Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Clarify "7.6.1 Navigating across documents" with respect to redirects and javascript: urls #314

Closed
eefriedman opened this issue Nov 6, 2015 · 7 comments
Assignees

Comments

@eefriedman
Copy link

I assume an HTTP redirect to a javascript: URL should be treated as a network error, but the spec isn't really clear.

@annevk
Copy link
Member

annevk commented Nov 6, 2015

I think that ends up working actually. Why would it be a network error? Should a redirect to a skype URL scheme be a network error? (Note that these schemes only work in navigation to begin with.)

@eefriedman
Copy link
Author

Hmm... let me try working through the steps again.

From the perspective of the browser, queuing a task to run the script works differently because it's asynchronous... but I guess that's not a fundamental problem, just annoying.

I guess it all works out except that the "If the origin of the source browsing context..." bit doesn't seem to account for the origin of the URL.

@annevk
Copy link
Member

annevk commented Nov 6, 2015

Okay, so one problem would be that you navigate to a cross-origin URL, that redirects to a javascript URL, and that ends up executing in the current browsing context. That does indeed seem bad.

Do you happen to have tested what browsers do today?

@eefriedman
Copy link
Author

Firefox and IE treat it as a network error. (IE gives "This page can’t be displayed...", Firefox gives "Corrupted Content Error".) Chrome aborts the navigation like a 204 response, regardless of the origin.

@annevk
Copy link
Member

annevk commented Jun 30, 2016

How would you like to be acknowledged for reporting this?

annevk added a commit that referenced this issue Jun 30, 2016
Redirect handling had the following issues that are now fixed:

* /a navigating to /b which redirects to /a#test would not unload /a.
* Headers set on the initial request were not preserved.
* Redirects to javascript URLs would not result in an error.
  Fixes #314.
* Location header was not parsed, and HTTP method was not changed
  where needed. Fixes #461.

Another source of complexity was the "gone async" mechanism, which
was used for two steps that could just as easily be factored out and
had to be since they were run synchronously, but should not be.

Changing that fixes #1446 which discusses the issue around unknown
URL schemes in more detail.
annevk added a commit that referenced this issue Jun 30, 2016
Redirect handling had the following issues that are now fixed:

* /a navigating to /b which redirects to /a#test would not unload /a.
* Headers set on the initial request were not preserved.
* Redirects to javascript URLs would not result in an error.
  Fixes #314.
* Location header was not parsed, and HTTP method was not changed
  where needed. Fixes #461.

Another source of complexity was the "gone async" mechanism, which
was used for two steps that could just as easily be factored out and
had to be since they were run synchronously, but should not be.

Changing that fixes #1446 which discusses the issue around unknown
URL schemes in more detail.
@annevk
Copy link
Member

annevk commented Jun 30, 2016

#1476 attempts to fix this.

@eefriedman
Copy link
Author

Just "Eli Friedman" is fine for an acknowledgement.

@annevk annevk closed this as completed in 8b630f5 Jul 4, 2016
alice pushed a commit to alice/html that referenced this issue Jan 8, 2019
Redirect handling had the following issues that are now fixed:

* /a navigating to /b which redirects to /a#test would not unload /a.
* Headers set on the initial request were not preserved.
* Redirects to javascript URLs would not result in an error.
  Fixes whatwg#314.
* Location header was not parsed, and HTTP method was not changed
  where needed. Fixes whatwg#461.

Another source of complexity was the "gone async" mechanism, which
was used for two steps that could just as easily be factored out and
had to be since they were run synchronously, but should not be.

Changing that fixes whatwg#1446 which discusses the issue around unknown
URL schemes in more detail.

multipart/x-mixed-replace no longer invokes the navigate algorithm 
halfway through, but instead invokes a dedicated algorithm.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Development

No branches or pull requests

3 participants