summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authoralecpl <alec@alec.pl>2010-06-17 08:01:20 +0000
committeralecpl <alec@alec.pl>2010-06-17 08:01:20 +0000
commit37e467d55cfb0323989127ba04c4e449ce2ed784 (patch)
tree904ce9b93a7560fbc8bc8ad3f72bd5024d3610b5
parent306f15db84b254fe23c2c1bc4a93536e7df24a26 (diff)
- Fix no-cache headers on https to prevent content caching by proxies (#1486798)
-rw-r--r--CHANGELOG1
-rw-r--r--program/include/rcube_shared.inc11
2 files changed, 7 insertions, 5 deletions
diff --git a/CHANGELOG b/CHANGELOG
index f4b13d7e6..9ecbbe60d 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -1,6 +1,7 @@
CHANGELOG RoundCube Webmail
===========================
+- Fix no-cache headers on https to prevent content caching by proxies (#1486798)
- Fix attachment filenames broken with TNEF decoder using long filenames (#1486795)
- Use user's timezone in Date header, not server's timezone (#1486119)
- Add option to set separate footer for HTML messages (#1486660)
diff --git a/program/include/rcube_shared.inc b/program/include/rcube_shared.inc
index 3ab76917d..a643f4438 100644
--- a/program/include/rcube_shared.inc
+++ b/program/include/rcube_shared.inc
@@ -32,20 +32,21 @@
*/
function send_nocacheing_headers()
{
+ global $OUTPUT;
+
if (headers_sent())
return;
header("Expires: ".gmdate("D, d M Y H:i:s")." GMT");
header("Last-Modified: ".gmdate("D, d M Y H:i:s")." GMT");
- header("Cache-Control: private, must-revalidate, post-check=0, pre-check=0");
+ header("Cache-Control: private, no-cache, must-revalidate, post-check=0, pre-check=0");
header("Pragma: no-cache");
// Request browser to disable DNS prefetching (CVE-2010-0464)
header("X-DNS-Prefetch-Control: off");
-
+
// We need to set the following headers to make downloads work using IE in HTTPS mode.
- if (rcube_https_check()) {
- header('Pragma: ');
- header('Cache-Control: ');
+ if ($OUTPUT->browser->ie && rcube_https_check()) {
+ header('Pragma: private');
}
}