From f1cddb5bd11f8698f754faf9115dfa55a5dc5822 Mon Sep 17 00:00:00 2001
From: downtownallday <downtownallday@gmail.com>
Date: Tue, 28 Jun 2022 07:43:11 -0400
Subject: [PATCH] Tighten roundcube session config

---
 setup/webmail.sh | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/setup/webmail.sh b/setup/webmail.sh
index dd28b47f..4214252f 100755
--- a/setup/webmail.sh
+++ b/setup/webmail.sh
@@ -173,6 +173,12 @@ cat > $RCM_CONFIG <<EOF;
     # 	'member_filter'   => '(|(objectClass=mailGroup)(objectClass=mailUser))',
     # )
 );
+
+/* ensure roudcube session id's aren't leaked to other parts of the server */
+\$config['session_path'] = '/mail/';
+
+/* prevent CSRF, requires php 7.3+ */
+\$config['session_samesite'] = 'Strict';
 ?>
 EOF