external/mailinabox
1
0
Fork 0
mirror of https://github.com/mail-in-a-box/mailinabox.git synced 2025-04-04 00:17:06 +00:00
Code Issues Releases Wiki Activity

Tighten roundcube session config

Browse Source
This commit is contained in:
downtownallday 2022-06-28 07:43:11 -04:00
parent 8ed4fcd363
commit f1cddb5bd1
1 changed files with 6 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
setup/webmail.sh
View File

@ -173,6 +173,12 @@ cat > $RCM_CONFIG <<EOF;
# 'member_filter' => '(|(objectClass=mailGroup)(objectClass=mailUser))', # 'member_filter' => '(|(objectClass=mailGroup)(objectClass=mailUser))',
# ) # )
); );
/* ensure roudcube session id's aren't leaked to other parts of the server */
\$config['session_path'] = '/mail/';
/* prevent CSRF, requires php 7.3+ */
\$config['session_samesite'] = 'Strict';
?> ?>
EOF EOF