[BUG] Share folder or file results in error

[rMustafaOzdogan]

Actual behaviour

I am trying to share a file but I am getting an error.

It was not possible to share this file or folder because of incorrect server configuration owncloud

android not working

Android version: 12

Device model: samsung m21

Stock or customized system:

ownCloud app version: 4.4.0

ownCloud server version: 10.15.0.2

xxx.xxx.xxx.xxx - xxx@xxx [04/Oct/2024:12:12:14 +0000] "POST /ocs/v2.php/apps/files_sharing/api/v1/shares?format=json HTTP/1.1" 500 1102 "-" "Mozilla/5.0 (Android) ownCloud-android/4.4.0"

[JuancaG05]

Hi @rMustafaOzdogan! Thanks for opening a new issue! 🍻

Following the error message, it seems to be a server-related problem. Did you try from other clients (iOS, desktop, web...) with the same server?

In any case, just in case we translate incorrectly the error, some logs would be very useful for us to locate the problem. For this, just go to Settings > Logging > Enable logging, and check the Log HTTP requests and responses as well. Then reproduce the problem again, and you'll generate some logs. When you have this, tell us and we'll provide a link to upload them securely 😀

[rMustafaOzdogan]

I have obtained the log. I am waiting for the link to upload it.

[rMustafaOzdogan]

@JuancaG05 I am waiting for news from you

[JuancaG05]

Hi @rMustafaOzdogan! Here you have:

https://infinite.owncloud.com/s/BfbmQPVlmDiDVpP Password: qEK1!6#sayN,

This is a "Secret file drop" link. That is, only me will be able to see what you upload here, so that you don't have to worry about privacy issues 👍 Also, did you try from other clients (iOS, desktop, web...) as I suggested?

[rMustafaOzdogan]

I uploaded the log file. Yes, I tried it on other clients. I get an error on mobile applications.

[JuancaG05]

Ok, thanks a lot @rMustafaOzdogan, we'll keep you updated about our findings 👍

[jesmrec]

hi @rMustafaOzdogan . I've taken a look to the logs you sent to us.

Your server is returning an internal error 500 to the requests sent by the mobile devices.

This is the Android response (json style):

{
  "response": {
    "body": {
      "data": "{"ocs":{"meta":{"status":"failure","statuscode":500,"message":"CSRF check failed","totalitems":"","itemsperpage":""},"data":[]}}",
      "length": 128
    }
  }
}

and the iOS response (xml style):

<?xml version="1.0"?>
<ocs>
    <meta>
        <status>failure</status>
        <statuscode>500</statuscode>
        <message>CSRF check failed</message>
        <totalitems></totalitems>
        <itemsperpage></itemsperpage>
    </meta>
    <data/>
</ocs>

CSRF means Cross-Site Request Forgery. This is kind of vulnerability in which the attacker tries to perform an action on behalf of an authenticated user that is not aware of that. Your server is detecting that the mobile clients are "attacking" (they are not really doing that).

Do you have any proxy or something in the middle of mobile and server? any server setup?? Do you have any web session in your server that was opened with a web browser in the device?

This does not seem an issue in the mobile clients. As you are using an oC10 server, you can get some support in the oC10 repository or also, in the open community forum

Anyway, thanks for reaching us.

[jesmrec]

@rMustafaOzdogan i will close this one, since this is not related to mobile clients. If you have any other evidence or something that could be relevant for us, please reopen to resume the discussion.

Thanks a lot.