diff options
| author | thomascube <thomas@roundcube.net> | 2011-02-08 08:13:06 +0000 |
|---|---|---|
| committer | thomascube <thomas@roundcube.net> | 2011-02-08 08:13:06 +0000 |
| commit | a77cf2292b1b5e010172b572f618aef78795456b (patch) | |
| tree | d9fbb4dcfd86852db6528d977838d983bffdda1f /config | |
| parent | 61846d1ad3b0f40ac90e12f8dcd1ac9a95ebd296 (diff) | |
Add optional referer check to prevent CSRF in GET requests
Diffstat (limited to 'config')
| -rw-r--r-- | config/main.inc.php.dist | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/config/main.inc.php.dist b/config/main.inc.php.dist index 7dfca7afb..36c52775a 100644 --- a/config/main.inc.php.dist +++ b/config/main.inc.php.dist @@ -212,6 +212,9 @@ $rcmail_config['session_domain'] = ''; // check client IP in session athorization $rcmail_config['ip_check'] = false; +// check referer of incoming requests +$rcmail_config['referer_check'] = false; + // this key is used to encrypt the users imap password which is stored // in the session record (and the client cookie if remember password is enabled). // please provide a string of exactly 24 chars. |