- Fix no-cache headers on https to prevent content caching by proxies (#1486798)

release-0.6
alecpl 15 years ago
parent 306f15db84
commit 37e467d55c

@ -1,6 +1,7 @@
CHANGELOG RoundCube Webmail CHANGELOG RoundCube Webmail
=========================== ===========================
- Fix no-cache headers on https to prevent content caching by proxies (#1486798)
- Fix attachment filenames broken with TNEF decoder using long filenames (#1486795) - Fix attachment filenames broken with TNEF decoder using long filenames (#1486795)
- Use user's timezone in Date header, not server's timezone (#1486119) - Use user's timezone in Date header, not server's timezone (#1486119)
- Add option to set separate footer for HTML messages (#1486660) - Add option to set separate footer for HTML messages (#1486660)

@ -32,20 +32,21 @@
*/ */
function send_nocacheing_headers() function send_nocacheing_headers()
{ {
global $OUTPUT;
if (headers_sent()) if (headers_sent())
return; return;
header("Expires: ".gmdate("D, d M Y H:i:s")." GMT"); header("Expires: ".gmdate("D, d M Y H:i:s")." GMT");
header("Last-Modified: ".gmdate("D, d M Y H:i:s")." GMT"); header("Last-Modified: ".gmdate("D, d M Y H:i:s")." GMT");
header("Cache-Control: private, must-revalidate, post-check=0, pre-check=0"); header("Cache-Control: private, no-cache, must-revalidate, post-check=0, pre-check=0");
header("Pragma: no-cache"); header("Pragma: no-cache");
// Request browser to disable DNS prefetching (CVE-2010-0464) // Request browser to disable DNS prefetching (CVE-2010-0464)
header("X-DNS-Prefetch-Control: off"); header("X-DNS-Prefetch-Control: off");
// We need to set the following headers to make downloads work using IE in HTTPS mode. // We need to set the following headers to make downloads work using IE in HTTPS mode.
if (rcube_https_check()) { if ($OUTPUT->browser->ie && rcube_https_check()) {
header('Pragma: '); header('Pragma: private');
header('Cache-Control: ');
} }
} }

Loading…
Cancel
Save