Closed Bug 1068415 Opened 10 years ago Closed 8 years ago

bfcache should store pages with HTTPS and Cache-Control: "no-cache"

Categories

(Core :: Networking: Cache, defect)

Product:
Core
Component:
Networking: Cache
Version:
33 Branch
Platform:
x86_64
Windows 7
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED DUPLICATE of bug 567365

People

(Reporter: rolyc5, Unassigned)

Details

(Whiteboard: DUPEME) 

User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:33.0) Gecko/20100101 Firefox/33.0
Build ID: 20140911191954

Steps to reproduce:

Logged into https://www.reddit.com/  
Clicked on comments link to load another reddit page within the same tab.  
Clicked the back-arrow button to navigate to previous page.  


Actual results:

Firefox fetched the homepage again instead of loading it from cache, making Firefox "feel" slow.  (https://www.reddit.com/r/firefox/comments/2gluvg/is_firefox_just_getting_slower/ckkcpig)


Expected results:

Firefox should behave like it does on non-https pages and load from cache.
Component: Untriaged → Networking: Cache
Product: Firefox → Core
Will take a look.
Assignee: nobody → honzab.moz
Confirming.  Reproducible with the current nightly (m-c) and cache2=on.  Irreproducible with cache2=off.
Status: UNCONFIRMED → NEW
Ever confirmed: true
So, I forgot to keep me logged in (second attempt with cache2=off I was logged off from reddit).

So, retested more carefully and I can reproduce this even with cache2=off.  I can also reproduce this in Fx31/clean profile where cache2 is off by default.

This is not a cache2 regressions.



These are the responses for https://www.reddit.com/


not logged in

http response [
  HTTP/1.1 200 OK
  Server: cloudflare-nginx
  Date: Thu, 18 Sep 2014 13:37:20 GMT
  Content-Type: text/html; charset=UTF-8
  x-ua-compatible: IE=edge
  X-Frame-Options: SAMEORIGIN
  x-content-type-options: nosniff
  X-XSS-Protection: 1; mode=block
  Vary: Accept-Encoding
  x-moose: majestic
  Cache-Control: max-age=0
  cf-cache-status: EXPIRED
  Expires: Thu, 18 Sep 2014 13:37:20 GMT ( log time: 2014-09-18 13:37:11.880000 )
  cf-ray: 16bdf0011bba105b-CDG
  Content-Encoding: gzip
  X-Firefox-Spdy: 3.1
]


logged in:

http response [
  HTTP/1.1 200 OK
  Server: cloudflare-nginx
  Date: Thu, 18 Sep 2014 13:42:20 GMT
  Content-Type: text/html; charset=UTF-8
  x-ua-compatible: IE=edge
  Cache-Control: no-cache, no-cache
  Pragma: no-cache
  X-Frame-Options: SAMEORIGIN
  x-content-type-options: nosniff
  X-XSS-Protection: 1; mode=block
  Vary: accept-encoding
  x-moose: majestic
  cf-ray: 16bdf7547b83104f-CDG
  Content-Encoding: gzip
  X-Firefox-Spdy: 3.1
]


Boris, can you confirm that

  Cache-Control: no-cache, no-cache
  Pragma: no-cache

in the response prevents use of bfcaching?  Or would there be a different reason?

I'm actually asking if this is a Firefox bug or we should convert this to a evangelism bug to reddit.
Assignee: honzab.moz → nobody
Status: NEW → UNCONFIRMED
Ever confirmed: false
Flags: needinfo?(bzbarsky)
Yes, we explicitly don't bfcache https things that are no-cache, so you can't just hit "back" to view a bank site you logged out of, say.  See nsDocShell::ShouldDiscardLayoutState and the check for that flag in nsDocShell::CanSavePresentation.

There are lots of old bugs with discussion about this.
Flags: needinfo?(bzbarsky)
Whiteboard: DUPEME
This behavior is very annoying. HTTPS is for transport security. Local security is my job. There really should be a preference to disable it, or at least something in about:config.

This behavior makes the https user experience considerably worse than the http one, and is therefore an impediment to opportunistic encryption.
Dup of bug 567365 and/or bug 261312?
Status: UNCONFIRMED → RESOLVED
Closed: 8 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.