From 789398bd271d21b6a1e34b8f7beaab38fe126274 Mon Sep 17 00:00:00 2001
From: Francis Lachapelle <flachapelle@inverse.ca>
Date: Tue, 19 Sep 2017 09:44:37 -0400
Subject: [PATCH] (web) Fix XSRF cookie path when changing password

Fixes #4139
---
 NEWS                     | 1 +
 UI/MainUI/SOGoRootPage.m | 1 +
 2 files changed, 2 insertions(+)

diff --git a/NEWS b/NEWS
index 334842afc..3164e3b33 100644
--- a/NEWS
+++ b/NEWS
@@ -20,6 +20,7 @@ Bug fixes
  - [web] messages list not accessible when changing mailbox in expanded mail view (#4269)
  - [web] only one postal address of same type is saved (#4091)
  - [web] improve handling of email notifications of a calendar properties
+ - [web] fixed XSRF cookie path when changing password (#4139)
  - [eas] hebrew folders encoding problem using EAS (#4240)
 
 3.2.10 (2017-07-05)
diff --git a/UI/MainUI/SOGoRootPage.m b/UI/MainUI/SOGoRootPage.m
index a31839864..668383a09 100644
--- a/UI/MainUI/SOGoRootPage.m
+++ b/UI/MainUI/SOGoRootPage.m
@@ -623,6 +623,7 @@
       creds = [auth parseCredentials: [authCookie value]];
       xsrfCookie = [WOCookie cookieWithName: @"XSRF-TOKEN"
                                       value: [[SOGoSession valueForSessionKey: [creds lastObject]] asSHA1String]];
+      [xsrfCookie setPath: [NSString stringWithFormat: @"/%@/", [request applicationName]]];
       [response addCookie: xsrfCookie];
     }
   else