#33856 closed Bug (invalid)
Django 4 Giant Enormous Bug Report
| Reported by: | DADIDADISUPERDADI | Owned by: | nobody |
|---|---|---|---|
| Component: | HTTP handling | Version: | 4.0 |
| Severity: | Release blocker | Keywords: | Safari, Backbutton, Django4 |
| Cc: | Triage Stage: | Unreviewed | |
| Has patch: | no | Needs documentation: | no |
| Needs tests: | no | Patch needs improvement: | no |
| Easy pickings: | no | UI/UX: | no |
Description (last modified by )
Bug description: Page A is accessed directly, Click something on page A goes to page B, Press back button back to Page A, And simple html elements on Page A will stop working with Safari.
See the bug live at: https://howtoback.com/
Django 3 no such bug
The bug has been proven, Given how big the iPhone market is, Thus the gravity of this bug, I feel obligated to report this bug
How IOS 15 Backbutton works in a nutshell, onclick="history.back();" Very sloppy for a trillion dollar company's browser, FYI this bug only happens in https not http, Let me know if the Django dev team knows what's in Django 4+ causing this bug.
Change History (5)
comment:1 by , 2 years ago
| Description: | modified (diff) |
|---|
follow-up: 3 comment:2 by , 2 years ago
| Resolution: | → invalid |
|---|---|
| Status: | new → closed |
comment:3 by , 2 years ago
Replying to Carlton Gibson:
This has nothing to do with Django
Then can you explain why pip uninstall Django 4 and pip install Djano 3 would fix the Bug? You are making judgement too quickly and i don't blame you, Even i was shocked that Django could cause this to happen.
comment:4 by , 2 years ago
That website looks more like a phishing attempt than a bug report. Its content concerns Safari and iOS, not Django. There's nothing showing anything about installing Django or not.
If you can upload a sample project just involving Django, that doesn't involve interacting with an untrusted website, then we can have a look.
follow-up: 5 comment:5 by , 2 years ago
While I appreciate Django is making progress to make the website more secure, It's best to set that thing back to None by default unless Apple updates it's IE alike browser, When that Safari Back button is clicked, If you notice carefully, It might still display https but the lock is gone, In Django 3, The default SECURE_CROSS_ORIGIN_OPENER_POLICY is None, And since Apple decides to save budget on it's browser, As a result, The back button gets one line of coding that is virtually equivalent to history.back(), And in Django 4 the default SECURE_CROSS_ORIGIN_OPENER_POLICY is set to same-origin, And thus, The Bug, All thanks to Safari being a cost-efficient browser.
This has nothing to do with Django