[Svn] r3756 - in trunk/roundcubemail: . program/include

trac at roundcube.net trac at roundcube.net
Thu Jun 17 10:01:20 CEST 2010


Author: alec
Date: 2010-06-17 03:01:20 -0500 (Thu, 17 Jun 2010)
New Revision: 3756

Modified:
   trunk/roundcubemail/CHANGELOG
   trunk/roundcubemail/program/include/rcube_shared.inc
Log:
- Fix no-cache headers on https to prevent content caching by proxies (#1486798)


Modified: trunk/roundcubemail/CHANGELOG
===================================================================
--- trunk/roundcubemail/CHANGELOG	2010-06-16 06:29:47 UTC (rev 3755)
+++ trunk/roundcubemail/CHANGELOG	2010-06-17 08:01:20 UTC (rev 3756)
@@ -1,6 +1,7 @@
 CHANGELOG RoundCube Webmail
 ===========================
 
+- Fix no-cache headers on https to prevent content caching by proxies (#1486798)
 - Fix attachment filenames broken with TNEF decoder using long filenames (#1486795)
 - Use user's timezone in Date header, not server's timezone (#1486119)
 - Add option to set separate footer for HTML messages (#1486660)

Modified: trunk/roundcubemail/program/include/rcube_shared.inc
===================================================================
--- trunk/roundcubemail/program/include/rcube_shared.inc	2010-06-16 06:29:47 UTC (rev 3755)
+++ trunk/roundcubemail/program/include/rcube_shared.inc	2010-06-17 08:01:20 UTC (rev 3756)
@@ -32,20 +32,21 @@
  */
 function send_nocacheing_headers()
 {
+  global $OUTPUT;
+
   if (headers_sent())
     return;
 
   header("Expires: ".gmdate("D, d M Y H:i:s")." GMT");
   header("Last-Modified: ".gmdate("D, d M Y H:i:s")." GMT");
-  header("Cache-Control: private, must-revalidate, post-check=0, pre-check=0");
+  header("Cache-Control: private, no-cache, must-revalidate, post-check=0, pre-check=0");
   header("Pragma: no-cache");
   // Request browser to disable DNS prefetching (CVE-2010-0464)
   header("X-DNS-Prefetch-Control: off");
-  
+
   // We need to set the following headers to make downloads work using IE in HTTPS mode.
-  if (rcube_https_check()) {
-    header('Pragma: ');
-    header('Cache-Control: ');
+  if ($OUTPUT->browser->ie && rcube_https_check()) {
+    header('Pragma: private');
   }
 }
 

_______________________________________________
http://lists.roundcube.net/mailman/listinfo/svn



More information about the Svn mailing list