[Webkit-unassigned] [Bug 77538] New: 302 redirect for <script> src with cached location caches the redirect

Wed Feb 1 02:51:28 PST 2012

https://bugs.webkit.org/show_bug.cgi?id=77538

           Summary: 302 redirect for <script> src with cached location
                    caches the redirect
           Product: WebKit
           Version: 528+ (Nightly build)
          Platform: Unspecified
               URL: http://plus.google.com/
        OS/Version: Unspecified
            Status: UNCONFIRMED
          Severity: Normal
          Priority: P2
         Component: Page Loading
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: esprehn at gmail.com

1. Inject a script src="/redirect/302"
2. /redirect/302 redirects and returns no cache headers (no-store, no-cache, expires, etc.)
3. browser requests the Location which is /destination
4 /destination responds with cache headers

Now repeat step 1 and Webkit will skip the request to /redirect/302 and load /destination from the cache which means if you had a button "Add random script" that requested /random/302 Webkit would actually always load the same script instead of a random one.

You can easily see this in Google+. Open the net inspector and click Send Feedback in the bottom left corner (then hit escape) repeatedly. The first time it requests /activate.js which then redirects to a Location that has cache headers. Every subsequent time you click Send Feedback no requests for activate.js are made even though the response for it had explicit no cache headers.

Confirmed in Nightly (r105480), Chrome 18 dev, and shipping Safari 5.1.2 (6534.52.7). Firefox doesn't have this behavior.

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.