Closed Bug 340041 Opened 19 years ago Closed 12 years ago

Work Offline mode allows browsing of no-store flagged content from memory cache.

Categories

(Core :: Networking: Cache, defect)

Product:
Core
Component:
Networking: Cache
Platform:
x86
All
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED DUPLICATE of bug 593140

People

(Reporter: steve_bugzilla, Unassigned)

Details

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; ANZ Banking Group; .NET CLR 2.0.50727) Build Identifier: User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.8.0.3) Gecko/20060426 Firefox/1.5.0.3 When accessing a page where Cache-Control: no-store headers are sent, going into "Offline mode" after moving away from that page allows the user to access it via the back/forward buttons and the History list. This behaivour contradicts comments in related bugs: <a href="https://bugzilla.mozilla.org/show_bug.cgi?id=261312#c7">261312</a> Dan Fisher says - "fwiw, we do keep 'no-store' content in the memory cache until it is expired via LRU eviction, but we don't show it on back/forward because that is the behavior that many web apps expect. we keep 'no-store' content in the cache so that users can save it to disk if they choose, view the source of the page, or print the content (in the case of images), etc. but, for session history navigation a server hit is required." This is also covered in <a href="https://bugzilla.mozilla.org/show_bug.cgi?id=112564#c45">112564</a> which mentions that no-store pages are only accessible from about:cache, but it seems that the content is also accessible via back/forward and history when the user enters Offline Mode. A related defect regarding Offline mode and no-cache is <a href="https://bugzilla.mozilla.org/show_bug.cgi?id=328835">328835</a> Reproducible: Always Steps to Reproduce: 1. Access page with Cache-Control: no-store set 2. Navigate away from the page 3. Choose File-> Work Offline 4. Click 'back' button Also accessible from History sidebar after a tab has been closed. Actual Results: Page is displayed without trying to hit the server (as Work Offline is enabled). Expected Results: Screen should be displayed telling the user they are in offline mode and will have to connect to view the page (same as any other request requiring network access in Offline mode). The actual header we are sending on the page we are experiencing this issue is: HTTP/1.x 200 OK Connection: close Date: Mon, 29 May 2006 00:21:29 GMT Server: Microsoft-IIS/6.0, WebSphere Application Server/5.1 Cache-Control: no-cache, private, no-store, max-age=0 Pragma: no-cache Expires: Thu, 01 Jan 1970 00:00:00 GMT Content-Type: text/html;charset=ISO-8859-1 Content-Language: en-AU The site is a secure site (https) but additional testing shows this also happens on non secure sites. Only GET requests seem to be affect, as POST requests require the re-sending of POSTDATA and will try to re-hit the server.
FYI: You can reference bugs in Bugzilla just by typing "Bug 123456", Bugzilla will auto-linkify them (same for "Bug 123456 Comment 1").
Component: History → Networking: Cache
Product: Firefox → Core
QA Contact: history → networking.cache
Version: unspecified → Trunk
Status: UNCONFIRMED → RESOLVED
Closed: 12 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.