[Webkit-unassigned] [Bug 237566] New: Setting `Cross-Origin-Opener-Policy: same-origin` breaks back-forward history navigations

Mon Mar 7 16:23:47 PST 2022

https://bugs.webkit.org/show_bug.cgi?id=237566

            Bug ID: 237566
           Summary: Setting `Cross-Origin-Opener-Policy: same-origin`
                    breaks back-forward history navigations
           Product: WebKit
           Version: Safari 15
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Major
          Priority: P2
         Component: History
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: ddworken at google.com

# Summary 

If a page sets `Cross-Origin-Opener-Policy: same-origin`, Safari hangs while loading the page if the user hits the back button and then the forward button. See this demo: https://coop.xss.guru/coop_bf

# Details 

Webkit's back-forward cache appears to be broken for pages that set COOP: same-origin. Reproduction steps:

1. User is on a page without a COOP header 
2. User clicks a link to a page that sets COOP same-origin
3. User clicks the back button followed by the forward button 
4. In Safari's UI, the page appears to hang while loading. Safari devtools show no pending request or errors in the console. Using an intercepting proxy one can see that Safari is making an infinite loop of requests to the page that sets COOP same-origin 
5. If the page is modified to set COOP unsafe-none or if COOP support is disabled in Safari, the back-forward navigation completes successfully 

Demo site: https://coop.xss.guru/coop_bf
Demo video: https://drive.google.com/file/d/1-fqOwhx549GSzrlyFx9fbXK9uepC7J8j/view

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20220308/ce7d9eac/attachment.htm>