diff options
author | Thomas Bruederli <thomas@roundcube.net> | 2016-01-16 19:48:22 +0300 |
---|---|---|
committer | Aleksander Machniak <alec@alec.pl> | 2016-03-06 16:31:07 +0300 |
commit | 4a408843b0ef816daf70a472a02b78cd6073a4d5 (patch) | |
tree | cacb8d3c24c016948b4f22b15e0f9d0402db81d5 /plugins/zipdownload/zipdownload.js | |
parent | d4df3748cfaacadf52b19eb37b2a476df80525a9 (diff) |
Protect download urls against CSRF using unique request tokens (#1490642)
Send X-Frame-Options headers with every HTTP response
Diffstat (limited to 'plugins/zipdownload/zipdownload.js')
-rw-r--r-- | plugins/zipdownload/zipdownload.js | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/plugins/zipdownload/zipdownload.js b/plugins/zipdownload/zipdownload.js index 228b04f8f..6f918d298 100644 --- a/plugins/zipdownload/zipdownload.js +++ b/plugins/zipdownload/zipdownload.js @@ -54,7 +54,7 @@ function rcmail_zipdownload(mode) // default .eml download of single message if (mode == 'eml') { var uid = rcmail.get_single_uid(); - rcmail.goto_url('viewsource', rcmail.params_from_uid(uid, {_save: 1})); + rcmail.goto_url('viewsource', rcmail.params_from_uid(uid, {_save: 1}), false, true); return; } |