Koha/opac
Galen Charlton 7b165794cd Bug 10016: force zero browser-side caching of SCO pages
This patch makes the web-based self-check module pages
specify that no browser (or proxy caching) occur at all.
This prevents a security issue where letting the SCO session time out,
then hitting the back button allowed one to view the previous
patron's session.

This patch adds an optional fifth parameter to output_with_http_headers(),
and output_html_with_http_headers(), a hashref for miscellaneous
options.  One key is defined at the moment: force_no_caching, which if
if present and set to a true value, sets HTTP headers to specify no
browser caching of the page at all.

To test:

[1] Start a web-based self-check session and optionally perform
    some transactions.
[2] Allow the session to time out (it may be helpful to set
    SelfCheckTimeout to a low value such as 10 seconds).
[3] Hit the back button.  You should not see the previous patron's
    self-check session.
[4] Verify that prove -v t/Output.t passes.

Signed-off-by: Galen Charlton <gmc@esilibrary.com>
Signed-off-by: Ed Veal <ed.veal@bywatersolutions.com>
Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
2013-10-21 18:05:12 +00:00
..
errors Bug 4330 Fixing FSF statements 2012-05-28 17:53:51 +02:00
rss
sco Bug 10016: force zero browser-side caching of SCO pages 2013-10-21 18:05:12 +00:00
svc Bug 10856: Improve the previous and next items on the shelf browser 2013-10-04 15:56:35 +00:00
ilsdi.pl Bug 10549: (follow-up) make sure ILS-DI GetAvailability response is emitted as UTF-8 2013-07-17 19:14:37 +00:00
maintenance.pl Bug 7853 - opac-maintanance.pl should correctly redirect back to opac-main.pl, if no updates are outstanding 2013-04-07 13:34:12 -04:00
oai.pl Bug 4330 Fixing FSF statements 2012-05-28 17:53:51 +02:00
opac-account.pl Bug 4330 : Fixing FSF address and copyright statements 2012-05-28 17:53:46 +02:00
opac-addbybiblionumber.pl Bug 5894: Display all titles when confirming copy of items from cart to list 2013-07-05 07:04:02 -07:00
opac-alert-subscribe.pl Bug 4289: 'OpacPublic' feature 2011-01-19 14:30:34 +13:00
opac-authorities-home.pl Bug 9132: Paging through OPAC authority search results does not work 2012-11-28 08:13:18 -05:00
opac-authoritiesdetail.pl Bug 8981 follow-up: case 2012-11-29 22:07:29 -05:00
opac-basket.pl Bug 10026 - OPAC cart not showing location anymore 2013-04-23 08:43:50 -04:00
opac-browser.pl
opac-changelanguage.pl Bug 4330 Fixing FSF statements 2012-05-28 17:53:51 +02:00
opac-course-details.pl bug 8215: (followup) don't allow deleting course reserves from OPAC 2013-05-21 15:51:02 -07:00
opac-course-reserves.pl bug 8215: (followup) make sure C4::CourseReserves doesn't export anything 2013-05-21 15:51:01 -07:00
opac-detail.pl Bug 10856: (Follow-up) improve behavior of the "close shelf browser" link 2013-10-04 15:57:35 +00:00
opac-downloadcart.pl Bug 10853: All existing routing to get a CSV should return a MARC csv 2013-10-11 02:16:33 +00:00
opac-downloadshelf.pl Bug 10853: All existing routing to get a CSV should return a MARC csv 2013-10-11 02:16:33 +00:00
opac-export.pl Bug 3652: close XSS vulnerabilities in opac-export 2012-10-24 15:40:18 +02:00
opac-ics.pl
