Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: 212c74a1c63a57108f00e04d75e5478ee375a73f
https://github.com/WebKit/WebKit/commit/212c74a1c63a57108f00e04d75e5478ee375a73f
Author: Basuke Suzuki <[email protected]>
Date: 2026-03-03 (Tue, 03 Mar 2026)
Changed paths:
M
LayoutTests/http/tests/navigation/resources/cross-site-iframe-nav-page.html
M
LayoutTests/http/tests/navigation/resources/cross-site-iframe-nav-popup.html
M
LayoutTests/http/tests/navigation/resources/cross-site-iframe-nav-with-bfcache-page.html
M LayoutTests/http/tests/navigation/resources/navigation-utils.js
A
LayoutTests/http/tests/site-isolation/history/back-iframe-no-bf-cache-expected.txt
A LayoutTests/http/tests/site-isolation/history/back-iframe-no-bf-cache.html
M Source/WebCore/loader/FrameLoadRequest.h
M Source/WebCore/loader/FrameLoader.cpp
M Source/WebCore/loader/FrameLoader.h
M Source/WebCore/loader/LocalFrameLoaderClient.cpp
M Source/WebCore/loader/LocalFrameLoaderClient.h
M Source/WebCore/loader/NavigationAction.cpp
M Source/WebCore/loader/NavigationAction.h
M Source/WebCore/loader/PolicyChecker.cpp
M Source/WebKit/Shared/NavigationActionData.h
M Source/WebKit/Shared/PolicyDecision.h
M Source/WebKit/Shared/PolicyDecision.serialization.in
M Source/WebKit/Shared/WebBackForwardListFrameItem.cpp
M Source/WebKit/Shared/WebBackForwardListFrameItem.h
M Source/WebKit/UIProcess/WebBackForwardList.cpp
M Source/WebKit/UIProcess/WebBackForwardList.h
M Source/WebKit/UIProcess/WebFrameProxy.cpp
M Source/WebKit/UIProcess/WebFrameProxy.h
M Source/WebKit/UIProcess/WebPageProxy.cpp
M Source/WebKit/UIProcess/WebPageProxy.h
M Source/WebKit/WebProcess/WebCoreSupport/WebFrameLoaderClient.cpp
M Source/WebKit/WebProcess/WebCoreSupport/WebLocalFrameLoaderClient.cpp
M Source/WebKit/WebProcess/WebCoreSupport/WebLocalFrameLoaderClient.h
M Source/WebKit/WebProcess/WebPage/WebFrame.cpp
M Source/WebKit/WebProcess/WebPage/WebFrame.h
Log Message:
-----------
[Site Isolation] Route same-site child frame back/forward navigations through
UIProcess when UseUIProcessForBackForwardItemLoading is enabled.
https://bugs.webkit.org/show_bug.cgi?id=308562
rdar://170106309
Reviewed by Charlie Wolfe and Sihui Liu.
When UseUIProcessForBackForwardItemLoading is enabled and a parent frame
performs a back/forward
navigation, child frame URL loads were falling through to the legacy
loadURLIntoChildFrame path
instead of being intercepted by the UIProcess.
This patch routes same-site child frame back/forward loads through the existing
decidePolicyForNavigationAction IPC, letting the UIProcess make the decision
about what URL to
load. The WebProcess simply dispatches the navigation; the UIProcess looks up
the correct
FrameState from the BackForwardList, rewrites the request URL, and sends the
FrameState back in
the PolicyDecision so the WebProcess can reconstruct a HistoryItem and load it.
WebProcess side:
- In FrameLoader::loadURLIntoChildFrame, when
UseUIProcessForBackForwardItemLoading is enabled,
call dispatchBackForwardItemLoading on the client instead of the legacy child
item lookup path.
Extract the remaining legacy logic into loadChildHistoryItemIntoFrame and
continueLoadURLIntoChildFrame
for fallback use.
- In WebLocalFrameLoaderClient::dispatchBackForwardItemLoading, build a
FrameLoadRequest with the
parent's BackForwardItemIdentifier and dispatch it through
dispatchDecidePolicyForBackForwardNavigationAction on the child frame's
client.
- In WebFrame::didReceivePolicyDecision, when the response includes a
backForwardFrameState,
reconstruct a HistoryItem and stash it via
FrameLoader::setRequestedHistoryItem.
- In the policy callback, call FrameLoader::loadRequestedHistoryItem with
PolicyAlreadyDecided::Yes
to load the historical content without a redundant UIProcess round-trip.
UIProcess side:
- In WebPageProxy::decidePolicyForNavigationAction, detect back/forward
navigations with a
targetBackForwardItemIdentifier. Look up the child frame's FrameState by
finding the frame's
sibling index (WebFrameProxy::indexInFrameTreeSiblings) and looking up the
corresponding child
in the BackForwardList (WebBackForwardList::frameStateForIndexedChild).
Rewrite the request URL
to the historical URL and attach the FrameState to the PolicyDecision
response.
