From 37e467d55cfb0323989127ba04c4e449ce2ed784 Mon Sep 17 00:00:00 2001
From: alecpl <alec@alec.pl>
Date: Thu, 17 Jun 2010 04:01:20 -0400
Subject: [PATCH] - Fix no-cache headers on https to prevent content caching by proxies (#1486798)

---
 program/include/rcube_shared.inc |   11 ++++++-----
 1 files changed, 6 insertions(+), 5 deletions(-)

diff --git a/program/include/rcube_shared.inc b/program/include/rcube_shared.inc
index 3ab7691..a643f44 100644
--- a/program/include/rcube_shared.inc
+++ b/program/include/rcube_shared.inc
@@ -32,20 +32,21 @@
  */
 function send_nocacheing_headers()
 {
+  global $OUTPUT;
+
   if (headers_sent())
     return;
 
   header("Expires: ".gmdate("D, d M Y H:i:s")." GMT");
   header("Last-Modified: ".gmdate("D, d M Y H:i:s")." GMT");
-  header("Cache-Control: private, must-revalidate, post-check=0, pre-check=0");
+  header("Cache-Control: private, no-cache, must-revalidate, post-check=0, pre-check=0");
   header("Pragma: no-cache");
   // Request browser to disable DNS prefetching (CVE-2010-0464)
   header("X-DNS-Prefetch-Control: off");
-  
+
   // We need to set the following headers to make downloads work using IE in HTTPS mode.
-  if (rcube_https_check()) {
-    header('Pragma: ');
-    header('Cache-Control: ');
+  if ($OUTPUT->browser->ie && rcube_https_check()) {
+    header('Pragma: private');
   }
 }
 

--
Gitblit v1.9.1