Open Bug 1368664 Opened 5 years ago Updated 3 months ago
Use Vary header when matching HTTP/2 pushed items
User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 Steps to reproduce: I built a little test suite thing for this: https://github.com/jakearchibald/http2-push-test/ The test is served at /vary-cookie/, which pushes a request that has "Cookie: val=a", and the pushed response has "Vary: Cookie". 1. Press the "Set cookie b" button, this sets val=b 2. Press "Fetch with credentials" & observe the console Actual results: 4 random numbers are logged. This is the pushed resource. Expected results: "NOT FROM PUSH" - because the pushed resource should not have matched.
Component: Untriaged → Networking: HTTP
Product: Firefox → Core
It'd be interesting to see if the cache did this for a non-push request; my WPT tests didn't cover cases where the cookie was changed. Will give it a go ~tomorrow (currently in the air).
Bulk priority update: https://bugzilla.mozilla.org/show_bug.cgi?id=1399258
Priority: -- → P1
Status: UNCONFIRMED → ASSIGNED
Ever confirmed: true
Assignee: mcmanus → nobody
Status: ASSIGNED → NEW
You need to log in before you can comment on or make changes to this bug.