[webkit-gtk] webkit2gtk 2.7.4 sending cookie from cache after a 304 with missing Content-Type ?

Jérémy Lal kapouer at melix.org
Tue Mar 24 14:48:37 PDT 2015


2015-03-24 21:21 GMT+01:00 Jérémy Lal <kapouer at melix.org>:
> I'm seeing something very weird in a complicated setup here, and am trying to
> understand what's happening:
>
> 1 - open page urlA, Set-Cookie CA
> 2 - do xhr requests to urlB (ETag set in response)
> 3 - load same page urlA, Set-Cookie CB
> 4 - do xhr request to urlB 304 (If-None-Match hit), a response is sent
> from expressjs server, without a content-type header set (the server
> gets Cookie CB)

I think i found how to reproduce with this precision in step 4:

4 - do xhr request to urlB 304 (If-None-Match hit)
** with the same Last-Modified header as in step 2 **

It makes webkit2gtk 2.7.4 go back in time and it start sending cookies
from the past !


> 5 - a second xhr request to never requested urlC is done: the server
> gets Cookie CA !

> am going to test against webkit2gtk 2.8.0

building...

Jérémy.



More information about the webkit-gtk mailing list