external/mailinabox
1
0
Fork 0
mirror of https://github.com/mail-in-a-box/mailinabox.git synced 2025-04-18 02:32:09 +00:00
Code Issues Releases Wiki Activity

Tighten roundcube session config

Browse Source
This commit is contained in:
downtownallday 2022-06-28 07:46:24 -04:00
parent a6ae0e6da1
commit 800924a213
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
setup/webmail.sh
View File

@ -141,6 +141,10 @@ cat > $RCM_CONFIG <<EOF;
\$config['login_username_filter'] = 'email'; \$config['login_username_filter'] = 'email';
\$config['password_charset'] = 'UTF-8'; \$config['password_charset'] = 'UTF-8';
\$config['junk_mbox'] = 'Spam'; \$config['junk_mbox'] = 'Spam';
/* ensure roudcube session id's aren't leaked to other parts of the server */
\$config['session_path'] = '/mail/';
/* prevent CSRF, requires php 7.3+ */
\$config['session_samesite'] = 'Strict';
?> ?>
EOF EOF