githubFork/roundcubemail.git

githubFork / roundcubemail

Roundcubemail devel

summary
reflog
commits
tree
docs
forks
compare

Protect download urls against CSRF using unique request tokens (#1490642) S...

Thomas Bruederli

2016-01-16 4a408843b0ef816daf70a472a02b78cd6073a4d5

 program/lib/Roundcube/rcube_output.php

@@ -190,6 +190,11 @@

        // Request browser to disable DNS prefetching (CVE-2010-0464)
        header("X-DNS-Prefetch-Control: off");

        // send CSRF and clickjacking protection headers
        if ($xframe = $this->app->config->get('x_frame_options', 'sameorigin')) {
            header('X-Frame-Options: ' . $xframe);
        }
    }

    /**

			@@ -190,6 +190,11 @@

			// Request browser to disable DNS prefetching (CVE-2010-0464)
			header("X-DNS-Prefetch-Control: off");

			// send CSRF and clickjacking protection headers
			if ($xframe = $this->app->config->get('x_frame_options', 'sameorigin')) {
			header('X-Frame-Options: ' . $xframe);
			}
			}

			/**