Protect download urls against CSRF using unique request tokens (#1490642)

Send X-Frame-Options headers with every HTTP response
author: Thomas Bruederli <thomas@roundcube.net> 2016-01-16 19:48:22 +0300
committer: Aleksander Machniak <alec@alec.pl> 2016-03-06 16:31:07 +0300
commit: 4a408843b0ef816daf70a472a02b78cd6073a4d5 (patch)
tree: cacb8d3c24c016948b4f22b15e0f9d0402db81d5 /plugins/zipdownload/zipdownload.js
parent: d4df3748cfaacadf52b19eb37b2a476df80525a9 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/plugins/zipdownload/zipdownload.js b/plugins/zipdownload/zipdownload.js
index 228b04f8f..6f918d298 100644
--- a/plugins/zipdownload/zipdownload.js
+++ b/plugins/zipdownload/zipdownload.js
@@ -54,7 +54,7 @@ function rcmail_zipdownload(mode)
     // default .eml download of single message
     if (mode == 'eml') {
         var uid = rcmail.get_single_uid();
-        rcmail.goto_url('viewsource', rcmail.params_from_uid(uid, {_save: 1}));
+        rcmail.goto_url('viewsource', rcmail.params_from_uid(uid, {_save: 1}), false, true);
         return;
     }
author	Thomas Bruederli <thomas@roundcube.net>	2016-01-16 19:48:22 +0300
committer	Aleksander Machniak <alec@alec.pl>	2016-03-06 16:31:07 +0300
commit	4a408843b0ef816daf70a472a02b78cd6073a4d5 (patch)
tree	cacb8d3c24c016948b4f22b15e0f9d0402db81d5 /plugins/zipdownload/zipdownload.js
parent	d4df3748cfaacadf52b19eb37b2a476df80525a9 (diff)