CSRF protection

2017-05-15 11:37:12 +02:00
parent fccdabb113
commit e91c6916ab
6 changed files with 37 additions and 23 deletions
--- a/data/web/mailbox.php
+++ b/data/web/mailbox.php
@@ -172,6 +172,7 @@ $_SESSION['return_to'] = $_SERVER['REQUEST_URI'];
 <?php
 $lang_mailbox = json_encode($lang['mailbox']);
 echo "var lang = ". $lang_mailbox . ";\n";
+echo "var csrf_token = '". $_SESSION['CSRF']['TOKEN'] . "';\n";
 $role = ($_SESSION['mailcow_cc_role'] == "admin") ? 'admin' : 'domainadmin';
 echo "var role = '". $role . "';\n";
 echo "var pagination_size = '". $PAGINATION_SIZE . "';\n";