diff options
author | Aleksander Machniak <alec@alec.pl> | 2013-03-14 09:30:13 +0100 |
---|---|---|
committer | Aleksander Machniak <alec@alec.pl> | 2013-03-14 09:32:21 +0100 |
commit | 5b82ed62dc21d8dc922dcafb5aa5e15ce4fcc142 (patch) | |
tree | 8b011e91aa07df03adcbf43520b5f96b36072e84 /program/js/app.js | |
parent | 58993ffcbbfb8b362ebf9d088125fb73d7f6cbed (diff) |
Better handling of session errors in ajax requests - do page reload
on 403 Forbidden response (#1488960)
Diffstat (limited to 'program/js/app.js')
-rw-r--r-- | program/js/app.js | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/program/js/app.js b/program/js/app.js index 41781b9e2..329bd772e 100644 --- a/program/js/app.js +++ b/program/js/app.js @@ -6350,6 +6350,14 @@ function rcube_webmail() if (location_url && this.env.action != 'compose') // don't redirect on compose screen, contents might get lost (#1488926) this.redirect(location_url); + // 403 Forbidden response (CSRF prevention) - reload the page. + // In case there's a new valid session it will be used, otherwise + // login form will be presented (#1488960). + if (request.status == 403) { + (this.is_framed() ? parent : window).location.reload(); + return; + } + // re-send keep-alive requests after 30 seconds if (action == 'keep-alive') setTimeout(function(){ ref.keep_alive(); ref.start_keepalive(); }, 30000); |