RESOLVED FIXED281175
Using Cross-Origin-Opener-Policy HTTP header may corrupt the back/forward list 
https://bugs.webkit.org/show_bug.cgi?id=281175
Summary Using Cross-Origin-Opener-Policy HTTP header may corrupt the back/forward list
Chris Dumez
Reported 2024-10-09 16:41:07 PDT
Using Cross-Origin-Opener-Policy HTTP header may corrupt the back/forward list: ``` Got a better repro (thanks to a colleague, David Taylor). https://d5.musaraj.com and https://d6.musaraj.com are identical, but d5 has the COOP header, d6 doesn't. The HTML for both is: ``` <ol> <li><button onclick="window.history.pushState({}, null, '/foo')">Click me</button></li> <li>Use browser to go 'back' one step</li> <li><a href="https://d4.musaraj.com">Then click me</a></li> </ol> ``` https://d4.musaraj.com has this HTML: ``` <script>document.write(`window.location is ${window.location}`)</script> ``` Can see that window history gets corrupted with steps followed in d5 but not with d6. ```
Attachments
Add attachment proposed patch, testcase, etc.
Radar WebKit Bug Importer
Comment 1 2024-10-09 16:41:29 PDT
<rdar://problem/137635838>
Chris Dumez
Comment 2 2024-10-09 16:42:44 PDT
This is a follow-up to Bug 274310 as it still appears to be broken.
Chris Dumez
Comment 3 2024-10-22 20:11:45 PDT
I have a fix (actually 2 ways one more complete but a bit more risky and another very limited but safe). I'm working on a test now.
Chris Dumez
Comment 4 2024-10-23 17:04:52 PDT
Pull request: https://github.com/WebKit/WebKit/pull/35657
EWS
Comment 5 2024-10-26 13:46:02 PDT
Committed 285729@main (2b008f6776a2): <https://commits.webkit.org/285729@main> Reviewed commits have been landed. Closing PR #35657 and removing active labels.
EWS
Comment 6 2024-11-07 12:03:45 PST
Committed 283286.449@safari-7620-branch (1b35def6ef77): <https://commits.webkit.org/283286.449@safari-7620-branch> Reviewed commits have been landed. Closing PR #2240 and removing active labels.
Penar Musaraj
Comment 7 2024-11-11 11:51:09 PST
I can still repro this issue on latest Safari TP, release 207. I cannot reproduce it on an early archive build, 285848@main from October 29.
Note You need to log in before you can comment on or make changes to this bug.