Double redirect (301) when using "Warn me when web sites try to redirect or reload the page"




7 years ago
7 years ago


(Reporter: restaurant, Unassigned)


(Depends on: 1 bug, Blocks: 1 bug)

6 Branch
Windows XP
Dependency tree / graph

Firefox Tracking Flags

(Not tracked)



(2 attachments)



7 years ago
User Agent: Mozilla/5.0 (Windows NT 5.1; rv:6.0.1) Gecko/20100101 Firefox/6.0.1
Build ID: 20110830092941

Steps to reproduce:

We enabled "Warn me when web sites try to redirect or reload the page"
(Tools > Settings > Advanced > General > Accessibility)

We use a web framework that uses 301 redirects. In our case, the redirect reloads the current page.

Actual results:

When "Warn me when web sites try to redirect or reload the page" is enabled, a redirect is immediately executed without waiting for user input. An information bar pops up nontheless and on confirmation a second redirect is sent. So the request gets sent twice.

Expected results:

The redirect should only be sent after user confirmation via the information bar.

Comment 1

7 years ago
I do not even get this prompt when 301 redirection is used (on sites like or Can you provide an URL where this feature 'works' (displays the prompt)?

Comment 2

7 years ago
I'm sorry, I can't provide a link. In my case, this happens in a local development environment.

Comment 3

7 years ago
I get the prompt on pages that use <META HTTP-EQUIV="Refresh" CONTENT="0;URL=xxx">. It seems to work correctly, asks before redirect.
I can't get the prompt to open on any reply that has HTTP status of 301. That seems to be in line with bug 510186.
Are you sure you get the prompt on 301 redirects?
Depends on: 510186

Comment 4

7 years ago
I also don't get prompted on 301 redirects. The option is documented to work only if a refresh header or meta refresh is present:

It would really help to have a URL that shows the problem. Could you put up a temporary page or something?

Comment 5

7 years ago
You can reproduce the bug with the following URL:

login: smsDEMO / 12345

After you click "Anmelden", a POST is sent which is answered by a 302 redirect. This redirect is immediately performed. On the screenshot you can see that the information bar pops up for user confirmation that would result in a second undesired GET request if confirmed.

Comment 6

7 years ago
Created attachment 559085 [details]
reproduce - login page

Comment 7

7 years ago
Created attachment 559086 [details]
reproduce - redirect result

Comment 8

7 years ago
In the example described above it's a 302 instead of a 301. I'm not sure whether that makes a difference...


7 years ago
Blocks: 685496

Comment 9

7 years ago
The 302 or 301 should have no influence on the information bar. It should not appear (see bug 510186). Notice there is a <meta refresh> tab in the main page. If you have the warning disabled, you won't get the refresh/redirection (only after 720 seconds). If you have the warning enabled, it shows immediatelly. If you click it, it redirects you to a session expiration page. That is bug 417770.

Do you have any other page to test?
You need to log in before you can comment on or make changes to this bug.