#33856: Django 4 Giant Enormous Bug Report
-------------------------------------+-------------------------------------
Reporter: DADIDADISUPERDADI | Owner: nobody
Type: Bug | Status: closed
Component: HTTP handling | Version: 4.0
Severity: Release blocker | Resolution: invalid
Keywords: Safari, Backbutton, | Triage Stage:
Django4 | Unreviewed
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
Comment (by DADIDADISUPERDADI):
While I appreciate Django is making progress to make the website more
secure, It's best to set that thing back to None by default unless Apple
updates it's IE alike browser, When that Safari Back button is clicked, If
you notice carefully, It might still display https but the lock is gone,
In Django 3, The default SECURE_CROSS_ORIGIN_OPENER_POLICY is None, And
since Apple decides to save budget on it's browser, As a result, The back
button gets one line of coding that is virtually equivalent to
history.back(), And in Django 4 the default
SECURE_CROSS_ORIGIN_OPENER_POLICY is set to same-origin, And thus, The
Bug, All thanks to Safari being a cost-efficient browser.
--
Ticket URL: <https://code.djangoproject.com/ticket/33856#comment:5>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-updates/0107018212484b09-592c30b9-b675-4d21-8398-bb37566c933d-000000%40eu-central-1.amazonses.com.
