Bug 237566
| Summary: | Setting `Cross-Origin-Opener-Policy: same-origin` breaks back-forward history navigations | ||
|---|---|---|---|
| Product: | WebKit | Reporter: | David Dworken <ddworken> |
| Component: | History | Assignee: | Nobody <webkit-unassigned> |
| Status: | RESOLVED DUPLICATE | ||
| Severity: | Major | CC: | bfulgham, cdumez, ddworken, pgriffis, webkit-bug-importer |
| Priority: | P2 | Keywords: | InRadar |
| Version: | Safari 15 | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| See Also: | https://bugs.webkit.org/show_bug.cgi?id=237137 | ||
David Dworken
# Summary
If a page sets `Cross-Origin-Opener-Policy: same-origin`, Safari hangs while loading the page if the user hits the back button and then the forward button. See this demo: https://coop.xss.guru/coop_bf
# Details
Webkit's back-forward cache appears to be broken for pages that set COOP: same-origin. Reproduction steps:
1. User is on a page without a COOP header
2. User clicks a link to a page that sets COOP same-origin
3. User clicks the back button followed by the forward button
4. In Safari's UI, the page appears to hang while loading. Safari devtools show no pending request or errors in the console. Using an intercepting proxy one can see that Safari is making an infinite loop of requests to the page that sets COOP same-origin
5. If the page is modified to set COOP unsafe-none or if COOP support is disabled in Safari, the back-forward navigation completes successfully
Demo site: https://coop.xss.guru/coop_bf
Demo video: https://drive.google.com/file/d/1-fqOwhx549GSzrlyFx9fbXK9uepC7J8j/view
| Attachments | ||
|---|---|---|
| Add attachment proposed patch, testcase, etc. |
David Dworken
I just spotted https://bugs.webkit.org/show_bug.cgi?id=237137 which appears to be about the same behavior.
Radar WebKit Bug Importer
<rdar://problem/90106601>
Brent Fulgham
*** This bug has been marked as a duplicate of bug 235475 ***