summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAleksander Machniak <alec@alec.pl>2014-06-09 14:16:35 +0200
committerAleksander Machniak <alec@alec.pl>2014-06-09 14:16:35 +0200
commitba5c53e5c3894bcbbc33dfd3271583e44c35de25 (patch)
treeadb5d36645ad1aa1c8a74b41e5bde31ad6aabef4
parent20ac879b4b346cc6ebb73ad65dcd762fb68a9a5d (diff)
Send X-UA-Compatible as HTTP header instead of meta tag
-rw-r--r--index.php1
-rw-r--r--program/lib/Roundcube/rcube_output.php36
-rw-r--r--skins/classic/includes/links.html1
-rw-r--r--skins/larry/includes/links.html1
4 files changed, 20 insertions, 19 deletions
diff --git a/index.php b/index.php
index 3674db1d7..ae5df4000 100644
--- a/index.php
+++ b/index.php
@@ -44,6 +44,7 @@ $RCMAIL = rcmail::get_instance($GLOBALS['env']);
// Make the whole PHP output non-cacheable (#1487797)
$RCMAIL->output->nocacheing_headers();
+$RCMAIL->output->common_headers();
// turn on output buffering
ob_start();
diff --git a/program/lib/Roundcube/rcube_output.php b/program/lib/Roundcube/rcube_output.php
index 1907645b0..55a38b240 100644
--- a/program/lib/Roundcube/rcube_output.php
+++ b/program/lib/Roundcube/rcube_output.php
@@ -44,7 +44,6 @@ abstract class rcube_output
$this->browser = new rcube_browser();
}
-
/**
* Magic getter
*/
@@ -60,7 +59,6 @@ abstract class rcube_output
return null;
}
-
/**
* Setter for output charset.
* To be specified in a meta tag and sent as http-header
@@ -72,7 +70,6 @@ abstract class rcube_output
$this->charset = $charset;
}
-
/**
* Getter for output charset
*
@@ -83,7 +80,6 @@ abstract class rcube_output
return $this->charset;
}
-
/**
* Set environment variable
*
@@ -95,7 +91,6 @@ abstract class rcube_output
$this->env[$name] = $value;
}
-
/**
* Environment variable getter.
*
@@ -108,7 +103,6 @@ abstract class rcube_output
return $this->env[$name];
}
-
/**
* Delete all stored env variables and commands
*/
@@ -117,7 +111,6 @@ abstract class rcube_output
$this->env = array();
}
-
/**
* Invoke display_message command
*
@@ -129,7 +122,6 @@ abstract class rcube_output
*/
abstract function show_message($message, $type = 'notice', $vars = null, $override = true, $timeout = 0);
-
/**
* Redirect to a certain url.
*
@@ -138,13 +130,11 @@ abstract class rcube_output
*/
abstract function redirect($p = array(), $delay = 1);
-
/**
* Send output to the client.
*/
abstract function send();
-
/**
* Send HTTP headers to prevent caching a page
*/
@@ -157,9 +147,6 @@ abstract class rcube_output
header("Expires: ".gmdate("D, d M Y H:i:s")." GMT");
header("Last-Modified: ".gmdate("D, d M Y H:i:s")." GMT");
- // Request browser to disable DNS prefetching (CVE-2010-0464)
- header("X-DNS-Prefetch-Control: off");
-
// We need to set the following headers to make downloads work using IE in HTTPS mode.
if ($this->browser->ie && rcube_utils::https_check()) {
header('Pragma: private');
@@ -178,14 +165,32 @@ abstract class rcube_output
*/
public function future_expire_header($offset = 2600000)
{
- if (headers_sent())
+ if (headers_sent()) {
return;
+ }
header("Expires: " . gmdate("D, d M Y H:i:s", time()+$offset) . " GMT");
header("Cache-Control: max-age=$offset");
header("Pragma: ");
}
+ /**
+ * Send browser compatibility/security/etc. headers
+ */
+ public function common_headers()
+ {
+ if (headers_sent()) {
+ return;
+ }
+
+ // Unlock IE compatibility mode
+ if ($this->browser->ie) {
+ header('X-UA-Compatible: IE=edge');
+ }
+
+ // Request browser to disable DNS prefetching (CVE-2010-0464)
+ header("X-DNS-Prefetch-Control: off");
+ }
/**
* Show error page and terminate script execution
@@ -200,7 +205,6 @@ abstract class rcube_output
exit(-1);
}
-
/**
* Create an edit field for inclusion on a form
*
@@ -253,7 +257,6 @@ abstract class rcube_output
return $out;
}
-
/**
* Convert a variable into a javascript object notation
*
@@ -269,5 +272,4 @@ abstract class rcube_output
// that's why we have @ here
return @json_encode($input);
}
-
}
diff --git a/skins/classic/includes/links.html b/skins/classic/includes/links.html
index 2f6ef0119..8ff57c229 100644
--- a/skins/classic/includes/links.html
+++ b/skins/classic/includes/links.html
@@ -1,4 +1,3 @@
-<meta http-equiv="X-UA-Compatible" content="IE=EDGE" />
<link rel="index" href="$__comm_path" />
<link rel="shortcut icon" href="/images/favicon.ico"/>
<link rel="stylesheet" type="text/css" href="/common.css" />
diff --git a/skins/larry/includes/links.html b/skins/larry/includes/links.html
index ce9863a6c..a49e58826 100644
--- a/skins/larry/includes/links.html
+++ b/skins/larry/includes/links.html
@@ -1,4 +1,3 @@
-<meta http-equiv="X-UA-Compatible" content="IE=EDGE" />
<meta name="viewport" content="" id="viewport" />
<link rel="shortcut icon" href="/images/favicon.ico"/>
<link rel="stylesheet" type="text/css" href="/styles.css" />