diff options
| author | Aleksander Machniak <alec@alec.pl> | 2014-06-09 14:16:35 +0200 |
|---|---|---|
| committer | Aleksander Machniak <alec@alec.pl> | 2014-06-09 14:16:35 +0200 |
| commit | ba5c53e5c3894bcbbc33dfd3271583e44c35de25 (patch) | |
| tree | adb5d36645ad1aa1c8a74b41e5bde31ad6aabef4 | |
| parent | 20ac879b4b346cc6ebb73ad65dcd762fb68a9a5d (diff) | |
Send X-UA-Compatible as HTTP header instead of meta tag
| -rw-r--r-- | index.php | 1 | ||||
| -rw-r--r-- | program/lib/Roundcube/rcube_output.php | 36 | ||||
| -rw-r--r-- | skins/classic/includes/links.html | 1 | ||||
| -rw-r--r-- | skins/larry/includes/links.html | 1 |
4 files changed, 20 insertions, 19 deletions
@@ -44,6 +44,7 @@ $RCMAIL = rcmail::get_instance($GLOBALS['env']); // Make the whole PHP output non-cacheable (#1487797) $RCMAIL->output->nocacheing_headers(); +$RCMAIL->output->common_headers(); // turn on output buffering ob_start(); diff --git a/program/lib/Roundcube/rcube_output.php b/program/lib/Roundcube/rcube_output.php index 1907645b0..55a38b240 100644 --- a/program/lib/Roundcube/rcube_output.php +++ b/program/lib/Roundcube/rcube_output.php @@ -44,7 +44,6 @@ abstract class rcube_output $this->browser = new rcube_browser(); } - /** * Magic getter */ @@ -60,7 +59,6 @@ abstract class rcube_output return null; } - /** * Setter for output charset. * To be specified in a meta tag and sent as http-header @@ -72,7 +70,6 @@ abstract class rcube_output $this->charset = $charset; } - /** * Getter for output charset * @@ -83,7 +80,6 @@ abstract class rcube_output return $this->charset; } - /** * Set environment variable * @@ -95,7 +91,6 @@ abstract class rcube_output $this->env[$name] = $value; } - /** * Environment variable getter. * @@ -108,7 +103,6 @@ abstract class rcube_output return $this->env[$name]; } - /** * Delete all stored env variables and commands */ @@ -117,7 +111,6 @@ abstract class rcube_output $this->env = array(); } - /** * Invoke display_message command * @@ -129,7 +122,6 @@ abstract class rcube_output */ abstract function show_message($message, $type = 'notice', $vars = null, $override = true, $timeout = 0); - /** * Redirect to a certain url. * @@ -138,13 +130,11 @@ abstract class rcube_output */ abstract function redirect($p = array(), $delay = 1); - /** * Send output to the client. */ abstract function send(); - /** * Send HTTP headers to prevent caching a page */ @@ -157,9 +147,6 @@ abstract class rcube_output header("Expires: ".gmdate("D, d M Y H:i:s")." GMT"); header("Last-Modified: ".gmdate("D, d M Y H:i:s")." GMT"); - // Request browser to disable DNS prefetching (CVE-2010-0464) - header("X-DNS-Prefetch-Control: off"); - // We need to set the following headers to make downloads work using IE in HTTPS mode. if ($this->browser->ie && rcube_utils::https_check()) { header('Pragma: private'); @@ -178,14 +165,32 @@ abstract class rcube_output */ public function future_expire_header($offset = 2600000) { - if (headers_sent()) + if (headers_sent()) { return; + } header("Expires: " . gmdate("D, d M Y H:i:s", time()+$offset) . " GMT"); header("Cache-Control: max-age=$offset"); header("Pragma: "); } + /** + * Send browser compatibility/security/etc. headers + */ + public function common_headers() + { + if (headers_sent()) { + return; + } + + // Unlock IE compatibility mode + if ($this->browser->ie) { + header('X-UA-Compatible: IE=edge'); + } + + // Request browser to disable DNS prefetching (CVE-2010-0464) + header("X-DNS-Prefetch-Control: off"); + } /** * Show error page and terminate script execution @@ -200,7 +205,6 @@ abstract class rcube_output exit(-1); } - /** * Create an edit field for inclusion on a form * @@ -253,7 +257,6 @@ abstract class rcube_output return $out; } - /** * Convert a variable into a javascript object notation * @@ -269,5 +272,4 @@ abstract class rcube_output // that's why we have @ here return @json_encode($input); } - } diff --git a/skins/classic/includes/links.html b/skins/classic/includes/links.html index 2f6ef0119..8ff57c229 100644 --- a/skins/classic/includes/links.html +++ b/skins/classic/includes/links.html @@ -1,4 +1,3 @@ -<meta http-equiv="X-UA-Compatible" content="IE=EDGE" /> <link rel="index" href="$__comm_path" /> <link rel="shortcut icon" href="/images/favicon.ico"/> <link rel="stylesheet" type="text/css" href="/common.css" /> diff --git a/skins/larry/includes/links.html b/skins/larry/includes/links.html index ce9863a6c..a49e58826 100644 --- a/skins/larry/includes/links.html +++ b/skins/larry/includes/links.html @@ -1,4 +1,3 @@ -<meta http-equiv="X-UA-Compatible" content="IE=EDGE" /> <meta name="viewport" content="" id="viewport" /> <link rel="shortcut icon" href="/images/favicon.ico"/> <link rel="stylesheet" type="text/css" href="/styles.css" /> |