Sometimes meta refresh confuses the request origin - Githubissues

RequestPolicy / requestpolicy

RequestPolicy is a Firefox extension that gives you control over cross-site requests. --- Be sure to look at the dev-1.0 branch as that's where all of the interesting work is happening. See also: https://www.requestpolicy.com/1.0.html

https://www.requestpolicy.com/

107 stars 17 forks source link

Sometimes meta refresh confuses the request origin #179

Open jsamuel opened 12 years ago

jsamuel commented 12 years ago

imported trac ticket
created: 2011-02-05 04:11:24
reporter: emk

Steps to reproduce:

Allow requests from "adobe.co.jp" to "adobe.com".
Go to http://www.linelabo.com/index001.htm
Click the link "Adobe Acrobat Reader" at the bottom of the page which links to http://www.adobe.co.jp/products/acrobat/readstep.html Expected result: It should redirect to http://www.adobe.com/jp/products/acrobat/readstep.html, then refresh to http://www.adobe.com/jp/products/acrobat/readstep2.html.

Actual result: Refresh fails. Even infobar is not displayed. Request log claims the origin is http://www.linelabo.com/index001.htm which should be http://www.adobe.co.jp/products/acrobat/readstep.html. Interestingly, if you visit http://www.adobe.co.jp/products/acrobat/readstep.html directly, refresh succeeds.

jsamuel commented 12 years ago

imported trac comment
created: 2011-02-05 04:17:10
author: emk

Request log claims the origin is http://www.linelabo.com/index001.htm which should be http://www.adobe.co.jp/products/acrobat/readstep.html. Sorry, the origin should be http://www.adobe.com/jp/products/acrobat/readstep.html.

jsamuel commented 12 years ago

imported trac comment
created: 2011-02-05 13:00:55
author: justin

I think this may be a duplicate of #176. I've tested and the only odd behavior I get is that the redirect notification isn't shown if http://www.adobe.co.jp/products/acrobat/readstep.html is cached. I never actually get a blocked request unless it's my first time clicking the link, I've cleared the cache, or I've refreshed that page. Rather, when it fails, it's because the cached page is shown and no redirect is even attempted (because it came from cache and there was no Location response header as a result, possibly because the earlier cached page had it stripped by !RequestPolicy when the redirect was initially blocked).

Could you check whether this is what you're seeing? If it is, it's more reason for me to raise the priority of #176. Thanks.

jsamuel commented 12 years ago

imported trac comment
created: 2011-02-06 03:12:16
author: emk

I could always reproduce the problem even if I cleared the cache. I've even tested on a fresh profile. I get a blocked request again if I refresh on http://www.adobe.com/jp/products/acrobat/readstep.html. However, when I press enter on the location bar, the request is no longer blocked.

jsamuel commented 12 years ago

imported trac comment
created: 2011-09-05 10:34:23
author: justin

Unless the cause of this bug is diagnosed or it becomes a problem for more users, I'm postponing looking at this further until after version 1.0.