Work Offline mode allows browsing of no-store flagged content from memory cache.

RESOLVED DUPLICATE of bug 593140

Status

()

Core
Networking: Cache
RESOLVED DUPLICATE of bug 593140
12 years ago
6 years ago

People

(Reporter: Stephen Perry, Unassigned)

Tracking

Trunk
x86
All
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(Reporter)

Description

12 years ago
User-Agent:       Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; ANZ Banking Group; .NET CLR 2.0.50727)
Build Identifier: User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.8.0.3) Gecko/20060426 Firefox/1.5.0.3

When accessing a page where Cache-Control: no-store headers are sent, going into "Offline mode" after moving away from that page allows the user to access it via the back/forward buttons and the History list. 

This behaivour contradicts comments in related bugs:

<a href="https://bugzilla.mozilla.org/show_bug.cgi?id=261312#c7">261312</a>
Dan Fisher says -
"fwiw, we do keep 'no-store' content in the memory cache until it is expired via
LRU eviction, but we don't show it on back/forward because that is the behavior
that many web apps expect.  we keep 'no-store' content in the cache so that
users can save it to disk if they choose, view the source of the page, or print
the content (in the case of images), etc.  but, for session history navigation a
server hit is required."

This is also covered in <a href="https://bugzilla.mozilla.org/show_bug.cgi?id=112564#c45">112564</a> which mentions that no-store pages are only accessible from about:cache, but it seems that the content is also accessible via back/forward and history when the user enters Offline Mode. 

A related defect regarding Offline mode and no-cache is <a href="https://bugzilla.mozilla.org/show_bug.cgi?id=328835">328835</a>

Reproducible: Always

Steps to Reproduce:
1. Access page with Cache-Control: no-store set
2. Navigate away from the page
3. Choose File-> Work Offline 
4. Click 'back' button

Also accessible from History sidebar after a tab has been closed. 

Actual Results:  
Page is displayed without trying to hit the server (as Work Offline is enabled).

Expected Results:  
Screen should be displayed telling the user they are in offline mode and will have to connect to view the page (same as any other request requiring network access in Offline mode).

The actual header we are sending on the page we are experiencing this issue is:
HTTP/1.x 200 OK
Connection: close
Date: Mon, 29 May 2006 00:21:29 GMT
Server: Microsoft-IIS/6.0, WebSphere Application Server/5.1
Cache-Control: no-cache, private, no-store, max-age=0
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: text/html;charset=ISO-8859-1
Content-Language: en-AU

The site is a secure site (https) but additional testing shows this also happens on non secure sites.

Only GET requests seem to be affect, as POST requests require the re-sending of POSTDATA and will try to re-hit the server.

Comment 1

12 years ago
FYI: You can reference bugs in Bugzilla just by typing "Bug 123456", Bugzilla will auto-linkify them (same for "Bug 123456 Comment 1").

Updated

12 years ago
Component: History → Networking: Cache
Product: Firefox → Core
QA Contact: history → networking.cache
Version: unspecified → Trunk
Status: UNCONFIRMED → RESOLVED
Last Resolved: 6 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 593140
You need to log in before you can comment on or make changes to this bug.