davcal is unmaintained, no further fixes will be implemented from my side.

Finally, this should be fixed in rDAVCALe4bc2b1c0d4a53495d69bc0e916c5e70b3941ea2. Feel free to reopen if it doesn't work as intended.

OK. Thank you for your analysis. I will try it. Many thanks.

Thanks - DokuWiki thinks the request is a CSRF attack. The reason is that some requests are performed to your uppercase URL and some to your lowercase URL. I suppose that IIS invokes separate PHP instances for the different URLs and thus the security tokens do not match.

Then we need to go the more complicated route and I have to ask for more details:

Unfortunately, that's not possible. We are using DokuWiki in our Intranet. Access from outside isn't possible.

OK, then my theory is probably wrong :(

Sorry, I've forgotten to write that we are using IIS. You are right, DokuWiki and dokuwiki are separate folders – on UNIX systems. But using IIS on Windows Server, both names refer to the same directory. Therefore, we are able to use both styles. It works with all pages except pages using davcal.

Short answer: dokuwiki and DokuWiki are - usually - two separate folders and you should *never* mix them.

Thanks for the patch, I'll review and apply it as soon as possible (there is another patch pending that arrived via E-Mail that needs some work as well).

OK - it sounds feasible and would need to be done entirely in JavaScript. Unfortunately, at the moment, I don't really have the time to work on this.
If you want to give it a try, I'd be happy to give you some guidance. If not, it's going to take a while, I'm afraid.

Yes, this is exactly what I meant.

Could you be a bit more specific with what you mean? What exactly should the setting prevent/disable/disallow?

Thanks for the report. I do not use Google calendar, so I never had the necessity to implement it (I only sync against Nextcloud).