[Webkit-unassigned] [Bug 77538] New: 302 redirect for <script> src with cached location caches the redirect
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Wed Feb 1 02:51:28 PST 2012
https://bugs.webkit.org/show_bug.cgi?id=77538
Summary: 302 redirect for <script> src with cached location
caches the redirect
Product: WebKit
Version: 528+ (Nightly build)
Platform: Unspecified
URL: http://plus.google.com/
OS/Version: Unspecified
Status: UNCONFIRMED
Severity: Normal
Priority: P2
Component: Page Loading
AssignedTo: webkit-unassigned at lists.webkit.org
ReportedBy: esprehn at gmail.com
1. Inject a script src="/redirect/302"
2. /redirect/302 redirects and returns no cache headers (no-store, no-cache, expires, etc.)
3. browser requests the Location which is /destination
4 /destination responds with cache headers
Now repeat step 1 and Webkit will skip the request to /redirect/302 and load /destination from the cache which means if you had a button "Add random script" that requested /random/302 Webkit would actually always load the same script instead of a random one.
You can easily see this in Google+. Open the net inspector and click Send Feedback in the bottom left corner (then hit escape) repeatedly. The first time it requests /activate.js which then redirects to a Location that has cache headers. Every subsequent time you click Send Feedback no requests for activate.js are made even though the response for it had explicit no cache headers.
Confirmed in Nightly (r105480), Chrome 18 dev, and shipping Safari 5.1.2 (6534.52.7). Firefox doesn't have this behavior.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list