237566 2022-03-07 16:23:47 -0800 Setting `Cross-Origin-Opener-Policy: same-origin` breaks back-forward history navigations 2022-06-23 15:50:43 -0700 1 1 1 Unclassified WebKit History Safari 15 Unspecified Unspecified RESOLVED DUPLICATE 235475 https://bugs.webkit.org/show_bug.cgi?id=237137 InRadar P2 Major --- 1 ddworken webkit-unassigned bfulgham cdumez ddworken pgriffis webkit-bug-importer oldest_to_newest 1849020 0 ddworken 2022-03-07 16:23:47 -0800 # Summary If a page sets `Cross-Origin-Opener-Policy: same-origin`, Safari hangs while loading the page if the user hits the back button and then the forward button. See this demo: https://coop.xss.guru/coop_bf # Details Webkit's back-forward cache appears to be broken for pages that set COOP: same-origin. Reproduction steps: 1. User is on a page without a COOP header 2. User clicks a link to a page that sets COOP same-origin 3. User clicks the back button followed by the forward button 4. In Safari's UI, the page appears to hang while loading. Safari devtools show no pending request or errors in the console. Using an intercepting proxy one can see that Safari is making an infinite loop of requests to the page that sets COOP same-origin 5. If the page is modified to set COOP unsafe-none or if COOP support is disabled in Safari, the back-forward navigation completes successfully Demo site: https://coop.xss.guru/coop_bf Demo video: https://drive.google.com/file/d/1-fqOwhx549GSzrlyFx9fbXK9uepC7J8j/view 1849023 1 ddworken 2022-03-07 16:30:13 -0800 I just spotted https://bugs.webkit.org/show_bug.cgi?id=237137 which appears to be about the same behavior. 1850160 2 webkit-bug-importer 2022-03-10 10:19:07 -0800 <rdar://problem/90106601> 1877950 3 bfulgham 2022-06-23 15:50:43 -0700 *** This bug has been marked as a duplicate of bug 235475 ***