LupusNobilis
/
sogo
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

docs: add notice regarding the HttpOnly flag and XSRF 

Fixes #5342
pull/299/head
Francis Lachapelle 2021-07-05 11:33:07 -04:00
parent db46b4ae09
commit f8f4de6020
1 changed files with 4 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
Documentation/SOGoInstallationGuide.asciidoc
View File

@ -774,7 +774,9 @@ any requests being made. Default value is 0, or disabled
must be set to a value equal or higher than _SOGoRequestBlockInterval_.
|S |SOGoXSRFValidationEnabled
|Parameter used to enable or not XSRF (also known as CSRF) protection in SOGo.
|Parameter used to enable or not XSRF (Cross-site request forgery, also known as CSRF) protection in
SOGo. Make sure your Web server configuration *doesn't* add the `HttpOnly` flag to the `Set-Cookie`
header as the CSRF token cookie is intended to be read by the JavaScript by design.
Default value is `YES`, or enabled.
|D |SOGoUserSources
@ -1053,7 +1055,7 @@ URLs examples:
* `ldaps://127.0.0.1`
* `ldap://127.0.0.1/????!StartTLS`
|port(deprecated)
|port (deprecated)
|Port number of the LDAP server.
A non-default port should be part of the ldap URL in the hostname