diff options
author | alecpl <alec@alec.pl> | 2010-06-17 08:01:20 +0000 |
---|---|---|
committer | alecpl <alec@alec.pl> | 2010-06-17 08:01:20 +0000 |
commit | 37e467d55cfb0323989127ba04c4e449ce2ed784 (patch) | |
tree | 904ce9b93a7560fbc8bc8ad3f72bd5024d3610b5 | |
parent | 306f15db84b254fe23c2c1bc4a93536e7df24a26 (diff) |
- Fix no-cache headers on https to prevent content caching by proxies (#1486798)
-rw-r--r-- | CHANGELOG | 1 | ||||
-rw-r--r-- | program/include/rcube_shared.inc | 11 |
2 files changed, 7 insertions, 5 deletions
@@ -1,6 +1,7 @@ CHANGELOG RoundCube Webmail =========================== +- Fix no-cache headers on https to prevent content caching by proxies (#1486798) - Fix attachment filenames broken with TNEF decoder using long filenames (#1486795) - Use user's timezone in Date header, not server's timezone (#1486119) - Add option to set separate footer for HTML messages (#1486660) diff --git a/program/include/rcube_shared.inc b/program/include/rcube_shared.inc index 3ab76917d..a643f4438 100644 --- a/program/include/rcube_shared.inc +++ b/program/include/rcube_shared.inc @@ -32,20 +32,21 @@ */ function send_nocacheing_headers() { + global $OUTPUT; + if (headers_sent()) return; header("Expires: ".gmdate("D, d M Y H:i:s")." GMT"); header("Last-Modified: ".gmdate("D, d M Y H:i:s")." GMT"); - header("Cache-Control: private, must-revalidate, post-check=0, pre-check=0"); + header("Cache-Control: private, no-cache, must-revalidate, post-check=0, pre-check=0"); header("Pragma: no-cache"); // Request browser to disable DNS prefetching (CVE-2010-0464) header("X-DNS-Prefetch-Control: off"); - + // We need to set the following headers to make downloads work using IE in HTTPS mode. - if (rcube_https_check()) { - header('Pragma: '); - header('Cache-Control: '); + if ($OUTPUT->browser->ie && rcube_https_check()) { + header('Pragma: private'); } } |