diff options
| -rw-r--r-- | CHANGELOG | 1 | ||||
| -rw-r--r-- | program/include/rcube_shared.inc | 11 |
2 files changed, 7 insertions, 5 deletions
@@ -1,6 +1,7 @@ CHANGELOG RoundCube Webmail =========================== +- Fix no-cache headers on https to prevent content caching by proxies (#1486798) - Fix attachment filenames broken with TNEF decoder using long filenames (#1486795) - Use user's timezone in Date header, not server's timezone (#1486119) - Add option to set separate footer for HTML messages (#1486660) diff --git a/program/include/rcube_shared.inc b/program/include/rcube_shared.inc index 3ab76917d..a643f4438 100644 --- a/program/include/rcube_shared.inc +++ b/program/include/rcube_shared.inc @@ -32,20 +32,21 @@ */ function send_nocacheing_headers() { + global $OUTPUT; + if (headers_sent()) return; header("Expires: ".gmdate("D, d M Y H:i:s")." GMT"); header("Last-Modified: ".gmdate("D, d M Y H:i:s")." GMT"); - header("Cache-Control: private, must-revalidate, post-check=0, pre-check=0"); + header("Cache-Control: private, no-cache, must-revalidate, post-check=0, pre-check=0"); header("Pragma: no-cache"); // Request browser to disable DNS prefetching (CVE-2010-0464) header("X-DNS-Prefetch-Control: off"); - + // We need to set the following headers to make downloads work using IE in HTTPS mode. - if (rcube_https_check()) { - header('Pragma: '); - header('Cache-Control: '); + if ($OUTPUT->browser->ie && rcube_https_check()) { + header('Pragma: private'); } } |