(web) Fix XSRF cookie path when changing password

Fixes #4139
Alinto · Sep 19, 2017 · 789398b · 789398b
1 parent 391410a
commit 789398b
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 0 deletions.
diff --git a/NEWS b/NEWS
@@ -20,6 +20,7 @@ Bug fixes
  - [web] messages list not accessible when changing mailbox in expanded mail view (#4269)
  - [web] only one postal address of same type is saved (#4091)
  - [web] improve handling of email notifications of a calendar properties
+ - [web] fixed XSRF cookie path when changing password (#4139)
  - [eas] hebrew folders encoding problem using EAS (#4240)
 
 3.2.10 (2017-07-05)

diff --git a/UI/MainUI/SOGoRootPage.m b/UI/MainUI/SOGoRootPage.m
@@ -623,6 +623,7 @@ - (WOResponse *) changePasswordAction
       creds = [auth parseCredentials: [authCookie value]];
       xsrfCookie = [WOCookie cookieWithName: @"XSRF-TOKEN"
                                       value: [[SOGoSession valueForSessionKey: [creds lastObject]] asSHA1String]];
+      [xsrfCookie setPath: [NSString stringWithFormat: @"/%@/", [request applicationName]]];
       [response addCookie: xsrfCookie];
     }
   else