Other changes:
- Add PolicyAlreadyDecided enum to skip the UIProcess IPC in PolicyChecker when
the decision has
already been made.
- Add WebBackForwardListFrameItem::childItemAtIndex,
WebFrameProxy::indexInFrameTreeSiblings,
and FrameLoader::createFrameLoadRequest helpers.
- Remove NavigationAction::setTargetBackForwardItem(HistoryItem&) and
targetBackForwardItemIdentifier(); the identifier is now carried on
FrameLoadRequest instead.
Test: http/tests/site-isolation/history/back-iframe-no-bf-cache.html
* LayoutTests/http/tests/navigation/resources/back-iframe-popup.html:
* LayoutTests/http/tests/navigation/resources/cross-site-iframe-nav-page.html:
* LayoutTests/http/tests/navigation/resources/cross-site-iframe-nav-popup.html:
*
LayoutTests/http/tests/navigation/resources/cross-site-iframe-nav-with-bfcache-page.html:
* LayoutTests/http/tests/navigation/resources/navigation-utils.js:
(crossSiteUrl):
*
LayoutTests/http/tests/site-isolation/history/back-iframe-no-bf-cache-expected.txt:
Added.
* LayoutTests/http/tests/site-isolation/history/back-iframe-no-bf-cache.html:
Added.
* Source/WebCore/loader/FrameLoadRequest.h:
(WebCore::FrameLoadRequestBase::targetBackForwardItemIdentifier const):
(WebCore::FrameLoadRequestBase::setTargetBackForwardItemIdentifier):
* Source/WebCore/loader/FrameLoader.cpp:
(WebCore::FrameLoader::createFrameLoadRequest):
(WebCore::FrameLoader::loadURLIntoChildFrame):
(WebCore::FrameLoader::loadChildHistoryItemIntoFrame):
(WebCore::FrameLoader::continueLoadURLIntoChildFrame):
(WebCore::FrameLoader::loadDifferentDocumentItem):
(WebCore::FrameLoader::setRequestedHistoryItem):
(WebCore::FrameLoader::loadRequestedHistoryItem):
* Source/WebCore/loader/FrameLoader.h:
* Source/WebCore/loader/LocalFrameLoaderClient.cpp:
(WebCore::LocalFrameLoaderClient::dispatchBackForwardItemLoading):
* Source/WebCore/loader/LocalFrameLoaderClient.h:
* Source/WebCore/loader/NavigationAction.cpp:
(WebCore::NavigationAction::setTargetBackForwardItem): Deleted.
* Source/WebCore/loader/NavigationAction.h:
(WebCore::NavigationAction::policyAlreadyDecided const):
(WebCore::NavigationAction::setPolicyAlreadyDecided):
(WebCore::NavigationAction::targetBackForwardItemIdentifier const): Deleted.
* Source/WebCore/loader/PolicyChecker.cpp:
(WebCore::PolicyChecker::checkNavigationPolicy):
* Source/WebKit/Shared/NavigationActionData.h:
* Source/WebKit/Shared/PolicyDecision.h:
* Source/WebKit/Shared/PolicyDecision.serialization.in:
* Source/WebKit/Shared/WebBackForwardListFrameItem.cpp:
(WebKit::WebBackForwardListFrameItem::childItemAtIndex):
* Source/WebKit/Shared/WebBackForwardListFrameItem.h:
* Source/WebKit/UIProcess/WebBackForwardList.cpp:
(WebKit::WebBackForwardList::findFrameStateInItem):
* Source/WebKit/UIProcess/WebBackForwardList.h:
* Source/WebKit/UIProcess/WebFrameProxy.cpp:
(WebKit::WebFrameProxy::indexInFrameTreeSiblings const):
* Source/WebKit/UIProcess/WebFrameProxy.h:
* Source/WebKit/UIProcess/WebPageProxy.cpp:
(WebKit::WebPageProxy::frameStateForBackForwardChildFrame):
(WebKit::WebPageProxy::decidePolicyForNavigationAction):
* Source/WebKit/UIProcess/WebPageProxy.h:
* Source/WebKit/WebProcess/WebCoreSupport/WebFrameLoaderClient.cpp:
* Source/WebKit/WebProcess/WebCoreSupport/WebLocalFrameLoaderClient.cpp:
(WebKit::WebLocalFrameLoaderClient::dispatchBackForwardItemLoading):
(WebKit::WebLocalFrameLoaderClient::dispatchDecidePolicyForBackForwardNavigationAction):
* Source/WebKit/WebProcess/WebCoreSupport/WebLocalFrameLoaderClient.h:
* Source/WebKit/WebProcess/WebPage/WebFrame.cpp:
(WebKit::WebFrame::didReceivePolicyDecision):
(WebKit::WebFrame::setHistoryItemForBackForwardNavigation):
* Source/WebKit/WebProcess/WebPage/WebFrame.h:
Canonical link: https://commits.webkit.org/308613@main
To unsubscribe from these emails, change your notification settings at
https://github.com/WebKit/WebKit/settings/notifications
