[Django] #33856: Django 4 Giant Enormous Bug Report
Django
-------------------------------------+-------------------------------------
Reporter: | Owner: nobody
DADIDADISUPERDADI |
Type: Bug | Status: new
Component: HTTP | Version: 4.0
handling |
Severity: Release | Keywords: Safari, Backbutton,
blocker | Django4
Triage Stage: | Has patch: 0
Unreviewed |
Needs documentation: 0 | Needs tests: 0
Patch needs improvement: 0 | Easy pickings: 0
UI/UX: 0 |
-------------------------------------+-------------------------------------
ug description: Page A is accessed directly, Click something on page A
goes to page B, Press back button back to Page A, And simple html elements
on Page A will stop working with Safari.
See the bug live at: https://howtoback.com/
Django 3 no such bug
The bug has been proven, Given how big the iPhone market is, Thus the
gravity of this bug, I feel obligated to inform the community
How IOS 15 Backbutton works in a nutshell, onclick="history.back();" Very
sloppy for a trillion dollar company's browser, FYI this bug only happens
in https not http, Let me know if the Django dev team knows what's in
Django 4+ causing this bug.
--
Ticket URL: <https://code.djangoproject.com/ticket/33856>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
Django
-------------------------------------+-------------------------------------
Type: Bug | Status: new
Component: HTTP handling | Version: 4.0
Severity: Release blocker | Resolution:
Keywords: Safari, Backbutton, | Triage Stage:
Django4 | Unreviewed
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
Old description:
> ug description: Page A is accessed directly, Click something on page A
> goes to page B, Press back button back to Page A, And simple html
> elements on Page A will stop working with Safari.
>
> See the bug live at: https://howtoback.com/
>
> Django 3 no such bug
>
> The bug has been proven, Given how big the iPhone market is, Thus the
> gravity of this bug, I feel obligated to inform the community
>
> How IOS 15 Backbutton works in a nutshell, onclick="history.back();" Very
> sloppy for a trillion dollar company's browser, FYI this bug only happens
> in https not http, Let me know if the Django dev team knows what's in
> Django 4+ causing this bug.
New description:
Bug description: Page A is accessed directly, Click something on page A
goes to page B, Press back button back to Page A, And simple html elements
on Page A will stop working with Safari.
See the bug live at: https://howtoback.com/
Django 3 no such bug
The bug has been proven, Given how big the iPhone market is, Thus the
gravity of this bug, I feel obligated to report this bug
How IOS 15 Backbutton works in a nutshell, onclick="history.back();" Very
sloppy for a trillion dollar company's browser, FYI this bug only happens
in https not http, Let me know if the Django dev team knows what's in
Django 4+ causing this bug.
--
--
Ticket URL: <https://code.djangoproject.com/ticket/33856#comment:1>
Django
-------------------------------------+-------------------------------------
Reporter: DADIDADISUPERDADI | Owner: nobody
Component: HTTP handling | Version: 4.0
Keywords: Safari, Backbutton, | Triage Stage:
Django4 | Unreviewed
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
* status: new => closed
* resolution: => invalid
Comment:
This has nothing to do with Django
--
Ticket URL: <https://code.djangoproject.com/ticket/33856#comment:2>
Django
-------------------------------------+-------------------------------------
Reporter: DADIDADISUPERDADI | Owner: nobody
Type: Bug | Status: closed
Component: HTTP handling | Version: 4.0
Severity: Release blocker | Resolution: invalid
Keywords: Safari, Backbutton, | Triage Stage:
Django4 | Unreviewed
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
Comment (by DADIDADISUPERDADI):
Replying to [comment:2 Carlton Gibson]:
> This has nothing to do with Django
Then can you explain why pip uninstall Django 4 and pip install Djano 3
would fix the Bug? You are making judgement too quickly and i don't blame
you, Even i was shocked that Django could cause this to happen.
--
Ticket URL: <https://code.djangoproject.com/ticket/33856#comment:3>
Django
-------------------------------------+-------------------------------------
Reporter: DADIDADISUPERDADI | Owner: nobody
Type: Bug | Status: closed
Component: HTTP handling | Version: 4.0
Severity: Release blocker | Resolution: invalid
Keywords: Safari, Backbutton, | Triage Stage:
Django4 | Unreviewed
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
Comment (by Carlton Gibson):
That website looks more like a phishing attempt than a bug report. Its
content concerns Safari and iOS, not Django. There's nothing showing
anything about installing Django or not.
