Can't save/send HTML emails

[mdesign83]

Name: Afterlogic WebMail Lite PHP Version: 9.6.0.build16-build-a3

I can't save/send drafts created by Afterlogic WebMail Lite PHP. But I can edit/save drafts which are created outside of Afterlogic WebMail Lite PHP, and it's not a HTML email.

Steps to reproduce:

POST /?/Api/
Module="Mail"
Method="SaveMessage"
Parameters="{\"AccountID\":1,\"IdentityID\":100000,\"AliasID\":\"\",\"FetcherID\":\"\",\"DraftInfo\":[],\"DraftUid\":\"36\",\"To\":\"\",\"Cc\":\"\",\"Bcc\":\"\",\"Subject\":\"\",\"Text\":\"<div+data-crea=\\\"font-wrapper\\\"+style=\\\"font-family:+Tahoma,+sans-serif;+font-size:+16px;+direction:+ltr\\\"><div+data-x-div-type=\\\"html\\\"><div+data-x-div-type=\\\"body\\\">test<br></div></div></div>\",\"IsHtml\":true,\"Importance\":3,\"SendReadingConfirmation\":false,\"Attachments\":{},\"InReplyTo\":\"\",\"References\":\"\",\"Sensitivity\":0,\"Method\":\"SaveMessage\",\"ShowReport\":true,\"DraftFolder\":\"INBOX.Drafts\"}"
TenantName="Default"

Returns: HTTP 403 Forbidden

If I change the Text parameter to simple string, then it's working. (strange thing, that I don't have to set IsHtml to false)

POST /?/Api/
Module="Mail"
Method="SaveMessage"
Parameters="{\"AccountID\":1,\"IdentityID\":100000,\"AliasID\":\"\",\"FetcherID\":\"\",\"DraftInfo\":[],\"DraftUid\":\"36\",\"To\":\"\",\"Cc\":\"\",\"Bcc\":\"\",\"Subject\":\"\",\"Text\":\"test\",\"IsHtml\":true,\"Importance\":3,\"SendReadingConfirmation\":false,\"Attachments\":{},\"InReplyTo\":\"\",\"References\":\"\",\"Sensitivity\":0,\"Method\":\"SaveMessage\",\"ShowReport\":true,\"DraftFolder\":\"INBOX.Drafts\"}"
TenantName="Default"

Returns: HTTP 200 OK

[afterlogic-support]

Can you check the error logs of webserver/PHP and locate the actual error that causes the "HTTP 403 Forbidden" message? Assuming there is one, that is.

Also, is my understanding correct that the issue only occurs when API is used? Does this happen if you use WebMail interface directly?

[mdesign83]

There is no error in the error logs. I assume 403 is returned by the design/code. Issue occurs every time when the webmail interface is used. The working sample api request is just made on Firefox dev console with duplicating a failing request, changing the Text parameter from html content to simple text content. That is always enough to make it work. Nothing else changed. I assume the issue is with the Text parameter. Whether on client side or server side, I don't know yet. Where can I get the working files from lite.afterlogic.com site? I would give it a try. It's version is 9.6.1 207. Mine is 9.6.0 163.

[afterlogic-support]

There is no error in the error logs. I assume 403 is returned by the design/code. Issue occurs every time when the webmail interface is used.

I'm wondering if you access WebMail over http or https - if it's http, can you try with https and see if the issue persists?

Where can I get the working files from lite.afterlogic.com site? I would give it a try. It's version is 9.6.1 207. Mine is 9.6.0 163.

Currently, Live Demo shows the upcoming release, version 9.6.1 isn't available yet, we plan to release it shortly.

[mdesign83]

Mea Culpa. The error was generated by ModSecurity. It caught the SaveMessage and GetContacts API call somehow and the request never hit the PHP. Anyway, thank you for the quick support!