Bug 281175
| Summary: | Using Cross-Origin-Opener-Policy HTTP header may corrupt the back/forward list | ||
|---|---|---|---|
| Product: | WebKit | Reporter: | Chris Dumez <cdumez> |
| Component: | WebKit2 | Assignee: | Chris Dumez <cdumez> |
| Status: | RESOLVED FIXED | ||
| Severity: | Normal | CC: | jarek, kkinnunen, pmusaraj, webkit-bug-importer |
| Priority: | P2 | Keywords: | InRadar |
| Version: | WebKit Nightly Build | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| See Also: | https://bugs.webkit.org/show_bug.cgi?id=274310 | ||
Chris Dumez
Using Cross-Origin-Opener-Policy HTTP header may corrupt the back/forward list:
```
Got a better repro (thanks to a colleague, David Taylor).
https://d5.musaraj.com and https://d6.musaraj.com are identical, but d5 has the COOP header, d6 doesn't. The HTML for both is:
```
<ol>
<li><button onclick="window.history.pushState({}, null, '/foo')">Click me</button></li>
<li>Use browser to go 'back' one step</li>
<li><a href="https://d4.musaraj.com">Then click me</a></li>
</ol>
```
https://d4.musaraj.com has this HTML:
```
<script>document.write(`window.location is ${window.location}`)</script>
```
Can see that window history gets corrupted with steps followed in d5 but not with d6.
```
| Attachments | ||
|---|---|---|
| Add attachment proposed patch, testcase, etc. |
Radar WebKit Bug Importer
<rdar://problem/137635838>
Chris Dumez
This is a follow-up to Bug 274310 as it still appears to be broken.
Chris Dumez
I have a fix (actually 2 ways one more complete but a bit more risky and another very limited but safe). I'm working on a test now.
Chris Dumez
Pull request: https://github.com/WebKit/WebKit/pull/35657
EWS
Committed 285729@main (2b008f6776a2): <https://commits.webkit.org/285729@main>
Reviewed commits have been landed. Closing PR #35657 and removing active labels.
EWS
Committed 283286.449@safari-7620-branch (1b35def6ef77): <https://commits.webkit.org/283286.449@safari-7620-branch>
Reviewed commits have been landed. Closing PR #2240 and removing active labels.
Penar Musaraj
I can still repro this issue on latest Safari TP, release 207.
I cannot reproduce it on an early archive build, 285848@main from October 29.