On Wed, Sep 10, 2014 at 11:23 AM, Ed W <[email protected]> wrote: > Hi, I recently ran into a problem which I'm documenting here in the hope it > saves others some time (possibly also RC devs could be aware and consider > logging a warning) > > The symptoms are that roundcube mostly works, but hangs with a > Saving/Sending message at the bottom of the screen if you try and save/send. > The browser is "frozen", in that you cannot click on other items on the > page, and it's necessary to close the browser tab or do a full page reload > to escape. > > The resolution was to remove security headers from my default nginx config: > > #add_header X-Frame-Options DENY; > #add_header X-Content-Type-Options nosniff; > > I presume that the iframe option interferes with save/send process, hence > why it breaks. I think it's not unreasonable, however, just documenting the > problem here since it's a common option shown as a good default for a > tightly secured webserver setup.
Thanks for sharing this. There's some basic documentation about webserver config in our wiki: http://trac.roundcube.net/wiki/Howto_Config/Webservers Feel free to update that page. FWIW: Roundcube itself sets the X-Frame-Options headers according to config: https://github.com/roundcube/roundcubemail/blob/master/config/defaults.inc.php#L395 ~Thomas _______________________________________________ Roundcube Users mailing list [email protected] http://lists.roundcube.net/mailman/listinfo/users
