Riseup webmail with TOR

Ingis wrote...
when I use riseup webmail with TOR, it works well. But the problem is when I disconnect from riseup webmail. I arrive at this adress : http://zsolxunfmbfuq7wf.onion/rc/?_task=logout
And with this error message :
For your protection, access to this resource is secured against CSRF.
If you see this, you probably didn't log out before leaving the web application.

Human interaction is now required to continue.

Please contact your server-administrator.

If I came back to the webmail adress, I'm not disconnected. What hapened ? What is the solution ?
Upvote | 1
Cyanolyca turcosa ecua4944
Urraca De Cuello Negro replied...

We didn't know about this problem, and yes, there is an important issue here. I'm taking a note to discuss which options we have to fix it, any news I have i will update this ticket
Upvote | 0
Crossbill replied...

I can only replicate this problem when I have tor browser's security settings set to Medium or High. Are you using Tor Browser and what are your Security settings set to?

Its a bit curious because on Medium, Javascript is restricted and I cannot even view any of my emails in roundcube, the entire site is not really functional at that level.
Upvote | 0
Crossbill replied...
Actually, now that I think a little more - the reason this happens is because Torbrowser's Medium security setting disables javascript on sites that are not using https, which is the case for an onion address. There is a bug for this in tor's issue tracker to not disable JS for sites that are loaded over onions (https://trac.torproject.org/projects/tor/ticket/21004) - but until that is fixed, I'd suggest you lower your security settings if you are going to use webmail to check your mail over .onion.
Upvote | 0