(doc) documented XSRF support and disabled per default for now

Documentation/SOGoInstallationGuide.asciidoc

@@ -735,6 +735,10 @@ any requests being made. Default value is 0, or disabled
 |Number of seconds, defaults to 300 (or 5 minutes). Note that _SOGoCacheCleanupInterval_
 must be set to a value equal or higher than _SOGoRequestBlockInterval_.
 
+|D |SOGoXSRFValidationEnabled
+|Parameter used to enable or not XSRF (also known as CSRF) protection in SOGo.
+Default value is `NO`, or disabled.
+
 |=======================================================================
 
 Authentication using LDAP

Scripts/sogo.conf

@@ -108,6 +108,7 @@
   //SOGoSieveScriptsEnabled = YES;
   //SOGoMailAuxiliaryUserAccountsEnabled = YES;
   //SOGoTrustProxyAuthentication = NO;
+  //SOGoXSRFValidationEnabled = YES;
 
   /* General */
   //SOGoLanguage = English;

SoObjects/SOGo/SOGoDefaults.plist

@@ -6,6 +6,7 @@
     WOPidFile = "/var/run/sogo/sogo.pid";
     WOHTTPAdaptorCapitalizeHeaders = YES;
     WOPort = "127.0.0.1:20000";
+    SOGoXSRFValidationEnabled = NO;
 
     NGImap4ConnectionStringSeparator = "/";
     NGImap4ConnectionGroupIdPrefix = "$";