Closed Bug 1802112 Opened 2 years ago Closed 2 years ago

Wrong cache behavior.

Categories

(Core :: Networking: Cache, defect)

Product:
Core
Component:
Networking: Cache
Version:
Firefox 107
Type:
defect

Tracking

()

Status:
RESOLVED INVALID

People

(Reporter: kozeluh, Unassigned)

Details

Attachments

(4 files)

screenshot
2.48 KB, image/png
Details
Cached file.
120.92 KB, image/png
Details
2022-11-25 15_13_33-Window.png
4.49 KB, image/png
Details
2022-11-25 15_15_59-Window.png
16.92 KB, image/png
Details

User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:107.0) Gecko/20100101 Firefox/107.0

Steps to reproduce:

Configure old router on http://192.168.0.1:8080, replacing router with a new one with same IP but http on 80 (e.g. http://192.168.0.1 or http://192.168.0.1:80). Browser won't open login dialog instead it redirects to a dead page on port 8080. Chromium opens web page correctly. Probably it's because of old cached page which redirect to port 8080 but it should't overwrite the address again after manual repair of address. Probably it could be used for browser hijack.

Actual results:

Unable to open new login page.

Expected results:

Do not overwrite manually added port number on address bar! Never!

The Bugbug bot thinks this bug should belong to the 'Firefox::Address Bar' component, and is moving the bug to that component. Please correct in case you think the bot is wrong.

Component: Untriaged → Address Bar
Attached image screenshot

Is the urlbar autofilling the port like in the screenshot I'm posting (I typed the non selected part), or when you press enter there is the exact right url in the urlbar, but it then redirects to the wrong one?

Flags: needinfo?(kozeluh)

Old router worked on 8080 but there was redirect from 80 (I'll open 192.168.0.1 and it's immediately redirects to 192.168.0.1:8080). I think it cached simple page on port 80 and redirects to port 8080 even after router went offline. Unfortunately I'm not able use ctrl+f5 to refresh because of redirect.
But if I manually delete 80 or whole 8080 (address bar shows 192.168.0.1:80 or 192.168.0.1) it should recheck the page it's same like the one on cache.
I can imagine it could be used for malicious attack. Attacker will change for a short while home page with redirect code and returns it back. Nobody noticed home page change but few users will be redirected to malicious one.

Flags: needinfo?(kozeluh)

if you search for the domain (192.168.0.1) in the history sidebar (CTRL+H), right click on an Entry and pick Forget About This Site, is the problem resolved?

Flags: needinfo?(kozeluh)

Now working after forgetting history of 192.168.0.1:8080 it's redirecting to wrong page.

Flags: needinfo?(kozeluh)

Ok, sorry I must go by trial and error.
Could you please try going to about:preferences#privacy, click on the Manage Data button in the Cookies and Website Data section, check if 192.168.0.1 is in the list, select it and click on Remove Selected

is there any other entry in history sidebar pointing to that domain (ip actually)? Did you remove all of them?

Flags: needinfo?(kozeluh)

Nothing in history, nothing in the Manage Cookies and Site Data, still redirecting. Unfortunately I can't create new profile and try it on clean one. I don't have the router to reproduce it again. Now I have only testing Mikrotik, where I can put IP and try if it works or not.
And sorry for "Now" on my previous post, it should be "Not".

Flags: needinfo?(kozeluh)

OK, this is something either in network or cache, not sure, I don't think it's a urlbar bug anymore based on the above.

Component: Address Bar → Networking: Cache
Product: Firefox → Core

Hi, can you check in about:cache if you have any entries for http://192.168.0.1 ? If there is one, can you post its contents here?
There might indeed be a cached redirect.
It could be that the cache entry is still valid.
Or it could be a bug that we end up using it. Or there could be something else.
If there are no entries in about:cache, could you capture some http logging for us? Thanks!

Flags: needinfo?(kozeluh)

Hi, there are cached pages from old router and there is also page http://192.168.0.1:8080 where it took the redirect.

Flags: needinfo?(kozeluh)
Attached image Cached file.

Here is screen show about:cache with cached redirect page.

Is there any entry for http://192.168.0.1 (no port) ?

PS. If there is please click on it and post the contents here (I mostly care about the headers)

Yes it is.

Sorry, I've read the PS after posting previous picture.

The problem here is that the previous router sent back a redirect with no expiration or cache-control headers. That means the response is cached and valid.
I've confirmed that this scenario works the same in other browsers.
You can fix it by clearing the HTTP cache. Press Ctrl-Shift-Delete, Time range: Everything, only check Cache.
Thanks!

Status: UNCONFIRMED → RESOLVED
Closed: 2 years ago
Resolution: --- → INVALID
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: