Better handling of session errors in ajax requests - do page reload

on 403 Forbidden response (#1488960)
11 years ago · daddbf2555
parent bfa667ab02
commit daddbf2555
2 changed files with 9 additions and 0 deletions
--- a/1
+++ b/1
@ -1,6 +1,7 @@
 CHANGELOG Roundcube Webmail
 ===========================

+- Better handling of session errors in ajax requests (#1488960)
 - Fix HTML part detection for some specific message structures (#1488992)
 - Don't show fake address - phishing prevention (#1488981)
 - Fix forward as attachment bug with editormode != 1 (#1488991)
--- a/program/js/app.js
+++ b/program/js/app.js
@ -6249,6 +6249,14 @@ function rcube_webmail()
    if (location_url && this.env.action != 'compose')  // don't redirect on compose screen, contents might get lost (#1488926)
      this.redirect(location_url);

+    // 403 Forbidden response (CSRF prevention) - reload the page.
+    // In case there's a new valid session it will be used, otherwise
+    // login form will be presented (#1488960).
+    if (request.status == 403) {
+      (this.is_framed() ? parent : window).location.reload();
+      return;
+    }
+
    // re-send keep-alive requests after 30 seconds
    if (action == 'keep-alive')
      setTimeout(function(){ ref.keep_alive(); ref.start_keepalive(); }, 30000);