from hacking out the checking code?)
Many thanks!

Me too, thank you.
It is helpful, indeed. :slight_smile: