[Webkit-unassigned] [Bug 237566] New: Setting `Cross-Origin-Opener-Policy: same-origin` breaks back-forward history navigations
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Mon Mar 7 16:23:47 PST 2022
https://bugs.webkit.org/show_bug.cgi?id=237566
Bug ID: 237566
Summary: Setting `Cross-Origin-Opener-Policy: same-origin`
breaks back-forward history navigations
Product: WebKit
Version: Safari 15
Hardware: Unspecified
OS: Unspecified
Status: NEW
Severity: Major
Priority: P2
Component: History
Assignee: webkit-unassigned at lists.webkit.org
Reporter: ddworken at google.com
# Summary
If a page sets `Cross-Origin-Opener-Policy: same-origin`, Safari hangs while loading the page if the user hits the back button and then the forward button. See this demo: https://coop.xss.guru/coop_bf
# Details
Webkit's back-forward cache appears to be broken for pages that set COOP: same-origin. Reproduction steps:
1. User is on a page without a COOP header
2. User clicks a link to a page that sets COOP same-origin
3. User clicks the back button followed by the forward button
4. In Safari's UI, the page appears to hang while loading. Safari devtools show no pending request or errors in the console. Using an intercepting proxy one can see that Safari is making an infinite loop of requests to the page that sets COOP same-origin
5. If the page is modified to set COOP unsafe-none or if COOP support is disabled in Safari, the back-forward navigation completes successfully
Demo site: https://coop.xss.guru/coop_bf
Demo video: https://drive.google.com/file/d/1-fqOwhx549GSzrlyFx9fbXK9uepC7J8j/view
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20220308/ce7d9eac/attachment.htm>
More information about the webkit-unassigned
mailing list