Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: 85a40761dd654a01ef5563c799e8c9ed983eccc5
https://github.com/WebKit/WebKit/commit/85a40761dd654a01ef5563c799e8c9ed983eccc5
Author: Sihui Liu <[email protected]>
Date: 2026-03-09 (Mon, 09 Mar 2026)
Changed paths:
M Source/WebKit/UIProcess/ProvisionalPageProxy.cpp
M Source/WebKit/UIProcess/WebFrameProxy.cpp
M Source/WebKit/UIProcess/WebFrameProxy.h
M Source/WebKit/UIProcess/WebPageProxy.cpp
M Tools/TestWebKitAPI/Tests/WebKitCocoa/Navigation.mm
Log Message:
-----------
[Site Isolation] Fix WKNavigation.Frames
https://bugs.webkit.org/show_bug.cgi?id=309476
rdar://172056950
Reviewed by Per Arne Vollan.
The `WKNavigation` deletegate callbacks will be invoked with `WKFrameInfo`,
which contains info of navigating frame. The
WKNavigation.Frame test currently fails under Site Isolation because the
`WKFrameInfo.securityOrigin` does not match the
values when Site Isolation is off. Here are the issues:
- When `didStartProvisionalNavigation` is invoked for provisional subframe, the
origin is the origin of parent or opener
frame without Site Isolation, but it is null with Site Isolation. Without SI,
`Document::initSecurityContext` can get
the origin from parent or opener frame, so it can correctly initialize the
origin; but with SI, the provisional frame is
in a different process. To fix it, this patches adds
`WebFrameProxy::m_documentSecurityOrigin` and have UI process
initiliaze it based on creator frame's origin (similar to what
`initSecurityContext` does). The origin will be sent as
part of `FrameTreeSyncData` to the web process, so that the web process could
have correct origin to include in
`WebPageProxy::DidStartProvisionalLoadForFrame` message.
- With the above fix, there's another issue that when
`didFailProvisionalNavigation` is invoked for provisional frame,
and the frame is used to replace a frame that has committed before, the origin
is the last committed origin without
Site Isolation, but is null under Site Isolation. The cause is with SI, the
provisional frame's web process does not
know about the previously committed URL (as it does need to know the previous
URL to perform loading). To fix it, this
patch makes `WebFrameProxy` take previous frame URL into consideration when
updating `m_documentSecurityOrigin`.
* Source/WebKit/UIProcess/ProvisionalPageProxy.cpp:
(WebKit::ProvisionalPageProxy::ProvisionalPageProxy):
* Source/WebKit/UIProcess/WebFrameProxy.cpp:
(WebKit::WebFrameProxy::WebFrameProxy):
(WebKit::WebFrameProxy::didCommitLoad):
(WebKit::WebFrameProxy::didCreateSubframe):
(WebKit::WebFrameProxy::securityOrigin const):
(WebKit::WebFrameProxy::updateDocumentSecurityOrigin):
* Source/WebKit/UIProcess/WebFrameProxy.h:
(WebKit::WebFrameProxy::create):
* Source/WebKit/UIProcess/WebPageProxy.cpp:
(WebKit::WebPageProxy::initializeWebPage):
* Tools/TestWebKitAPI/Tests/WebKitCocoa/Navigation.mm:
(TEST(WKNavigation, FramesWithHTTPSNavigation)):
(TEST(WKNavigation, FramesWithLoadingError)):
Canonical link: https://commits.webkit.org/308944@main
To unsubscribe from these emails, change your notification settings at
https://github.com/WebKit/WebKit/settings/notifications
