Open Bug 1732513 Opened 4 years ago Updated 4 years ago

iframe with srcdoc sometimes prefers cached srcdoc over fresh srcdoc

Categories

(Firefox :: Session Restore, defect)

Product:
Firefox
Component:
Session Restore
Version:
Firefox 92
Type:
defect

Tracking

()

Tracking Flags:
Tracking Status
firefox92 --- affected

People

(Reporter: otktlhvzzpgbgczwqt, Unassigned, NeedInfo)

References

Details

(Keywords: parity-chrome)

Attachments

(2 files)

Firefox srcdoc caching.webm
1.43 MB, video/webm
Details
bug_1732513.py, python3 script linked to in #c3
1.79 KB, text/x-python
Details

User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0

Steps to reproduce:

Load a page that sends Cache-Control: no-store as a header and has an iframe with the srcdoc attribute. Then either close and reopen the tab, click a link on the page and navigate back to it, or navigate back and forwards.

Actual results:

The page is reloaded but the content of the iframe is the same as before.

If there is an additional iframe on the reloaded page then the one that appears first in the document will always be the one that shows the cached content.

Expected results:

On page reload the iframes should have always shown what was provided in srcdoc on that request instead of a previous request. An iframe srcdoc should not be cached if its parent document is not being cached.

Hi,

Thanks for attaching a video. I do not have the technical knowledge to test this on my end.
I will assign a proper product and component for visibility.

Thanks,

Estanislao

Component: Untriaged → DOM: Core & HTML
Product: Firefox → Core

(In reply to otktlhvzzpgbgczwqt from comment #0)

Created attachment 9242898 [details]
Firefox srcdoc caching.webm

User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0

Steps to reproduce:

Load a page that sends Cache-Control: no-store as a header and has an iframe with the srcdoc attribute. Then either close and reopen the tab, click a link on the page and navigate back to it, or navigate back and forwards.

Actual results:

The page is reloaded but the content of the iframe is the same as before.

If there is an additional iframe on the reloaded page then the one that appears first in the document will always be the one that shows the cached content.

Expected results:

On page reload the iframes should have always shown what was provided in srcdoc on that request instead of a previous request. An iframe srcdoc should not be cached if its parent document is not being cached.

Thanks for reporting this. In order to reproduce the issue, is it possible to share the needed code?

Definitely: https://paste.uguu.se/?ddcf39799a8c87b9#HGbRxVNKEbJFXnd8z5Zb914NnfcrXS7HWzZvggxhsJRa

When I tested this again just now it looked like I couldn't replicate the video but I was mistaken, it was because I was navigating to the iframe page via a hyperlink instead of going there directly.
If you click a link to go to the iframe page and then do the back and forwards thing, then the iframes still show the old contents but they do update on ctrl+r refresh. But if instead you directly go to the iframe page in a new tab, then the iframes do not update on ctrl+r refresh.

(In reply to otktlhvzzpgbgczwqt from comment #3)

Definitely: https://paste.uguu.se/?ddcf39799a8c87b9#HGbRxVNKEbJFXnd8z5Zb914NnfcrXS7HWzZvggxhsJRa

Thanks.

When I tested this again just now it looked like I couldn't replicate the video but I was mistaken, it was because I was navigating to the iframe page via a hyperlink instead of going there directly.
If you click a link to go to the iframe page and then do the back and forwards thing, then the iframes still show the old contents but they do update on ctrl+r refresh. But if instead you directly go to the iframe page in a new tab, then the iframes do not update on ctrl+r refresh.

Interestingly, with Fission enabled, the iframe isn't updated even before going back- and forwards. That should be dealt with in a separate ticket.

Status: UNCONFIRMED → NEW
Ever confirmed: true
Keywords: parity-chrome
See Also: → 1028527
Whiteboard: parity-chrome,
Component: DOM: Core & HTML → Session Restore
Product: Core → Firefox

If the srcdoc has an external script (on the same origin, e.g. /script.js) and the parent document has CSP script-src 'self', then whenever the script is allowed to execute on the first visit, it becomes blocked by CSP on the second visit (after going back and forwards):

iframe CSP 1 2
-
origin
nonce

This is the full table and this is what I used to test. Maybe relatedly there are cases where CSP 'self' inside the iframe blocks the site's origin, i.e. https://bugzilla.mozilla.org/show_bug.cgi?id=1567970.

Another thing is that if you go to a page with one iframe (and stay there, don't go back and forwards) then if you ctrl+r refresh when there's a javascript alert on the screen the iframe will not update.

The severity field is not set for this bug.
:dao, could you have a look please?

For more information, please visit auto_nag documentation.

Flags: needinfo?(dao+bmo)
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: