There is some problem with caching of 302 in Firefox 66 and 67:
Some sequence of 302 cause that Firefox use previously cached location from 302 instead of URL which is already available - therefore it should not be redirected. It happens even if "Cache-Control: no-cache, no-store, max-age=0, must-revalidate" is used in header for all 302.
Use case:
- User cleans Firefox cache.
- User enters URL for resource (PNG image) occuring on each page.
- System (using CAS Apereo + Spring security) sends response with Status Code 302 and Location of CAS login page.
- User enters other URL, e.g. home page. It causes that user is not redirected to resource required in 2nd step. No-caching works all right in Firefox when this step is skipped.
- System sends response with Status Code 302 and Location of CAS login page (like in 3rd step).
- User logs in.
- System sends response with Status Code 302 and Location of CAS ticket. Then redirects to URL required in 4th step using Status Code 302 again.
- System does not behave normally. Firefox uses cached files (including those from URLs required in 2nd and 4th steps) although it should not be cached. E.g. It causes redirection to home page (URL from 4th step) instead of displaying required page (accessed from menu).
Other browsers and older Firefox behaves normally and redirection does not happen. Firefox 66 and 67 behaves normally when its cache is cleared.
Firefox console screenshots:
3rd step network log:
5th network log:
6th network log:
7th network log:
