From a77cf2292b1b5e010172b572f618aef78795456b Mon Sep 17 00:00:00 2001
From: thomascube <thomas@roundcube.net>
Date: Tue, 8 Feb 2011 08:13:06 +0000
Subject: Add optional referer check to prevent CSRF in GET requests

---
 config/main.inc.php.dist | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'config')

diff --git a/config/main.inc.php.dist b/config/main.inc.php.dist
index 7dfca7afb..36c52775a 100644
--- a/config/main.inc.php.dist
+++ b/config/main.inc.php.dist
@@ -212,6 +212,9 @@ $rcmail_config['session_domain'] = '';
 // check client IP in session athorization
 $rcmail_config['ip_check'] = false;
 
+// check referer of incoming requests
+$rcmail_config['referer_check'] = false;
+
 // this key is used to encrypt the users imap password which is stored
 // in the session record (and the client cookie if remember password is enabled).
 // please provide a string of exactly 24 chars.
-- 
cgit v1.2.3