Hi You were introducing (better) CSRF protection in RC 0.5.1. In RC 0.5 we were able to provide our own custom login forms (on a different domain) for Roundcube. In 0.5.1 those forms no longer work, probably due to the missing "_token" POST request param. We're getting redirected to the login form right after submitting the login credentials.
We provide both "_user" and "_pass" input fields but are not able to provide the hidden "_token" field as this token gets generated by RC. Example login form that works perfectly under RC 0.5: https://my.onlime.ch/index/webmail Is there any workaround for this in RC 0.5.1? I couldn't find any hints about custom login forms in your Wiki. Thanks! Regards, Philip _______________________________________________ List info: http://lists.roundcube.net/dev/ BT/8f4f07cd
