From 699af1e5206ed9114322adaa3c25c1c969640a53 Mon Sep 17 00:00:00 2001 From: Thomas Bruederli <thomas@roundcube.net> Date: Sun, 06 Mar 2016 08:35:48 -0500 Subject: [PATCH] Protect download urls against CSRF using unique request tokens (#1490642) Send X-Frame-Options headers with every HTTP response --- plugins/zipdownload/zipdownload.js | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/plugins/zipdownload/zipdownload.js b/plugins/zipdownload/zipdownload.js index f949508..182af63 100644 --- a/plugins/zipdownload/zipdownload.js +++ b/plugins/zipdownload/zipdownload.js @@ -54,7 +54,7 @@ // default .eml download of single message if (mode == 'eml') { var uid = rcmail.get_single_uid(); - rcmail.goto_url('viewsource', rcmail.params_from_uid(uid, {_save: 1})); + rcmail.goto_url('viewsource', rcmail.params_from_uid(uid, {_save: 1}), false, true); return; } -- Gitblit v1.9.1