We use cookies to ensure you get the best experience on our website
Home Esplora Aiuto
Registrati Accedi
0ct0pu5
/
squirrelmail
1
0
Forka 0
File Problemi 0 Pull Requests 0 Wiki
Sfoglia il codice sorgente

Send X-DNS-Prefetch-Control: off header to browsers to prevent information
leakage when Firefox does DNS prefetching for URL's contained in emails.
https://secure.grepular.com/DNS_Prefetch_Exposure_on_Thunderbird_and_Webmail

Thijs Kinkhorst 15 anni fa
parent
df87d51dbc
commit
a9d46c71ad
2 ha cambiato i file con 5 aggiunte e 0 eliminazioni
Visualizzazione separata Mostra Diff Stats
  1. 2 0
      doc/ChangeLog
  2. 3 0
      functions/page_header.php

+ 2 - 0
doc/ChangeLog
Vedi File 

@@ -333,6 +333,8 @@ Version 1.5.2 - SVN
 
   - Encoded From headers now properly quoted (#2830141).
 
   - Multibyte strings (notably subjects) are now handled correctly (#2824813,
 
     #2925731).
 
+  - Send X-DNS-Prefetch-Control: off header to browsers to prevent information
 
+    leakage when Firefox does DNS prefetching for URL's contained in emails.
 
 
 Version 1.5.1 (branched on 2006-02-12)
 
 --------------------------------------

+ 3 - 0
functions/page_header.php
Vedi File 

@@ -40,6 +40,9 @@ function displayHtmlHeader( $title = 'SquirrelMail', $xtra = '', $do_hook = TRUE
 
 //FIXME: should change all header() calls in SM core to use $oTemplate->header()!!
 
     $oTemplate->header('Pragma: no-cache'); // http 1.0 (rfc1945)
 
     $oTemplate->header('Cache-Control: private, no-cache, no-store'); // http 1.1 (rfc2616)
 
+    /* prevent information leakage about read emails by forbidding Firefox
 
+     * to do preemptive DNS requests for any links in the message body. */
 
+    $oTemplate->header('X-DNS-Prefetch-Control: off');
 
 
     // don't show version as a security measure
 
     //$oTemplate->header('X-Powered-By: SquirrelMail/' . SM_VERSION, FALSE);

Contact | Legal | Takedown | Status
Self-hosted public services - About
NibbleSpot by 0ct0pu5