Use global request tokens and automatically protect all POST requests

git-svn-id: https://svn.roundcube.net/trunk@2778 208e9e7b-5314-0410-a742-e7e81cd9613c
author: thomasb <thomasb@208e9e7b-5314-0410-a742-e7e81cd9613c> 2009-07-21 16:02:33 +0000
committer: thomasb <thomasb@208e9e7b-5314-0410-a742-e7e81cd9613c> 2009-07-21 16:02:33 +0000
commit: 06a746b43a418a501e67b47242499a1acd2ba848 (patch)
tree: 8784a3591ac99529265558853d975d30967156b9 /roundcubemail/program/js
parent: de9304fe9b1c3fce460ca79395becefa382ba134 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/roundcubemail/program/js/app.js b/roundcubemail/program/js/app.js
index 332ee877c..4ce354665 100644
--- a/roundcubemail/program/js/app.js
+++ b/roundcubemail/program/js/app.js
@@ -55,7 +55,7 @@ function rcube_webmail()
   // set jQuery ajax options
   jQuery.ajaxSetup({ cache:false,
     error:function(request, status, err){ ref.http_error(request, status, err); },
-    beforeSend:function(xmlhttp){ xmlhttp.setRequestHeader('X-RoundCube-Referer', bw.get_cookie('roundcube_sessid')); }
+    beforeSend:function(xmlhttp){ xmlhttp.setRequestHeader('X-RoundCube-Request', ref.env.request_token); }
   });
 
   // set environment variable(s)
author	thomasb <thomasb@208e9e7b-5314-0410-a742-e7e81cd9613c>	2009-07-21 16:02:33 +0000
committer	thomasb <thomasb@208e9e7b-5314-0410-a742-e7e81cd9613c>	2009-07-21 16:02:33 +0000
commit	06a746b43a418a501e67b47242499a1acd2ba848 (patch)
tree	8784a3591ac99529265558853d975d30967156b9 /roundcubemail/program/js
parent	de9304fe9b1c3fce460ca79395becefa382ba134 (diff)