From ebc619c149f82e9151bbf672cf065447f4d12923 Mon Sep 17 00:00:00 2001
From: alecpl <alec@alec.pl>
Date: Fri, 26 Feb 2010 03:06:48 -0500
Subject: [PATCH] - Fix CVE-2010-0464: Disable DNS prefetching (#1486449)

---
 program/include/rcube_shared.inc |    2 ++
 1 files changed, 2 insertions(+), 0 deletions(-)

diff --git a/program/include/rcube_shared.inc b/program/include/rcube_shared.inc
index 610023f..f4f23a2 100644
--- a/program/include/rcube_shared.inc
+++ b/program/include/rcube_shared.inc
@@ -39,6 +39,8 @@
   header("Last-Modified: ".gmdate("D, d M Y H:i:s")." GMT");
   header("Cache-Control: private, must-revalidate, post-check=0, pre-check=0");
   header("Pragma: no-cache");
+  // Request browser to disable DNS prefetching (CVE-2010-0464)
+  header("X-DNS-Prefetch-Control: off");
   
   // We need to set the following headers to make downloads work using IE in HTTPS mode.
   if (rcube_https_check()) {

--
Gitblit v1.9.1