-
Notifications
You must be signed in to change notification settings - Fork 2.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Back-forward cache meta-bug #5880
Comments
#6556 mentions that #6207 (comment) suggests |
A currently implemented, yes but we are trying to change that with https://github.com/fergald/explainer-bfcache-ccns |
Thanks @zcorpan, I've added a list of issues related to BFCache eligibility/eviction in the original post. It would be great if we can get the open issues, discussions and PRs around those resolved, e.g. #8972 for BroadcastChannel.
In Chrome's implementation, I don't think document.open() affects BFCache eligibility (intentionally, at least). I think there's been a bunch of changes around history too after that issue, maybe @domenic can comment more here (I'll try to repro soon too if needed) |
Is WebKit interested in changing |
We are. As a matter of fact we already tried. However, we had to revert our change because of complaints from banks (You log out of your bank account, then press back and still see your bank account). What's the plan to deal with this? (The clear-site-data HTTP header?). |
Making Gecko removed "cache" in https://bugzilla.mozilla.org/show_bug.cgi?id=1671182 but I'll file a new bug to implement it. Edit: https://bugzilla.mozilla.org/show_bug.cgi?id=1838506 |
(I noticed now that privacycg/storage-partitioning#11 is still open re |
Re: CSD and We (Chrome) think that CSD should remove BFCache pages and recently impllemented it but I don't think it's enough to just allow all CCNS pages into BFCache. We have been working on a cautious first step to allow caching pages with CCNS. The explainer is here. It includes CSD additional mitigations. An earlier version of this was proposed here. We would appreciate feedback. I'll post some info on why just enabling CSD and then caching is problematic. Logging out of a site doesn't necessarily involve a network request to that site. Apps that log in/out using e.g firebase or other federated logins can log in/out without any network request going to the app's site. Logging out with federated login is just a matter of discarding your access token. Our biggest concern is that we are trying to change a very old behaviour. CCNS used to be documented (on MDN, I think) as the way to stop BFCache and it's still given as an answer on stack exchange etc. If we just provide a way to fix it (e.g. CSD) and then go ahead and start BFCaching, every problematic site is a problem until they notice and fix it. We know that we can be more cautious without much cost. Our previous experiment observing cookies told us that we can turn about 50% of cache misses into hits if we evict whenever any cookie for that site changes and 95% if we only consider HTTP-only cookies. Our current plan is much more cautious than that because it also uses fetch/XHR as a signal. We don't yet know what fraction of CCNS pages it will unblock. |
Since there's a lot of separate discussions related to back-forward cache, I think it might be useful to have this meta-bug to track them to keep people who are interested in it aware of all the relevant discussions (inspired by @domenic's focus meta-bug :) ).
API additions
General web-exposed behaviors
BFCache eligibility/eviction
Browsing context/browsing context group change
WPT
Related APIs
Also, the Chrome BFCache team made a document that lays out some behavior differences between Chrome, Firefox, and Safari's bfcache: https://docs.google.com/document/d/1JtDCN9A_1UBlDuwkjn1HWxdhQ1H2un9K4kyPLgBqJUc/edit?usp=sharing. The doc is probably incomplete, and some differences mentioned in the doc have no spec issues filed at the moment. Feel free to open issues and I'll add to the list. Let me know if there's anything I'm missing :)
cc people in previous threads @annevk @smaug---- @mystor @cdumez @beidson @hober @altimin @xharaken @fergald @geoffreygaren
The text was updated successfully, but these errors were encountered: