summaryrefslogtreecommitdiff
path: root/roundcubemail/config
diff options
context:
space:
mode:
authorthomasb <thomasb@208e9e7b-5314-0410-a742-e7e81cd9613c>2011-02-08 08:13:06 +0000
committerthomasb <thomasb@208e9e7b-5314-0410-a742-e7e81cd9613c>2011-02-08 08:13:06 +0000
commit7c95446d869d392f330f93cda8de91941c99d75b (patch)
treecbf75f0f720600e5a51269f8fed3f56635ee6e3c /roundcubemail/config
parent3b73335cc73cda7f827e49a44950f886ba38a16b (diff)
Add optional referer check to prevent CSRF in GET requests
git-svn-id: https://svn.roundcube.net/trunk@4503 208e9e7b-5314-0410-a742-e7e81cd9613c
Diffstat (limited to 'roundcubemail/config')
-rw-r--r--roundcubemail/config/main.inc.php.dist3
1 files changed, 3 insertions, 0 deletions
diff --git a/roundcubemail/config/main.inc.php.dist b/roundcubemail/config/main.inc.php.dist
index 7dfca7afb..36c52775a 100644
--- a/roundcubemail/config/main.inc.php.dist
+++ b/roundcubemail/config/main.inc.php.dist
@@ -212,6 +212,9 @@ $rcmail_config['session_domain'] = '';
// check client IP in session athorization
$rcmail_config['ip_check'] = false;
+// check referer of incoming requests
+$rcmail_config['referer_check'] = false;
+
// this key is used to encrypt the users imap password which is stored
// in the session record (and the client cookie if remember password is enabled).
// please provide a string of exactly 24 chars.