281175 2024-10-09 16:41:07 -0700 Using Cross-Origin-Opener-Policy HTTP header may corrupt the back/forward list 2024-11-11 11:51:09 -0800 1 1 1 Unclassified WebKit WebKit2 WebKit Nightly Build Unspecified Unspecified RESOLVED FIXED https://bugs.webkit.org/show_bug.cgi?id=274310 InRadar P2 Normal --- 1 cdumez cdumez jarek kkinnunen pmusaraj webkit-bug-importer oldest_to_newest 2066696 0 cdumez 2024-10-09 16:41:07 -0700 Using Cross-Origin-Opener-Policy HTTP header may corrupt the back/forward list: ``` Got a better repro (thanks to a colleague, David Taylor). https://d5.musaraj.com and https://d6.musaraj.com are identical, but d5 has the COOP header, d6 doesn't. The HTML for both is: ``` <ol> <li><button onclick="window.history.pushState({}, null, '/foo')">Click me</button></li> <li>Use browser to go 'back' one step</li> <li><a href="https://d4.musaraj.com">Then click me</a></li> </ol> ``` https://d4.musaraj.com has this HTML: ``` <script>document.write(`window.location is ${window.location}`)</script> ``` Can see that window history gets corrupted with steps followed in d5 but not with d6. ``` 2066697 1 webkit-bug-importer 2024-10-09 16:41:29 -0700 <rdar://problem/137635838> 2066699 2 cdumez 2024-10-09 16:42:44 -0700 This is a follow-up to Bug 274310 as it still appears to be broken. 2069971 3 cdumez 2024-10-22 20:11:45 -0700 I have a fix (actually 2 ways one more complete but a bit more risky and another very limited but safe). I'm working on a test now. 2070242 4 cdumez 2024-10-23 17:04:52 -0700 Pull request: https://github.com/WebKit/WebKit/pull/35657 2070744 5 ews-feeder 2024-10-26 13:46:02 -0700 Committed 285729@main (2b008f6776a2): <https://commits.webkit.org/285729@main> Reviewed commits have been landed. Closing PR #35657 and removing active labels. 2073569 6 ews-feeder 2024-11-07 12:03:45 -0800 Committed 283286.449@safari-7620-branch (1b35def6ef77): <https://commits.webkit.org/283286.449@safari-7620-branch> Reviewed commits have been landed. Closing PR #2240 and removing active labels. 2074329 7 pmusaraj 2024-11-11 11:51:09 -0800 I can still repro this issue on latest Safari TP, release 207. I cannot reproduce it on an early archive build, 285848@main from October 29.