Possible redirect bug
-
-
@browseruser said in Possible redirect bug:
Redirects are normal and common on the web so, while we've all probably experienced shady redirects, I don't as a rule consider them suspicious. Also the bug isn't particular to love.com that's just an example. You can see the same thing happen with cd.com or I imagine any site with a 301 redirect.
I don't consider it normal, if I see the URL of a page and if I click on this URL, but it takes me to a completely different URL.
The only case where it can be considered normal is, if this page notifies me that it redirects me, because it not longer exist and has moved to this new site and it belongs to the same company. In all other cases I have to think of a malware (highjacker) or at least a page of little confidence, like our example. -
It's perfectly normal and nothing "shady" going on. The site gives a redirect is all. No point in seeing evil intent everywhere :face_with_stuck-out_tongue_winking_eye:
@browseruser Have you reported this cosmetic issue as a bug like I asked earlier?
$ curl -LI http://love.com HTTP/1.1 301 Moved Permanently Date: Sat, 29 Feb 2020 11:52:43 GMT P3P: policyref="https://policies.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV" Cache-Control: max-age=3600, public Location: https://www.verizonmedia.com/advertising Content-Type: text/html; charset=UTF-8 Age: 0 Connection: keep-alive Server: ATS X-Frame-Options: DENY X-Content-Type-Options: nosniff Referrer-Policy: strict-origin-when-cross-origin Content-Security-Policy: sandbox allow-scripts; default-src 'self'; img-src https:; style-src 'unsafe-inline'; script-src 'unsafe-inline'; report-uri http://csp.yahoo.com/beacon/csp?src=redirect HTTP/2 200 date: Sat, 29 Feb 2020 11:52:45 GMT content-type: text/html; charset=utf-8 content-length: 29737 vary: Origin content-security-policy: child-src 'self' https://b2b.verizonmedia.com https://pages.oath.com https://www.youtube.com https://pages.verizonmedia.com https://delivery.vidible.tv; frame-ancestors 'self' https://b2b.verizonmedia.com x-content-security-policy: child-src 'self' https://b2b.verizonmedia.com https://pages.oath.com https://www.youtube.com https://pages.verizonmedia.com https://delivery.vidible.tv; frame-ancestors 'self' https://b2b.verizonmedia.com x-webkit-csp: child-src 'self' https://b2b.verizonmedia.com https://pages.oath.com https://www.youtube.com https://pages.verizonmedia.com https://delivery.vidible.tv; frame-ancestors 'self' https://b2b.verizonmedia.com x-eid: r:us-east-2,ph:5d8b678fb5-tjmdt etag: W/"7429-qGnM5GDKxiY57UaT15GQjAl2ZlA" age: 1 strict-transport-security: max-age=31536000 server: ATS expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only" referrer-policy: no-referrer-when-downgrade x-content-type-options: nosniff x-xss-protection: 1; mode=block x-frame-options: SAMEORIGIN
-
@Catweazle said in Possible redirect bug:
I don't consider it (redirects) normal, if I see the URL of a page and if I click on this URL, but it takes me to a completely different URL. The only case where it can be considered normal is, if this page notifies me that it redirects me, because it not longer exist and has moved to this new site and it belongs to the same company.
Failure to 'notify' of a redirection, especially within the same company's stable of URLs, is not rare at all. Typically, I encounter it at least once or twice a week as I browser different sites and links on the Internet. Usually, the only indication (if one notices any at all) is a different URL popping up in the address bar and perhaps a momentary visual flicker. Where things are most noticeable is if the site hasn't kept current all its various certs or if there's a hiccup in the redirection process. It's one reason I still use Olde Opera as an analytic tool, for which I have a 'magic' toggle button that allows me to turn off auto-redirection, thereby pausing the redirect operation at each redirect point to allow analysis.
Indeed, there are the infrequent malicious redirects that pop up once in a while, but the legitimate ones seem far more numerous - or at least, from what I've seen. In any case, the real need for redirection caution/vigilance comes when personal information or trusted transactions are or will be involved.
-
I reported it:
Bug VB-64057 Address bar url doesn't properly update in repeat of 301 redirect -
Also same thing happens when redirecting from http to https.
Example visit
https://www.google.com/Then in address bar type (e.g. remove the "s" from https):
http://www.google.com/hit enter and page reloads but does not update url to https. Green lock icon will show but protocol is still http
-
@Gwen-Dragon
Video showing the behavior in a blank profile
https://imgur.com/a/zzq4Yuf -
@Gwen-Dragon I misread your post I thought you said can't reproduce it. I don't know if you have the ability to contact the developers but they replied that they can't reproduce so maybe you can confirm it for them.
-
Any timeline on fixing this bug? It's pretty annoying when you're trying to test redirects
-
Try control panel( or search "restore")/ create restore point / system restore ... to a previous restore point (I then had to reinstall chrome)
Good luck
-