From a77cf2292b1b5e010172b572f618aef78795456b Mon Sep 17 00:00:00 2001
From: thomascube <thomas@roundcube.net>
Date: Tue, 08 Feb 2011 03:13:06 -0500
Subject: [PATCH] Add optional referer check to prevent CSRF in GET requests

---
 config/main.inc.php.dist |    3 +++
 1 files changed, 3 insertions(+), 0 deletions(-)

diff --git a/config/main.inc.php.dist b/config/main.inc.php.dist
index 7dfca7a..36c5277 100644
--- a/config/main.inc.php.dist
+++ b/config/main.inc.php.dist
@@ -212,6 +212,9 @@
 // check client IP in session athorization
 $rcmail_config['ip_check'] = false;
 
+// check referer of incoming requests
+$rcmail_config['referer_check'] = false;
+
 // this key is used to encrypt the users imap password which is stored
 // in the session record (and the client cookie if remember password is enabled).
 // please provide a string of exactly 24 chars.

--
Gitblit v1.9.1