RESOLVED DUPLICATE of bug 235475 237566
Setting `Cross-Origin-Opener-Policy: same-origin` breaks back-forward history navigations 
https://bugs.webkit.org/show_bug.cgi?id=237566
Summary Setting `Cross-Origin-Opener-Policy: same-origin` breaks back-forward history...
David Dworken
Reported 2022-03-07 16:23:47 PST
# Summary If a page sets `Cross-Origin-Opener-Policy: same-origin`, Safari hangs while loading the page if the user hits the back button and then the forward button. See this demo: https://coop.xss.guru/coop_bf # Details Webkit's back-forward cache appears to be broken for pages that set COOP: same-origin. Reproduction steps: 1. User is on a page without a COOP header 2. User clicks a link to a page that sets COOP same-origin 3. User clicks the back button followed by the forward button 4. In Safari's UI, the page appears to hang while loading. Safari devtools show no pending request or errors in the console. Using an intercepting proxy one can see that Safari is making an infinite loop of requests to the page that sets COOP same-origin 5. If the page is modified to set COOP unsafe-none or if COOP support is disabled in Safari, the back-forward navigation completes successfully Demo site: https://coop.xss.guru/coop_bf Demo video: https://drive.google.com/file/d/1-fqOwhx549GSzrlyFx9fbXK9uepC7J8j/view
Attachments
Add attachment proposed patch, testcase, etc.
David Dworken
Comment 1 2022-03-07 16:30:13 PST
I just spotted https://bugs.webkit.org/show_bug.cgi?id=237137 which appears to be about the same behavior.
Radar WebKit Bug Importer
Comment 2 2022-03-10 10:19:07 PST
<rdar://problem/90106601>
Brent Fulgham
Comment 3 2022-06-23 15:50:43 PDT
*** This bug has been marked as a duplicate of bug 235475 ***
Note You need to log in before you can comment on or make changes to this bug.