Bug 237137
| Summary: | Back navigation floods the server with duplicate GET requests | ||
|---|---|---|---|
| Product: | WebKit | Reporter: | Steffen Weber <steffen.weber> |
| Component: | History | Assignee: | Nobody <webkit-unassigned> |
| Status: | RESOLVED DUPLICATE | ||
| Severity: | Normal | CC: | cdumez, webkit-bug-importer |
| Priority: | P2 | Keywords: | InRadar |
| Version: | Safari 15 | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
Steffen Weber
How to reproduce:
1. Open Safari 15.3 on macOS or iOS
2. Go to https://www.computerbase.de/forum/threads/dan-c4-sfx.1923191/post-26644137
3. Confirm the consent dialog
4. Click on the orange link with title "https://www.computerbase.de/forum/attachments/2-png.1190983/"
5. Wait until the linked attachment/image loads
6. Click/tap Safari's back button
What should happen:
Safari should navigate back to the forum thread.
What actually happens:
Safari either just hangs or floods the server with duplicate HTTP GET requests (until our rate-limiting kicks in and respons with "HTTP 429 Too Many Requests"):
::ffff:1.2.3.4 [24/Feb/2022:16:28:26 +0100] 200 "GET /forum/threads/dan-c4-sfx.1923191/page-37 HTTP/2.0" "-" "Mozilla/5.0 (iPad; CPU OS 15_3_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/15.3 Mobile/15E148 Safari/604.1"
::ffff:1.2.3.4 [24/Feb/2022:16:28:26 +0100] 200 "GET /forum/threads/dan-c4-sfx.1923191/page-37 HTTP/2.0" "-" "Mozilla/5.0 (iPad; CPU OS 15_3_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/15.3 Mobile/15E148 Safari/604.1"
::ffff:1.2.3.4 [24/Feb/2022:16:28:26 +0100] 200 "GET /forum/threads/dan-c4-sfx.1923191/page-37 HTTP/2.0" "-" "Mozilla/5.0 (iPad; CPU OS 15_3_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/15.3 Mobile/15E148 Safari/604.1"
::ffff:1.2.3.4 [24/Feb/2022:16:28:26 +0100] 200 "GET /forum/threads/dan-c4-sfx.1923191/page-37 HTTP/2.0" "-" "Mozilla/5.0 (iPad; CPU OS 15_3_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/15.3 Mobile/15E148 Safari/604.1"
::ffff:1.2.3.4 [24/Feb/2022:16:28:26 +0100] 200 "GET /forum/threads/dan-c4-sfx.1923191/page-37 HTTP/2.0" "-" "Mozilla/5.0 (iPad; CPU OS 15_3_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/15.3 Mobile/15E148 Safari/604.1"
::ffff:1.2.3.4 [24/Feb/2022:16:28:26 +0100] 200 "GET /forum/threads/dan-c4-sfx.1923191/page-37 HTTP/2.0" "-" "Mozilla/5.0 (iPad; CPU OS 15_3_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/15.3 Mobile/15E148 Safari/604.1"
::ffff:1.2.3.4 [24/Feb/2022:16:28:26 +0100] 200 "GET /forum/threads/dan-c4-sfx.1923191/page-37 HTTP/2.0" "-" "Mozilla/5.0 (iPad; CPU OS 15_3_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/15.3 Mobile/15E148 Safari/604.1"
::ffff:1.2.3.4 [24/Feb/2022:16:28:26 +0100] 200 "GET /forum/threads/dan-c4-sfx.1923191/page-37 HTTP/2.0" "-" "Mozilla/5.0 (iPad; CPU OS 15_3_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/15.3 Mobile/15E148 Safari/604.1"
::ffff:1.2.3.4 [24/Feb/2022:16:28:26 +0100] 200 "GET /forum/threads/dan-c4-sfx.1923191/page-37 HTTP/2.0" "-" "Mozilla/5.0 (iPad; CPU OS 15_3_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/15.3 Mobile/15E148 Safari/604.1"
::ffff:1.2.3.4 [24/Feb/2022:16:28:26 +0100] 200 "GET /forum/threads/dan-c4-sfx.1923191/page-37 HTTP/2.0" "-" "Mozilla/5.0 (iPad; CPU OS 15_3_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/15.3 Mobile/15E148 Safari/604.1"
::ffff:1.2.3.4 [24/Feb/2022:16:28:26 +0100] 200 "GET /forum/threads/dan-c4-sfx.1923191/page-37 HTTP/2.0" "-" "Mozilla/5.0 (iPad; CPU OS 15_3_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/15.3 Mobile/15E148 Safari/604.1"
::ffff:1.2.3.4 [24/Feb/2022:16:28:27 +0100] 200 "GET /forum/threads/dan-c4-sfx.1923191/page-37 HTTP/2.0" "-" "Mozilla/5.0 (iPad; CPU OS 15_3_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/15.3 Mobile/15E148 Safari/604.1"
::ffff:1.2.3.4 [24/Feb/2022:16:28:27 +0100] 200 "GET /forum/threads/dan-c4-sfx.1923191/page-37 HTTP/2.0" "-" "Mozilla/5.0 (iPad; CPU OS 15_3_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/15.3 Mobile/15E148 Safari/604.1"
