summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAleksander Machniak <alec@alec.pl>2013-03-14 09:30:13 +0100
committerAleksander Machniak <alec@alec.pl>2013-03-14 09:30:13 +0100
commitdaddbf2555f48047ae600e5db454d02b287e2c64 (patch)
tree470c90a13d6f7b31ebc51f80470ad6925fdba96e
parentbfa667ab022c3efa1b7da8bd2ffe27dcf8959c79 (diff)
Better handling of session errors in ajax requests - do page reload
on 403 Forbidden response (#1488960)
-rw-r--r--CHANGELOG1
-rw-r--r--program/js/app.js8
2 files changed, 9 insertions, 0 deletions
diff --git a/CHANGELOG b/CHANGELOG
index 6fef2d026..6d0a959a6 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -1,6 +1,7 @@
CHANGELOG Roundcube Webmail
===========================
+- Better handling of session errors in ajax requests (#1488960)
- Fix HTML part detection for some specific message structures (#1488992)
- Don't show fake address - phishing prevention (#1488981)
- Fix forward as attachment bug with editormode != 1 (#1488991)
diff --git a/program/js/app.js b/program/js/app.js
index 9f76757a6..637d6f5d8 100644
--- a/program/js/app.js
+++ b/program/js/app.js
@@ -6249,6 +6249,14 @@ function rcube_webmail()
if (location_url && this.env.action != 'compose') // don't redirect on compose screen, contents might get lost (#1488926)
this.redirect(location_url);
+ // 403 Forbidden response (CSRF prevention) - reload the page.
+ // In case there's a new valid session it will be used, otherwise
+ // login form will be presented (#1488960).
+ if (request.status == 403) {
+ (this.is_framed() ? parent : window).location.reload();
+ return;
+ }
+
// re-send keep-alive requests after 30 seconds
if (action == 'keep-alive')
setTimeout(function(){ ref.keep_alive(); ref.start_keepalive(); }, 30000);