I seem to get a CSRF error when trying to delete a user or reset his password.I am on Seafile Community 6.1.1 (on Debian Jessie).Can someone confirm that they have the problem as well ?
File and DB Permission are ok?
I suppose because I've never changed the permissions since I installed version 3.0.0.In addition the error message is
[WARNING] django.request:98 _reject Forbidden (CSRF token missing or incorrect.)
This clearly looks like a bug. Last think you can try is to open an incognito tab and see if it works there. If not it's a bug.
I tried with Firefox incognito mode and I unfortunately still have the CSRF error.
Yes, I have the same problem when I click on "Generate" for a download link.
EDIT: it only happens with Firefox 54, Chromium 59 works.
Indeed it works with Chromium. I still haven't found a workaround for Firefox.
I have the same problem for actions like accessing encrypted librarys, deleteing share links etc. Problem occurs with Firefox and Chromium ( and every other browser i tried so far). I noticed that teh X-CSRFToken is not set on such requests (its null). If i fire such a request via curl with the X-CSRFToken set then it's working. Everything is working if i use the client.This problem only occurs if i use wsgi, with fastcgi everything is working fine.Both 6.2.0 and 6.2.2 are affected over here (switched to wsgi with 6.2.0).I'm running 6.2.2 atm behind an apache2 proxy on a debian stretch system.
If anybody is experiencing the same issue, for me it was the apache2 configuration interfering.I had "Header edit Set-Cookie ^(.*)$ $1;HttpOnly;Secure" set which caused my problems.