::ffff:1.2.3.4 [24/Feb/2022:16:28:27 +0100] 200 "GET /forum/threads/dan-c4-sfx.1923191/page-37 HTTP/2.0" "-" "Mozilla/5.0 (iPad; CPU OS 15_3_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/15.3 Mobile/15E148 Safari/604.1"
::ffff:1.2.3.4 [24/Feb/2022:16:28:27 +0100] 200 "GET /forum/threads/dan-c4-sfx.1923191/page-37 HTTP/2.0" "-" "Mozilla/5.0 (iPad; CPU OS 15_3_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/15.3 Mobile/15E148 Safari/604.1"
::ffff:1.2.3.4 [24/Feb/2022:16:28:27 +0100] 200 "GET /forum/threads/dan-c4-sfx.1923191/page-37 HTTP/2.0" "-" "Mozilla/5.0 (iPad; CPU OS 15_3_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/15.3 Mobile/15E148 Safari/604.1"
::ffff:1.2.3.4 [24/Feb/2022:16:28:27 +0100] 200 "GET /forum/threads/dan-c4-sfx.1923191/page-37 HTTP/2.0" "-" "Mozilla/5.0 (iPad; CPU OS 15_3_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/15.3 Mobile/15E148 Safari/604.1"
::ffff:1.2.3.4 [24/Feb/2022:16:28:27 +0100] 200 "GET /forum/threads/dan-c4-sfx.1923191/page-37 HTTP/2.0" "-" "Mozilla/5.0 (iPad; CPU OS 15_3_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/15.3 Mobile/15E148 Safari/604.1"
::ffff:1.2.3.4 [24/Feb/2022:16:28:27 +0100] 200 "GET /forum/threads/dan-c4-sfx.1923191/page-37 HTTP/2.0" "-" "Mozilla/5.0 (iPad; CPU OS 15_3_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/15.3 Mobile/15E148 Safari/604.1"
::ffff:1.2.3.4 [24/Feb/2022:16:28:27 +0100] 200 "GET /forum/threads/dan-c4-sfx.1923191/page-37 HTTP/2.0" "-" "Mozilla/5.0 (iPad; CPU OS 15_3_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/15.3 Mobile/15E148 Safari/604.1"
::ffff:1.2.3.4 [24/Feb/2022:16:28:27 +0100] 200 "GET /forum/threads/dan-c4-sfx.1923191/page-37 HTTP/2.0" "-" "Mozilla/5.0 (iPad; CPU OS 15_3_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/15.3 Mobile/15E148 Safari/604.1"
::ffff:1.2.3.4 [24/Feb/2022:16:28:27 +0100] 200 "GET /forum/threads/dan-c4-sfx.1923191/page-37 HTTP/2.0" "-" "Mozilla/5.0 (iPad; CPU OS 15_3_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/15.3 Mobile/15E148 Safari/604.1"
::ffff:1.2.3.4 [24/Feb/2022:16:28:27 +0100] 200 "GET /forum/threads/dan-c4-sfx.1923191/page-37 HTTP/2.0" "-" "Mozilla/5.0 (iPad; CPU OS 15_3_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/15.3 Mobile/15E148 Safari/604.1"
::ffff:1.2.3.4 [24/Feb/2022:16:28:28 +0100] 200 "GET /forum/threads/dan-c4-sfx.1923191/page-37 HTTP/2.0" "-" "Mozilla/5.0 (iPad; CPU OS 15_3_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/15.3 Mobile/15E148 Safari/604.1"
::ffff:1.2.3.4 [24/Feb/2022:16:28:28 +0100] 200 "GET /forum/threads/dan-c4-sfx.1923191/page-37 HTTP/2.0" "-" "Mozilla/5.0 (iPad; CPU OS 15_3_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/15.3 Mobile/15E148 Safari/604.1"
::ffff:1.2.3.4 [24/Feb/2022:16:28:28 +0100] 429 "GET /forum/threads/dan-c4-sfx.1923191/page-37 HTTP/2.0" "-" "Mozilla/5.0 (iPad; CPU OS 15_3_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/15.3 Mobile/15E148 Safari/604.1"
I've made video demo: https://www.youtube.com/watch?v=FNwTbiydb5o
Originally reported here by our users: https://www.computerbase.de/forum/threads/safari-problem-auf-computerbase-http-error-429-too-many-requests.2073015/
| Attachments | ||
|---|---|---|
| Add attachment proposed patch, testcase, etc. |
Radar WebKit Bug Importer
<rdar://problem/89479503>
Steffen Weber
I've discovered a workaround: Just add the HTTP header "Cross-Origin-Opener-Policy: same-origin" to the attachment (was already there for normal page / HTML requests). I've just applied this change to our website (which means that the reproduction steps above don't work anymore but I hope that the hint regarding the "Cross-Origin-Opener-Policy" will help fix this issue).
Chris Dumez
*** This bug has been marked as a duplicate of bug 235475 ***
Steffen Weber
Which Safari version contains the fix? 15.4?
Chris Dumez
(In reply to Steffen Weber from comment #4)
> Which Safari version contains the fix? 15.4?
iOS 15.4 / macOS 12.3 should have the fix (not sure what that translates to in Safari versions).