© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
0e1f616
(Get the code!)
Hi Slash, thanks for reporting this bug. As I understand from your logs, it's not even possible to create a nextcloud account; can you please confirm this?
Anyway, this looks like a bug in the Nextcloud server implementation: CSRF is not something that normally affects REST APIs, which are stateless by definition. When registering the account, we are passing username and password with every function call.
Please file a bug against Nextcloud, and write here the link to the report, so that I can comment in case they ask for more information.
For the record, the API we are using when verifying whether the account is valid is /ocs/v1.
https:/
I think they forced the CSRF check on all API, including the public REST APIs, by mistake.