If you can upload a sample project just involving Django, that doesn't
involve interacting with an untrusted website, then we can have a look.
--
Ticket URL: <https://code.djangoproject.com/ticket/33856#comment:4>
Django
-------------------------------------+-------------------------------------
Reporter: DADIDADISUPERDADI | Owner: nobody
Type: Bug | Status: closed
Component: HTTP handling | Version: 4.0
Severity: Release blocker | Resolution: invalid
Keywords: Safari, Backbutton, | Triage Stage:
Django4 | Unreviewed
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
Comment (by DADIDADISUPERDADI):
Replying to [comment:4 Carlton Gibson]:
> That website looks more like a phishing attempt than a bug report. Its
content concerns Safari and iOS, not Django. There's nothing showing
anything about installing Django or not.
>
> If you can upload a sample project just involving Django, that doesn't
involve interacting with an untrusted website, then we can have a look.
>
https://docs.djangoproject.com/en/4.0/releases/4.0/#requests-and-responses
--
Ticket URL: <https://code.djangoproject.com/ticket/33856#comment:5>
Django
-------------------------------------+-------------------------------------
Reporter: DADIDADISUPERDADI | Owner: nobody
Type: Bug | Status: closed
Component: HTTP handling | Version: 4.0
Severity: Release blocker | Resolution: invalid
Keywords: Safari, Backbutton, | Triage Stage:
Django4 | Unreviewed
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
Comment (by DADIDADISUPERDADI):
Replying to [comment:5 DADIDADISUPERDADI]:
> Replying to [comment:4 Carlton Gibson]:
> > That website looks more like a phishing attempt than a bug report. Its
content concerns Safari and iOS, not Django. There's nothing showing
anything about installing Django or not.
> >
> > If you can upload a sample project just involving Django, that doesn't
involve interacting with an untrusted website, then we can have a look.
> >
> https://docs.djangoproject.com/en/4.0/releases/4.0/#requests-and-
responses
I mean this fixed it, However from now on It bugs with Safari by default
for those who don't read the release notes.
--
Ticket URL: <https://code.djangoproject.com/ticket/33856#comment:6>
Django
-------------------------------------+-------------------------------------
Reporter: DADIDADISUPERDADI | Owner: nobody
Type: Bug | Status: closed
Component: HTTP handling | Version: 4.0
Severity: Release blocker | Resolution: invalid
Keywords: Safari, Backbutton, | Triage Stage:
Django4 | Unreviewed
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
Comment (by DADIDADISUPERDADI):
Replying to [comment:6 DADIDADISUPERDADI]:
> Replying to [comment:5 DADIDADISUPERDADI]:
> > Replying to [comment:4 Carlton Gibson]:
> > > That website looks more like a phishing attempt than a bug report.
Its content concerns Safari and iOS, not Django. There's nothing showing
anything about installing Django or not.
> > >
> > > If you can upload a sample project just involving Django, that
doesn't involve interacting with an untrusted website, then we can have a
look.
> > >
> > https://docs.djangoproject.com/en/4.0/releases/4.0/#requests-and-
responses
>
> I mean this fixed it, However from now on It bugs with Safari by default
for those who don't read the release notes.
And no, no untrusted websites involved, Just the same website that Django
is rendering and it is certified and trusted by Let's encrypt or
Cloudflare certificates
--
Ticket URL: <https://code.djangoproject.com/ticket/33856#comment:7>
Django
-------------------------------------+-------------------------------------
Reporter: DADIDADISUPERDADI | Owner: nobody
Type: Bug | Status: closed
Component: HTTP handling | Version: 4.0
Severity: Release blocker | Resolution: invalid
Keywords: Safari, Backbutton, | Triage Stage:
Django4 | Unreviewed
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
Comment (by DADIDADISUPERDADI):
While I appreciate Django is making progress to make the website more
secure, It's best to set that thing back to None by default unless Apple
updates it's IE alike browser, When that Safari Back button is clicked, If
you notice carefully, It might still display https but the lock is gone,
In Django 3, The default SECURE_CROSS_ORIGIN_OPENER_POLICY is None, And
since Apple decides to save budget on it's browser, As a result, The back
button gets one line of coding that is virtually equivalent to
history.back(), And in Django 4 the default
SECURE_CROSS_ORIGIN_OPENER_POLICY is set to same-origin, And thus, The
Bug, All thanks to Safari being a cost-efficient browser.
--
Ticket URL: <https://code.djangoproject.com/ticket/33856#comment:5>