diff options
| author | alec <alec@208e9e7b-5314-0410-a742-e7e81cd9613c> | 2010-02-26 08:06:48 +0000 |
|---|---|---|
| committer | alec <alec@208e9e7b-5314-0410-a742-e7e81cd9613c> | 2010-02-26 08:06:48 +0000 |
| commit | 1bd5ba05f08cf8dd42e2b61e06eefd991a48e060 (patch) | |
| tree | 7657656bcd2500802af7a2ed289a884b33c029bb /roundcubemail/program/include/rcube_shared.inc | |
| parent | b10451f177caa6a3c9267b39f5e7e1d933ec4c06 (diff) | |
- Fix CVE-2010-0464: Disable DNS prefetching (#1486449)
git-svn-id: https://svn.roundcube.net/trunk@3293 208e9e7b-5314-0410-a742-e7e81cd9613c
Diffstat (limited to 'roundcubemail/program/include/rcube_shared.inc')
| -rw-r--r-- | roundcubemail/program/include/rcube_shared.inc | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/roundcubemail/program/include/rcube_shared.inc b/roundcubemail/program/include/rcube_shared.inc index 610023f69..f4f23a26b 100644 --- a/roundcubemail/program/include/rcube_shared.inc +++ b/roundcubemail/program/include/rcube_shared.inc @@ -39,6 +39,8 @@ function send_nocacheing_headers() header("Last-Modified: ".gmdate("D, d M Y H:i:s")." GMT"); header("Cache-Control: private, must-revalidate, post-check=0, pre-check=0"); header("Pragma: no-cache"); + // Request browser to disable DNS prefetching (CVE-2010-0464) + header("X-DNS-Prefetch-Control: off"); // We need to set the following headers to make downloads work using IE in HTTPS mode. if (rcube_https_check()) { |