[Webkit-unassigned] [Bug 272741] New: Mobile WebKit does not trigger downloads for lone \n in headers

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Tue Apr 16 04:21:23 PDT 2024


            Bug ID: 272741
           Summary: Mobile WebKit does not trigger downloads for lone \n
                    in headers
           Product: WebKit
           Version: Safari 17
          Hardware: Unspecified
                OS: iOS 17
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: Page Loading
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: jannis.rautenstrauch at cispa.de
                CC: beidson at apple.com

Responses with a single erroneous \n|LF in their header lines trigger a download in WebKit Desktop (and in Firefox, Chromium).
In WebKit Mobile the response is instead displayed as a plain text file. Depending on where the LF occurs, headers before it even have effect (e.g., COOP).

I would expect the same behavior on mobile and desktop.

Response 1, COOP is active on WebKit mobile: http://sub.headers.websec.saarland/_hp/tests/window-references-coop.sub.html?resp_type=parsing&browser_id=1&label=COOP&first_id=23990&last_id=23990&scheme=http&t_resp_id=23990&t_element_relation=direct_direct&t_resp_origin=https://headers.webappsec.eu
HTTP/1.1 200
cross-origin-opener-policy: same-origin-allow-popups\n
more headers


Response 2, COOP is not active on WebKit mobile: http://sub.headers.websec.saarland/_hp/tests/window-references-coop.sub.html?resp_type=parsing&browser_id=1&label=COOP&first_id=22059&last_id=22059&scheme=http&t_resp_id=22059&t_element_relation=direct_direct&t_resp_origin=https://headers.webappsec.eu
HTTP/1.1 200
\ncross-origin-opener-policy: same-origin
more headers


Another question is whether the download dialog window should be "accessible", i.e., "window.open.opener" returns "window" (WebKit desktop, Chrome and Firefox on android), or whether it should be "null" (Chrome and Firefox on desktop).

You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20240416/e85de18b/attachment.htm>

More information about the webkit-unassigned mailing list