From 496da6a42081aaa9dd13ab9c84faf33223eb520b Mon Sep 17 00:00:00 2001
From: alecpl <alec@alec.pl>
Date: Mon, 23 Nov 2009 14:25:43 -0500
Subject: [PATCH] - Fix possible messages exposure when using Roundcube behind a proxy (#1486281)

---
 CHANGELOG                        |    1 +
 program/include/rcube_shared.inc |    2 +-
 2 files changed, 2 insertions(+), 1 deletions(-)

diff --git a/CHANGELOG b/CHANGELOG
index 2457c3d..734a9c7 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -1,6 +1,7 @@
 CHANGELOG RoundCube Webmail
 ===========================
 
+- Fix possible messages exposure when using Roundcube behind a proxy (#1486281)
 - Fix unicode para and line separators in javascript response (#1486310)
 - additional_message_headers: allow unsetting headers, support plugin's config file (#1486268)
 - Fix displaying of hidden directories in skins list (#1486301)
diff --git a/program/include/rcube_shared.inc b/program/include/rcube_shared.inc
index 4119f12..2cf59af 100644
--- a/program/include/rcube_shared.inc
+++ b/program/include/rcube_shared.inc
@@ -93,7 +93,7 @@
   else
     header("Last-Modified: ".gmdate("D, d M Y H:i:s", $mdate)." GMT");
   
-  header("Cache-Control: max-age=0");
+  header("Cache-Control: private, must-revalidate, max-age=0");
   header("Expires: ");
   header("Pragma: ");
   

--
Gitblit v1.9.1