diff options
-rw-r--r-- | index.php | 2 |
1 files changed, 1 insertions, 1 deletions
@@ -223,7 +223,7 @@ else { // check client X-header to verify request origin if ($OUTPUT->ajax_call) { - if (rcube_utils::request_header('X-Roundcube-Request') != $RCMAIL->get_request_token() && !$RCMAIL->config->get('devel_mode')) { + if (rcube_utils::request_header('X-Roundcube-Request') != $RCMAIL->get_request_token()) { header('HTTP/1.1 403 Forbidden'); die("Invalid Request"); } |