summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorthomascube <thomas@roundcube.net>2009-07-02 06:38:26 +0000
committerthomascube <thomas@roundcube.net>2009-07-02 06:38:26 +0000
commite48a10a0d7ba44261ce118c024596f61266ff20a (patch)
tree61ba9a3aa125887411a4981090c1acf3b6e6a25c
parente40091bffd057c8d1dfb7565bfb93f01e9429713 (diff)
Add option to enforce https connections
-rw-r--r--CHANGELOG1
-rw-r--r--config/main.inc.php.dist4
-rw-r--r--index.php7
3 files changed, 11 insertions, 1 deletions
diff --git a/CHANGELOG b/CHANGELOG
index b88aa3f8c..a613b6620 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -1,6 +1,7 @@
CHANGELOG RoundCube Webmail
===========================
+- Added config option to enforce HTTPS connections
- Fix non-unicode characters caching in unicode database (#1484608)
- Performance improvements of messages caching
- Fix empty Date header issue (#1485923)
diff --git a/config/main.inc.php.dist b/config/main.inc.php.dist
index 29f6e12fc..f5e4c7ccc 100644
--- a/config/main.inc.php.dist
+++ b/config/main.inc.php.dist
@@ -50,6 +50,10 @@ $rcmail_config['enable_caching'] = TRUE;
// possible units: s, m, h, d, w
$rcmail_config['message_cache_lifetime'] = '10d';
+// enforce connections over https
+// with this option enabled, all non-secure connections will be redirected
+$rcmail_config['force_https'] = FALSE;
+
// automatically create a new RoundCube user when log-in the first time.
// a new user will be created once the IMAP login succeeds.
// set to false if only registered users can use this service
diff --git a/index.php b/index.php
index e8111b113..2767277f7 100644
--- a/index.php
+++ b/index.php
@@ -2,7 +2,7 @@
/*
+-------------------------------------------------------------------------+
| RoundCube Webmail IMAP Client |
- | Version 0.3-20090419 |
+ | Version 0.3-20090702 |
| |
| Copyright (C) 2005-2009, RoundCube Dev. - Switzerland |
| |
@@ -63,6 +63,11 @@ if ($RCMAIL->action=='error' && !empty($_GET['_code'])) {
raise_error(array('code' => hexdec($_GET['_code'])), FALSE, TRUE);
}
+// check if https is required (for login) and redirect if necessary
+if ($RCMAIL->config->get('force_https', false) && empty($_SESSION['user_id']) && !(isset($_SERVER['HTTPS']) || $_SERVER['SERVER_PORT'] == 443)) {
+ header('Location: https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']);
+ exit;
+}
// trigger startup plugin hook
$startup = $RCMAIL->plugins->exec_hook('startup', array('task' => $RCMAIL->task, 'action' => $RCMAIL->action));