Quoting "Spiro Harvey, Knossos Networks Ltd" <[EMAIL PROTECTED]>:
...because IMP has a [server][token] setting that determines the lifetime of tokens that protect against XSS attacks. Look at the IMP setup page on the 'server' tab.adding these into my imp/conf.php fixed the problem. $conf['server']['cache_folders'] = true; $conf['server']['token_lifetime'] = 1800; $conf['server']['cachejs'] = 'none'; $conf['server']['cachecss'] = 'none'; I have configured my horde install so that the admin stuff is accessible. it's a pain in the neck to display it all again, and given that horde seems to crap its pants when I so much as look at it askew, I find it best to leave well alone. If the token is a new feature, then it should have been mentioned in the upgrade notes. If it's not a new feature, then why did Imp work before without these settings enabled?
Yes, this is a new feature.
I prefer to be able to control Imp (and horde) through the config files directly.
This is asking for trouble. These files are not designed to be fully configured by hand from scratch.
Am I going to be forced to go into the GUI admin with each update just to see what new undocumented features have been added, or is it reasonable to expect a list of these features and config settings in the upgrade notes?
Major additions _are_ mentioned in the upgrade notes, but this is exactly why we display an out-of-date icon next to the setup for applications whose configuration needs to be updated. We provide reasonable default values for newly added settings (in this case, we set it to 1800 seconds by default) - but you are going to need to at least save the new configuration file....not an unreasonable expectation after a major point upgrade.
Thanks, mike -- The Horde Project (www.horde.org) [EMAIL PROTECTED] "Time just hates me. That's why it made me an adult." - Josh Joplin
pgpJIY3vMhC5H.pgp
Description: PGP Digital Signature
-- IMP mailing list - Join the hunt: http://horde.org/bounties/#imp Frequently Asked Questions: http://horde.org/faq/ To unsubscribe, mail: [EMAIL PROTECTED]
