external/mailinabox
1
0
Fork 0
mirror of https://github.com/mail-in-a-box/mailinabox.git synced 2025-04-03 00:07:05 +00:00
Code Issues Releases Wiki Activity

Move session.cookie_path variable for Roundcube to Nginx config

Browse Source 
This preserves the security of the default configuration while allowing greater flexibility for advanced configurations
This commit is contained in:
MrWinux 2025-03-29 15:47:35 +01:00 committed by winux
parent 3efd4257b5
commit dbb9cb7e33
2 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
conf/nginx-alldomains.conf
View File

@ -42,6 +42,8 @@
fastcgi_split_path_info ^/mail(/.*)()$; fastcgi_split_path_info ^/mail(/.*)()$;
fastcgi_index index.php; fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /usr/local/lib/roundcubemail/$fastcgi_script_name; fastcgi_param SCRIPT_FILENAME /usr/local/lib/roundcubemail/$fastcgi_script_name;
# ensure roudcube session id's aren't leaked to other parts of the server
fastcgi_param PHP_VALUE "session.cookie_path=/mail/";
fastcgi_pass php-fpm; fastcgi_pass php-fpm;
# Outgoing mail also goes through this endpoint, so increase the maximum # Outgoing mail also goes through this endpoint, so increase the maximum

2
setup/webmail.sh
View File

@ -141,8 +141,6 @@ cat > $RCM_CONFIG <<EOF;
\$config['login_username_filter'] = 'email'; \$config['login_username_filter'] = 'email';
\$config['password_charset'] = 'UTF-8'; \$config['password_charset'] = 'UTF-8';
\$config['junk_mbox'] = 'Spam'; \$config['junk_mbox'] = 'Spam';
/* ensure roudcube session id's aren't leaked to other parts of the server */
\$config['session_path'] = '/mail/';
/* prevent CSRF, requires php 7.3+ */ /* prevent CSRF, requires php 7.3+ */
\$config['session_samesite'] = 'Strict'; \$config['session_samesite'] = 'Strict';
\$config['quota_zero_as_unlimited'] = true; \$config['quota_zero_as_unlimited'] = true;