Closed Bug 89309 Opened 23 years ago Closed 23 years ago

Reload POSTed page doesn't rePOST or popup dialog, just re-renders

Categories

(Core :: DOM: Navigation, defect, P3)

Product:
Core
Component:
DOM: Navigation
Type:
defect

Tracking

()

Status:
VERIFIED FIXED
Milestone:
mozilla1.0

People

(Reporter: greenrd, Assigned: radha)

References

(
URL
)

Details

Attachments

(1 file)

Patch to docshell
2.02 KB, patch
radha
: review+
rpotts
: superreview+
Details | Diff | Splinter Review
From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.2) Gecko/20010628 BuildID: 2001062823 When you submit a form using HTTP POST, and then click the reload button, confirmation dialog is not shown. This could cause multiple purchases on badly-designed ecommerce sites, e.g. buy.com. Correct behaviour occurs, however, if you hold down shift while clicking reload. Reproducible: Always Steps to Reproduce: 1. Note: I am connecting through a proxy - this may be relevant. 2. Go to URL above 3. Enter some text 4. Click translate button 5. When page has finished loading, click reload button on button bar. Actual Results: Immediate reload. Expected Results: Should display the dialog box saying: "The page you are trying to view contains POSTDATA..." and asking for confirmation before doing the reload. Workaround: Shift + Reload
i'm not sure who should own this, but i'd like some comments from UID.
Assignee: asa → mpt
Component: Browser-General → User Interface Design
QA Contact: doronr → zach
Actually, the data seems not to be reposted without shift, even if the page has a "no-cache" header. It is treated like navigating in session history. Testcase: http://clarence.de/post-test/form1.html (select "Data included"). The distinction between "reload" and "shift+reload" does not make sense for POSTs. IMO a simple reload should be treated like a shift+reload for POSTs, because we can't validate it without performing a repost and the user has just told us to validate it (that's what "reload" actually means). Confirming with 2001-07-12-14, Win NT. OS -> all. Lowering severity because I don't think this can really cause multiple purchases or similar bad things.
Severity: major → normal
Status: UNCONFIRMED → NEW
Ever confirmed: true
OS: Linux → All
changing title to reflect Andreas' comments.
Summary: Reload POSTed page doesn't popup confirmation dialog → Reload POSTed page doesn't rePOST or popup dialog, just re-renders
The reporter is correct: as in other browsers, the alert should be shown on a simple reload (though QA should check that it does *not* appear when merely going back or forward past such a page which has expired from the cache). However, the appearance and content of the alert must be cleaned up first; for the alert to appear in its current state would be considerably worse than the current behavior of it not appearing at all. +-------------------------------------------------+ |:::::::::::::::::::::::::::::::::::::::::::::::::| +-------------------------------------------------+ | , This page cannot be reloaded without | | /!\ resending the information you entered. | | """ Are you sure you want to continue? | | | | ( Cancel ) (( Resend )) | +-------------------------------------------------+ If you wish to deal with that in another bug, please make it block this one. --> Form Submission
Assignee: mpt → rods
Component: User Interface Design → Form Submission
Keywords: 4xp
QA Contact: zach → vladimire
Hardware: PC → All
Over to eric
Assignee: rods → evaughan
When a post data result page is reloaded, we do not repost it to the server ie., we will not duplicate a credit card purchase or whatever. Session History holds a handle to the postdata and passes it to cache. I don't know how cache validates a postdata result, but we definitely do not repost to the server. The 'no-cache' behavior has recently changed. Please check in a recent build. Taking from evaughan.
Status: NEW → ASSIGNED
*** Bug 99708 has been marked as a duplicate of this bug. ***
IIRC, the HTTP spec requires that POST requests not be cached. What I understand from this, is that every reload must resubmit the form to the server. Hence, whether you want to or not, you MUST duplicate credit card purchase, and MUST NOT store the page in cache. Philip
protocol specs to not dictate usability. they say "should not be cached" but it does not say "the reload button in an agent should not rerender the page"
exactly.. the useragent is free to decide when it re-renders a page. we may decide that the reload button should actually contact the server again, but no matter what, that decision is completely in the hands of the useragent.
there's a distinction between CACHE and HISTORY. the USERAGENT may not CACHE POSTs but i think it may HISTORY them. these are all techincal terms however i'm not a spec reader/writer, i'm a bug reader.
it sounds like we've gone down a tangent here... the real bug IMO is what reload means for a POST result. if we look at other browsers (4x for example) reload means: popup a dialog to ask the user if they want to resubmit, and then if yes, resubmit the POST request. the POST request should (obviously) never be re-issued without user confirmation for the reasons radha outlined. radha: what do you think?
Post data results are kept in HISTORY, not in CACHE.We currently throw the dialog asking user's confirmation to repost only if the page has expired from cache. Otherwise, on a simple reload, the postdata stored by history is applied on to the page without resubmitting to the server. Both Nav 4.x and IE6 throw a dialog on a simple reload of a post data result. I think this is do-able from history's perspective. Darin: Would there be an issue with Cache? How do I make the cache to go out and repost the data with out changing the loadType?
When you reload any page other than the results of a form post, the server is hit (although it may respond with "not modified"). It's confusing that Mozilla redisplays the page without reloading it without hitting the server, especially since the result of a form post is likely to be dynamic.
radha: you only need to ensure that the VALIDATE_ALWAYS load flag is set (which should already be set for a reload).
VALIDATE_ALWAYS is done currently. Also, for reloads on post data results, the second argument to SetCacheKey is passed PR_TRUE, indicating to load the page *only* from cache, as in http://lxr.mozilla.org/seamonkey/source/docshell/base/nsDocShell.cpp#4558. I guess this should be false if the user gave permission to repost to the server. Right?
radha: right, the second argument to SetCacheKey should be FALSE if the user has confirmed that re-POSTing is ok.
This is session history.
Assignee: evaughan → radha
Status: ASSIGNED → NEW
Component: Form Submission → History: Session
Priority: -- → P3
Target Milestone: --- → mozilla1.0
Comment on attachment 50603 [details] [diff] [review] Patch to docshell radha: the code which sets cacheFlag should be moved inside the if (cacheChannel && cacheKey) block. otherwise, r=darin
Comment on attachment 50603 [details] [diff] [review] Patch to docshell sr=rpotts@netscape.com
Attachment #50603 - Flags: superreview+
Status: NEW → RESOLVED
Closed: 23 years ago
Resolution: --- → FIXED
Fix checked in.
*** Bug 95205 has been marked as a duplicate of this bug. ***
verifying 2001-10-12-05 windows 98 branch
Status: RESOLVED → VERIFIED
I have never encountered this before, I've always been getting the dialog. However, it is reported that Firefox 1.0.0 for windows is re-posting without showing any dialog. Well, firefox 1.0.3 is out, but I think firefox 1.0.0 was released some years after this bug was reported fixed?
Component: History: Session → Document Navigation
QA Contact: vladimire → docshell
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: