diff options
| author | thomasb <thomasb@208e9e7b-5314-0410-a742-e7e81cd9613c> | 2011-02-08 08:13:06 +0000 |
|---|---|---|
| committer | thomasb <thomasb@208e9e7b-5314-0410-a742-e7e81cd9613c> | 2011-02-08 08:13:06 +0000 |
| commit | 7c95446d869d392f330f93cda8de91941c99d75b (patch) | |
| tree | cbf75f0f720600e5a51269f8fed3f56635ee6e3c /roundcubemail/config | |
| parent | 3b73335cc73cda7f827e49a44950f886ba38a16b (diff) | |
Add optional referer check to prevent CSRF in GET requests
git-svn-id: https://svn.roundcube.net/trunk@4503 208e9e7b-5314-0410-a742-e7e81cd9613c
Diffstat (limited to 'roundcubemail/config')
| -rw-r--r-- | roundcubemail/config/main.inc.php.dist | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/roundcubemail/config/main.inc.php.dist b/roundcubemail/config/main.inc.php.dist index 7dfca7afb..36c52775a 100644 --- a/roundcubemail/config/main.inc.php.dist +++ b/roundcubemail/config/main.inc.php.dist @@ -212,6 +212,9 @@ $rcmail_config['session_domain'] = ''; // check client IP in session athorization $rcmail_config['ip_check'] = false; +// check referer of incoming requests +$rcmail_config['referer_check'] = false; + // this key is used to encrypt the users imap password which is stored // in the session record (and the client cookie if remember password is enabled). // please provide a string of exactly 24 chars. |
