Server:
-debian sid
-Roundcube Webmail 1.1.4
Client:
-win7
-IE11
-Chrome 48.0.2564.97 32-bit
as subject states: with IE all works, if Chrome in incognito => works, standard Chrome (with cache cleared) fails as follows:
-login, click one of the emails once, click delete-icon
/var/log/roundcube/errors states:
[04-Feb-2016 16:36:26 +0200]: <07539npa> PHP Error: Request security check failed (POST /rc/?_task=mail&_action=move?_task=&_action=)
Chrome javascript debug says:
POST http://jyge.no-ip.org/rc/?_task=mail&_action=refresh 403 (Forbidden)
send @ dca.js?pid=39266&cid=49544_893_:3
na.extend.ajax @ dca.js?pid=39266&cid=49544_893_:3
http_post @ app.min.js?s=1451370131:1refresh @ app.min.js?s=1451370131:1
(anonymous function) @ app.min.js?s=1451370131:1
ui.min.js?s=1451370111:1 Uncaught TypeError: q.messagedialog.html(...).dialog is not a functionF @ ui.min.js?s=1451370111:1
rcube_event_engine.triggerEvent @ common.min.js?s=1451370150:1
display_message @ app.min.js?s=1451370131:1
http_error @ app.min.js?s=1451370131:1
$.ajax.error @ app.min.js?s=1451370131:1
j @ dca.js?pid=39266&cid=49544_893_:2
k.fireWith @ dca.js?pid=39266&cid=49544_893_:2
d @ dca.js?pid=39266&cid=49544_893_:3
c @ dca.js?pid=39266&cid=49544_893_:3
Uncaught TypeError: q.messagedialog.html(...).dialog is not a function
F @ ui.min.js?s=1451370111:1
rcube_event_engine.triggerEvent @ common.min.js?s=1451370150:1
display_message @ app.min.js?s=1451370131:1
http_error @ app.min.js?s=1451370131:1
$.ajax.error @ app.min.js?s=1451370131:1
j @ dca.js?pid=39266&cid=49544_893_:2
k.fireWith @ dca.js?pid=39266&cid=49544_893_:2
d @ dca.js?pid=39266&cid=49544_893_:3
c @ dca.js?pid=39266&cid=49544_893_:3
app.min.js?s=1451370131:1 HTTP POST: ./?_task=mail&_action=move
While incognito, no failure to log or javascript debug.
Done two days of googling but nothing that pinpoints solution.
Some refers to legacy_browsers (tried it, didn't help)
http://www.roundcubeforum.net/index.php?topic=22278.0Some hint it could be CSRF (whatever it is..)
https://github.com/alexandregz/twofactor_gauthenticator/issues/24Maybe closest is this closed thread:
https://support.mayfirst.org/ticket/10769Anyway, so far no solution.
Apparently something was changed as this came up after some of the last apt-get update, unfortunately not sure which one.
SOLVED. It was Chrome extension called AS Magic Player. Removing it and it works again.