diff options
| author | thomasb <thomasb@208e9e7b-5314-0410-a742-e7e81cd9613c> | 2009-07-02 06:38:26 +0000 |
|---|---|---|
| committer | thomasb <thomasb@208e9e7b-5314-0410-a742-e7e81cd9613c> | 2009-07-02 06:38:26 +0000 |
| commit | a15ebb7164dcf3659bfb4426c8f074bf4d05734e (patch) | |
| tree | 21263bb6d4ced438342a9994c7f800a8dd7a5556 /roundcubemail | |
| parent | 3ce9dcd8fff2ca022aae5ad50cca149f497fe64a (diff) | |
Add option to enforce https connections
git-svn-id: https://svn.roundcube.net/trunk@2696 208e9e7b-5314-0410-a742-e7e81cd9613c
Diffstat (limited to 'roundcubemail')
| -rw-r--r-- | roundcubemail/CHANGELOG | 1 | ||||
| -rw-r--r-- | roundcubemail/config/main.inc.php.dist | 4 | ||||
| -rw-r--r-- | roundcubemail/index.php | 7 |
3 files changed, 11 insertions, 1 deletions
diff --git a/roundcubemail/CHANGELOG b/roundcubemail/CHANGELOG index b88aa3f8c..a613b6620 100644 --- a/roundcubemail/CHANGELOG +++ b/roundcubemail/CHANGELOG @@ -1,6 +1,7 @@ CHANGELOG RoundCube Webmail =========================== +- Added config option to enforce HTTPS connections - Fix non-unicode characters caching in unicode database (#1484608) - Performance improvements of messages caching - Fix empty Date header issue (#1485923) diff --git a/roundcubemail/config/main.inc.php.dist b/roundcubemail/config/main.inc.php.dist index 29f6e12fc..f5e4c7ccc 100644 --- a/roundcubemail/config/main.inc.php.dist +++ b/roundcubemail/config/main.inc.php.dist @@ -50,6 +50,10 @@ $rcmail_config['enable_caching'] = TRUE; // possible units: s, m, h, d, w $rcmail_config['message_cache_lifetime'] = '10d'; +// enforce connections over https +// with this option enabled, all non-secure connections will be redirected +$rcmail_config['force_https'] = FALSE; + // automatically create a new RoundCube user when log-in the first time. // a new user will be created once the IMAP login succeeds. // set to false if only registered users can use this service diff --git a/roundcubemail/index.php b/roundcubemail/index.php index e8111b113..2767277f7 100644 --- a/roundcubemail/index.php +++ b/roundcubemail/index.php @@ -2,7 +2,7 @@ /* +-------------------------------------------------------------------------+ | RoundCube Webmail IMAP Client | - | Version 0.3-20090419 | + | Version 0.3-20090702 | | | | Copyright (C) 2005-2009, RoundCube Dev. - Switzerland | | | @@ -63,6 +63,11 @@ if ($RCMAIL->action=='error' && !empty($_GET['_code'])) { raise_error(array('code' => hexdec($_GET['_code'])), FALSE, TRUE); } +// check if https is required (for login) and redirect if necessary +if ($RCMAIL->config->get('force_https', false) && empty($_SESSION['user_id']) && !(isset($_SERVER['HTTPS']) || $_SERVER['SERVER_PORT'] == 443)) { + header('Location: https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']); + exit; +} // trigger startup plugin hook $startup = $RCMAIL->plugins->exec_hook('startup', array('task' => $RCMAIL->task, 'action' => $RCMAIL->action)); |