"CSRF check failed" when using nextcloud/ocs/v1.php/cloud/users API #2753
Description
NextCloud 11 server, we have a php script that add users. It worked well with NextCloud 10.
Steps to reproduce
- code snippet:
$url = 'https://' . $ownAdminname . ':' . $ownAdminpassword . '@nextcloud.example.com/nextcloud/ocs/v1.php/cloud/users';
$nextcloudPOSTArray = array('userid' => $userName, 'password' => $RRpassword );
- curl it to server
Expected behaviour
User created
Actual behaviour
"CSRF check failed"
Server configuration
Operating system: openSUSE 13.2
Web server: Apache2
Database: mysql
PHP version: 5.6.1
Nextcloud version: 11.0.0
Updated from an older Nextcloud/ownCloud or fresh install: updated from 10.0.2
Where did you install Nextcloud from: zip
Signing status:
Signing status
Login as admin user into your Nextcloud and access
http://example.com/index.php/settings/integrity/failed
paste the results here.
No errors have been found.
List of activated apps:
App list
- activity: 2.4.1
- comments: 1.1.0
- dav: 1.1.1
- federatedfilesharing: 1.1.1
- federation: 1.1.1
- files: 1.6.1
- files_pdfviewer: 1.0.1
- files_sharing: 1.1.1
- files_texteditor: 2.2
- files_trashbin: 1.1.0
- files_versions: 1.4.0
- files_videoplayer: 1.0.0
- firstrunwizard: 2.0
- gallery: 16.0.0
- logreader: 2.0.0
- lookup_server_connector: 1.0.0
- nextcloud_announcements: 1.0
- notifications: 1.0.1
- password_policy: 1.1.0
- provisioning_api: 1.1.0
- richdocuments: 1.1.24
- serverinfo: 1.1.1
- sharebymail: 1.0.1
- survey_client: 0.1.5
- systemtags: 1.1.3
- theming: 1.1.1
- twofactor_backupcodes: 1.0.0
- updatenotification: 1.1.1
- user_ldap: 1.1.1
- workflowengine: 1.1.1
Disabled:
- admin_audit
- encryption
- external
- files_accesscontrol
- files_automatedtagging
- files_external
- files_retention
- templateeditor
- user_external
- user_saml
The content of config/config.php:
Config report
{
"system": {
"instanceid": "ociimghhkjug",
"passwordsalt": "***REMOVED SENSITIVE VALUE***",
"secret": "***REMOVED SENSITIVE VALUE***",
"trusted_domains": [
"demo.collaboracloudsuite.com"
],
"datadirectory": "\/srv\/www\/htdocs\/nextcloud\/data",
"overwrite.cli.url": "***REMOVED SENSITIVE VALUE***",
"dbtype": "mysql",
"version": "11.0.0.10",
"logtimezone": "UTC",
"installed": true,
"appstore.experimental.enabled": true,
"maintenance": false,
"dbname": "nextcloud",
"dbhost": "localhost",
"dbuser": "***REMOVED SENSITIVE VALUE***",
"dbpassword": "***REMOVED SENSITIVE VALUE***",
"memcache.local": "\\OC\\Memcache\\APCu",
"loglevel": 0,
"ldapIgnoreNamingRules": false,
"ldapProviderFactory": "\\OCA\\User_LDAP\\LDAPProviderFactory",
"updater.secret": "***REMOVED SENSITIVE VALUE***",
"updater.release.channel": "stable"
}
}```
</details>
**Are you using external storage, if yes which one:** N/A
**Are you using encryption:** no
**Are you using an external user-backend, if yes which one:** N/A
#### Nextcloud log (data/nextcloud.log)
<details>
<summary>Nextcloud log</summary>
{"reqId":"jN8gFgi/7VHz4Yy8Ceec","remoteAddr":"52.51.221.25","app":"no app in context","message":"CSRF check failed","level":0,"time":"2016-12-19T12:24:22+00:00","method":"POST","url":"/nextcloud/ocs/v1.php/cloud/users","user":"admin","version":"11.0.0.10"}
</details>