opac-image.pl Bug 8255: allow local cover images to be cached 2012-06-25 18:12:29 +02:00
opac-imageviewer.pl Bug 4321: clean C4::Biblio::GetBiblio and uses 2012-09-18 12:11:54 +02:00
opac-ISBDdetail.pl Bug 10584 - Hide OPAC biblio details if all items are hidden 2013-09-18 15:31:04 +00:00
opac-main.pl Bug 9395: Problem with callnumber and standard number searches 2013-02-15 18:30:15 -05:00
opac-MARCdetail.pl Bug 10876: Fix opac-MARCdetail.pl displaying items that are meant to be hidden 2013-09-18 16:03:45 +00:00
opac-memberentry.pl Bug 10636 - patronimage should have borrowernumber as PK, not cardnumber 2013-10-14 21:08:02 +00:00
opac-messaging.pl Talking Tech Support - Phase I 2012-06-10 17:46:52 +02:00
opac-modrequest-suspend.pl
opac-modrequest.pl Bug 9394: Use reserve_id where possible 2013-07-24 05:04:55 +00:00
opac-mymessages.pl Bug 4330 : Fixing FSF address and copyright statements 2012-05-28 17:53:46 +02:00
opac-overdrive-search.pl Bug 10320: (follow-up) correct license statement 2013-09-08 07:04:45 +00:00
opac-passwd.pl Bug 9611: (follow-up) move new password hashing routines to separate module 2013-10-09 03:29:22 +00:00
opac-patron-image.pl Bug 10636 - patronimage should have borrowernumber as PK, not cardnumber 2013-10-14 21:08:02 +00:00
opac-privacy.pl Bug 6506: When AnonymousPatron not set, deletion of issue history silently failed. 2013-05-01 08:44:11 -04:00
opac-ratings-ajax.pl Bug 8315 - fix 'C4::Output 3.02' errors in Koha 2012-06-29 11:59:13 +02:00
opac-ratings.pl
opac-readingrecord.pl Bug 8017 reduce manipulation of GetAllIssues return 2012-09-13 18:51:45 +02:00
opac-registration-verify.pl Bug 7067 - QA Followup - Fix error when confirming via email 2012-12-14 08:09:02 -05:00
opac-renew.pl
opac-reserve.pl Bug 10272: make CheckReserves respect ReservesControlBranch 2013-09-08 01:20:01 +00:00
opac-review.pl
opac-search-history.pl Bug 10309 - New OPAC theme based on Bootstrap 2013-10-14 23:13:05 +00:00
opac-search.pl Bug 10320 - Integrate OverDrive search into OPAC 2013-09-08 07:00:40 +00:00
opac-sendbasket.pl Bug 8626: Fix encoding in cart emails for use of quoted-printable 2012-08-29 18:14:32 +02:00
opac-sendshelf.pl Bug 8368: (follow-up) restore use of quoted printable for message body 2013-10-18 07:27:30 +00:00
opac-serial-issues.pl Bug 6195 : Opac user should not have serial manage tab 2011-04-19 13:29:01 +12:00
opac-shelves.pl
opac-showmarc.pl Bug 9570 - view plain not working in ccsr 2013-03-07 09:33:57 -05:00
opac-showreviews.pl
opac-suggestions.pl Bug 9457 - Followup - Ordering branches should be case independent (2) 2013-03-20 15:36:19 -04:00
opac-tags.pl bug 9401: remove direct reads of CGISESSID cookie by JavaScript 2013-02-01 11:05:35 -05:00
opac-tags_subject.pl
opac-topissues.pl Bug 10588: improve selection of default branch for OPAC popular items pag 2013-09-04 17:14:22 +00:00
opac-user.pl Bug 10672 - Add subtitle to display of checkouts, overdues, and holds on the patron summary 2013-09-07 21:07:28 +00:00
search.pl Bug 8233 : SearchEngine: Add a Koha::SearchEngine module 2012-07-06 16:51:58 +02:00
tracklinks.pl Bug 8917 : Shifting db dependent code to a module 2013-03-07 11:14:25 -05:00
unapi Bug 10085: unapi does not function under Plack 2013-04-23 08:33:51 -04:00