[Webkit-unassigned] [Bug 186090] REGRESSION (r231479): Unable to buy Odeon cinema tickets in STP (bogus 'X-Frame-Options' to 'SAMEORIGIN')
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Mon Jun 25 16:57:05 PDT 2018
https://bugs.webkit.org/show_bug.cgi?id=186090
--- Comment #2 from Daniel Bates <dbates at webkit.org> ---
When you click the button Pay and complete order the site POSTs a form to <https://hps.datacash.com/hps/?> from a child iframe whose URL is of the form: <https://hps.datacash.com/hps/?HPS_SessionID=7f72d137-0dae-4ec4-b6a6-81509c1915d>. And the URL <https://hps.datacash.com/hps/?> ultimately redirects to a URL of the form: <https://www.odeon.co.uk/bookingserver_ng_live6//booking/paymentHCCReturn.dhtml?bookingProcessId=0eac9e9e5a02305931ab47b2bb78a5685cea0373&accessible=1&useGETjsessionid=1&dts_reference=3000108365129513>. The destination page on www.odeon.co.uk includes "X-Frame-Options: SAMEORIGIN" in its HTTP response.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20180625/f56458e8/attachment.html>
More information about the webkit-unassigned
mailing list