[Webkit-unassigned] [Bug 274310] REGRESSION (Safari 17.x): Strange mix of content from two websites loaded simultaneously

[bugzilla-daemon at webkit.org]

https://bugs.webkit.org/show_bug.cgi?id=274310

--- Comment #9 from Penar Musaraj <pmusaraj at gmail.com> ---
Thanks so much, Ahmad. Here are the repro examples and steps:

https://d2.musaraj.com
- has Cross-Origin-Opener-Policy: same-origin-allow-popups
- is running an example Ember app, source at https://github.com/ember-learn/super-rentals

https://d3.musaraj.com
- does not have a Cross-Origin-Opener-Policy header at all
- is runnign the same app as d2

Repro steps: 
- click on Grand Old Mansion
- go back in history
- go forward (or click on Grand Old Mansion again)
- click on d1.musaraj.com (just below the About Grand Old Mansion title)

Results: on d2, stuff breaks, the page's history is corrupt and the d1.musaraj.com app doesn't load (if you look at console, its relative assets are being requested from d2.musaraj.com's root instead of d1). On d3, there are no issues with the same steps. The only difference between the two is the header. 

Note also that I tried reproducing this with a barebones HTML page without a JS framework, but couldn't. So the underlying Ember library that is used in building this sample app seems to play a role as well here. 

Thanks again for your attention, appreciated!

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20240805/ccccea26/attachment.htm>