Saving POST result page silently resends POST data if page no longer in cache

NEW
Unassigned

Status

()

defect
--
critical
11 years ago
7 years ago

People

(Reporter: bzbarsky, Unassigned)

Tracking

(Depends on 1 bug, {uiwanted})

Trunk
Points:
---
Dependency tree / graph

Firefox Tracking Flags

(Not tracked)

Details

STEPS TO REPRODUCE:

1)  Load a POST result page
2)  Clear the cache.
3)  File > Save As
4)  Save as "HTML only"
5)  Either make an HTTP log as you do this, or have access to the server, or use
    a server that produces different output on every POST.

EXPECTED RESULTS: No silent repost

ACTUAL RESULTS: silent repost

Now that bug 84106 is fixed, we'll at least _try_ to hit the cache before reposting, but if the content has expired from cache we'll happily redo the POST.  If you're saving a purchase confirmation page, you might end up repeating the purchase as a result.

For history traversal, we make sure to never do this.  If the POST page is not cached, we put up a dialog asking the user whether to resend the POST data.

Is that the behavio we want here?  Do we want something else (like just aborting the save operation)?

Comment 1

11 years ago
What happens if you Ctrl A, right-click -> View Selection Source, then in the "DOM Source of Selection" window do File -> Save Page As...?
If that doesn't repost could this be the wanted behaviour?
> What happens if

That calls ViewSourceSavePage(), which does a GET on the original page URL.  So it's completely broken for POST pages no matter what.  Want to file a bug on that?
(In reply to comment #2)
I think that's bug 469302, is it fixed on trunk and branch?
No, it is NOT bug 469302.  That bug is about the source shown.  Comment 2 is about the source saved (which is distinctly different from what's shown).  Neither has anything to do with this bug.

Updated

11 years ago
OS: Mac OS X → All
Hardware: x86 → All
Version: unspecified → Trunk

Comment 5

10 years ago
"Please pay me $5 via PayPal and save two copies of the confirmation page -- one for your files and one to send to me."

Updated

10 years ago
Blocks: 485196
Need UI spec; see end of comment 0.
Keywords: uiwanted

Comment 7

10 years ago
Some development references:

* The place where the "web browser persist" component sets the channel
   properties, to control whether an URL is loaded from the cache:

http://mxr.mozilla.org/mozilla-central/source/embedding/components/webbrowserpersist/src/nsWebBrowserPersist.cpp#1194

* The place where the docshell sets the HTTP channel properties, to control
   whether an URL is loaded *only* from the cache:

http://mxr.mozilla.org/mozilla-central/source/docshell/base/nsDocShell.cpp#7532

* The docshell code that handles the case where a document was not found in
   the cache, and asks the user whether to repost:

http://mxr.mozilla.org/mozilla-central/source/docshell/base/nsWebShell.cpp#1198

* The actual repost dialog implementation:

http://mxr.mozilla.org/mozilla-central/source/docshell/base/nsDocShell.cpp#8991


The open question from comment 0 is still if, when "Save As" requires a repost,
we should:
 * Put up a dialog asking the user whether to resend the POST data
 * Abort the save
 * Something else

Comment 8

10 years ago
Noting related bug 177329.

Updated

10 years ago
Depends on: 486921

Comment 9

9 years ago
This should block bug 288462
You need to log in before you can comment on or make changes to this bug.