Open
Bug 1312490
Opened 8 years ago
Updated 2 years ago
location.href returns URL of domain on error pages
Categories
(Core :: DOM: Core & HTML, defect, P3)
Tracking
()
UNCONFIRMED
| Tracking | Status | |
|---|---|---|
| platform-rel | --- | + |
People
(Reporter: gregwhitworth, Unassigned)
Details
(Whiteboard: [platform-rel-Microsoft][platform-rel-Edge])
User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.14956 Steps to reproduce: When running our API Usage crawler, we happened to be running during the DNS outage and wanted to find the URLs that failed due to this. One way of doing this was to look at the URLs for some hint that it failed take for example this URL, which isn't owned and thus fails: http://www.gregisawesome.com/ Actual results: Now open the console and type location.href - what is returned is the domain that you are on, but the content being served is not actually from gregisawesome.com but from the DNS error page within Firefox. Expected results: All of the APIs should reference what is actually being seen by the user, for example Edge shows the following values for location.href: "ms-appx-web://microsoft.microsoftedge/assets/errorpages/dnserror.html#http://gregisawesome.com/" And Chrome provides the following: data:text/html,chromewebdata
|
||
Comment 2•8 years ago
|
||
baku, can you take a look?
Flags: needinfo?(overholt) → needinfo?(amarchesini)
|
||
Updated•8 years ago
|
platform-rel: --- → ?
Whiteboard: [platform-rel-Microsoft][platform-rel-Edge]
|
||
Comment 3•8 years ago
|
||
Why would a browser reveal some its internal state to the web? I consider Edge and Chrome behavior a bug here.
|
|
||
Comment 4•8 years ago
|
||
Anne, has error page loading been considered to be spec'ed?
Flags: needinfo?(annevk)
|
||
Comment 5•8 years ago
|
||
https://github.com/whatwg/html/issues/125 is the furthest we got (input welcome). Personally I'd like to make error pages cross-origin at which point I'm not sure how you'd ever be able to retrieve location.href from them.
Flags: needinfo?(annevk)
|
|
||
Comment 6•8 years ago
|
||
yeah, I agree, they should be cross-origin.
|
||
Comment 7•8 years ago
|
||
I totally agree with comment 3. I don't think we should expose internal pages. I prefer to wait until we take a decision in https://github.com/whatwg/html/issues/125
|
|
||
Updated•8 years ago
|
Flags: needinfo?(amarchesini)
|
||
Updated•8 years ago
|
Priority: -- → P3
|
Reporter | |
Comment 8•8 years ago
|
||
Is it possible to change it to null or "" until the spec is updated?
|
||
Updated•8 years ago
|
platform-rel: ? → +
|
|
||
Updated•8 years ago
|
Rank: 52
|
|
||
Comment 9•8 years ago
|
||
Greg, I don't understand your setup. How do you even get this value? Some kind of privileged access?
|
|
||
Comment 11•8 years ago
|
||
If you have privileged access surely you don't need to look at location.href to find out if you're on an error page?
Flags: needinfo?(annevk)
|
|
Reporter | |
Comment 12•8 years ago
|
||
@Anne - do I need it? No, but I'm only needing to add in this code due to this interop issue so it would be good to get this defined in some manner because if I hit it I'm sure others will as well.
|
|
||
Comment 13•8 years ago
|
||
That's fair and I'm not necessarily opposed with Firefox aligning. Anything that's not observable from the web is somewhat immaterial to me.
|
Assignee | |
Updated•5 years ago
|
Component: DOM → DOM: Core & HTML
|
||
Updated•2 years ago
|
Severity: normal → S3
You need to log in
before you can comment on or make changes to this bug.
Description
•