Possible redirect bug


  • Ambassador

    @browseruser said in Possible redirect bug:

    Redirects are normal and common on the web so, while we've all probably experienced shady redirects, I don't as a rule consider them suspicious. Also the bug isn't particular to love.com that's just an example. You can see the same thing happen with cd.com or I imagine any site with a 301 redirect.

    I don't consider it normal, if I see the URL of a page and if I click on this URL, but it takes me to a completely different URL.
    The only case where it can be considered normal is, if this page notifies me that it redirects me, because it not longer exist and has moved to this new site and it belongs to the same company. In all other cases I have to think of a malware (highjacker) or at least a page of little confidence, like our example.



  • It's perfectly normal and nothing "shady" going on. The site gives a redirect is all. No point in seeing evil intent everywhere 😜

    @browseruser Have you reported this cosmetic issue as a bug like I asked earlier?

    $ curl -LI http://love.com
    HTTP/1.1 301 Moved Permanently
    Date: Sat, 29 Feb 2020 11:52:43 GMT
    P3P: policyref="https://policies.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
    Cache-Control: max-age=3600, public
    Location: https://www.verizonmedia.com/advertising
    Content-Type: text/html; charset=UTF-8
    Age: 0
    Connection: keep-alive
    Server: ATS
    X-Frame-Options: DENY
    X-Content-Type-Options: nosniff
    Referrer-Policy: strict-origin-when-cross-origin
    Content-Security-Policy: sandbox allow-scripts; default-src 'self'; img-src https:; style-src 'unsafe-inline'; script-src 'unsafe-inline'; report-uri http://csp.yahoo.com/beacon/csp?src=redirect
    
    HTTP/2 200
    date: Sat, 29 Feb 2020 11:52:45 GMT
    content-type: text/html; charset=utf-8
    content-length: 29737
    vary: Origin
    content-security-policy: child-src 'self' https://b2b.verizonmedia.com https://pages.oath.com https://www.youtube.com https://pages.verizonmedia.com https://delivery.vidible.tv; frame-ancestors 'self' https://b2b.verizonmedia.com
    x-content-security-policy: child-src 'self' https://b2b.verizonmedia.com https://pages.oath.com https://www.youtube.com https://pages.verizonmedia.com https://delivery.vidible.tv; frame-ancestors 'self' https://b2b.verizonmedia.com
    x-webkit-csp: child-src 'self' https://b2b.verizonmedia.com https://pages.oath.com https://www.youtube.com https://pages.verizonmedia.com https://delivery.vidible.tv; frame-ancestors 'self' https://b2b.verizonmedia.com
    x-eid: r:us-east-2,ph:5d8b678fb5-tjmdt
    etag: W/"7429-qGnM5GDKxiY57UaT15GQjAl2ZlA"
    age: 1
    strict-transport-security: max-age=31536000
    server: ATS
    expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
    referrer-policy: no-referrer-when-downgrade
    x-content-type-options: nosniff
    x-xss-protection: 1; mode=block
    x-frame-options: SAMEORIGIN
    


  • @Catweazle said in Possible redirect bug:

    I don't consider it (redirects) normal, if I see the URL of a page and if I click on this URL, but it takes me to a completely different URL. The only case where it can be considered normal is, if this page notifies me that it redirects me, because it not longer exist and has moved to this new site and it belongs to the same company.

    Failure to 'notify' of a redirection, especially within the same company's stable of URLs, is not rare at all. Typically, I encounter it at least once or twice a week as I browser different sites and links on the Internet. Usually, the only indication (if one notices any at all) is a different URL popping up in the address bar and perhaps a momentary visual flicker. Where things are most noticeable is if the site hasn't kept current all its various certs or if there's a hiccup in the redirection process. It's one reason I still use Olde Opera as an analytic tool, for which I have a 'magic' toggle button that allows me to turn off auto-redirection, thereby pausing the redirect operation at each redirect point to allow analysis.

    Indeed, there are the infrequent malicious redirects that pop up once in a while, but the legitimate ones seem far more numerous - or at least, from what I've seen. In any case, the real need for redirection caution/vigilance comes when personal information or trusted transactions are or will be involved.



  • I reported it:
    Bug VB-64057 Address bar url doesn't properly update in repeat of 301 redirect



  • Also same thing happens when redirecting from http to https.

    Example visit
    https://www.google.com/

    Then in address bar type (e.g. remove the "s" from https):
    http://www.google.com/

    hit enter and page reloads but does not update url to https. Green lock icon will show but protocol is still http

    5f7c3bb2-9169-4f8b-b77a-041e87f975ca-image.png


  • Moderator

    @browseruser Can reproduce it, i tested it with 2.11 and google address.


  • Moderator

    @browseruser I confirmed the bug VB-64057



  • @Gwen-Dragon

    Video showing the behavior in a blank profile
    https://imgur.com/a/zzq4Yuf



  • @Gwen-Dragon I misread your post I thought you said can't reproduce it. I don't know if you have the ability to contact the developers but they replied that they can't reproduce so maybe you can confirm it for them.


  • Moderator

    @browseruser I am an internal tester, I updated and confirmed the bugreport.



  • Any timeline on fixing this bug? It's pretty annoying when you're trying to test redirects


  • Moderator

    @Gwen-Dragon said in Possible redirect bug:

    VB-64057

    I updated bug entry.


Log in to reply
 

Looks like your connection to Vivaldi Forum was lost, please wait while we try to reconnect.