Opening pictures fails with CSRF error (wrong requesttoken send)

[SystemKeeper]

How to use GitHub

• Please use the 👍 reaction to show that you are affected by the same issue.
• Please don't comment if you have no relevant information to add. It's just extra noise for everyone subscribed to this issue.
• Subscribe to receive notifications on status change and new comments.

---

Steps to reproduce

1. ? Wait for some time (probably until the request token changed)
2. Open an image in chat

Expected behaviour

Image is opened successfully

Actual behaviour

<?xml version="1.0" encoding="utf-8"?>
<d:error xmlns:d="DAV:" xmlns:s="http://sabredav.org/ns">
  <s:exception>Sabre\DAV\Exception\NotAuthenticated</s:exception>
  <s:message>CSRF check not passed.</s:message>
</d:error>

When investigating the PROPFIND request to get the image, the requesttoken is not the correct one

Talk app

Talk app version: 19.0.2 (seen on c.nc.c)

Browser

Operating system: MacOS

Browser name: Safari

Browser version: 17.5

Browser log

CC @Antreesy: Since we talked about that recently.

[SystemKeeper]

Hm, could be that the viewer is the issue here, judging from:

https://github.com/nextcloud/viewer/blob/0d76e639a00c89d20f92cac5b84e9327d6e52516/src/services/WebdavClient.ts#L27-L32

This sounds very similar to the issue we fixed in #10877.

[SystemKeeper]

Fix in nextcloud/viewer#2339