Note: There are a few cases of duplicates in user autocompletion which are being worked on.

Use Vary header when matching HTTP/2 pushed items

UNCONFIRMED
Assigned to

Status

()

Core
Networking: HTTP
UNCONFIRMED
2 months ago
a month ago

People

(Reporter: Jake Archibald, Assigned: mcmanus)

Tracking

({reproducible, testcase})

Trunk
reproducible, testcase
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: [necko-active])

(Reporter)

Description

2 months ago
User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36

Steps to reproduce:

I built a little test suite thing for this: https://github.com/jakearchibald/http2-push-test/

The test is served at /vary-cookie/, which pushes a request that has "Cookie: val=a", and the pushed response has "Vary: Cookie".

1. Press the "Set cookie b" button, this sets val=b
2. Press "Fetch with credentials" & observe the console


Actual results:

4 random numbers are logged. This is the pushed resource.


Expected results:

"NOT FROM PUSH" - because the pushed resource should not have matched.
(Reporter)

Updated

2 months ago
Component: Untriaged → Networking: HTTP
Product: Firefox → Core
Assignee: nobody → mcmanus
Keywords: reproducible, testcase
Whiteboard: [necko-active]

Comment 1

a month ago
It'd be interesting to see if the cache did this for a non-push request; my WPT tests didn't cover cases where the cookie was changed. Will give it a go ~tomorrow (currently in the air).
You need to log in before you can comment on or make changes to this bug.