Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: 5c3dd122be67ec056c6c5c1b823fa4d4492360d3
https://github.com/WebKit/WebKit/commit/5c3dd122be67ec056c6c5c1b823fa4d4492360d3
Author: Anthony Tarbinian <[email protected]>
Date: 2026-03-23 (Mon, 23 Mar 2026)
Changed paths:
M Source/WebKit/UIProcess/API/APIPageConfiguration.h
M Source/WebKit/UIProcess/WebPageProxy.cpp
M Source/WebKit/UIProcess/WebPageProxyInternals.h
M Source/WebKit/UIProcess/WebProcessPool.cpp
M Tools/TestWebKitAPI/Tests/WebKitCocoa/SiteIsolation.mm
Log Message:
-----------
[Site Isolation] Avoid calling ensureProcessForSite for empty sites during
WebPageProxy::initializeWebPage
https://bugs.webkit.org/show_bug.cgi?id=309029
rdar://171576184
Reviewed by Sihui Liu.
When inheriting an origin from an opener, don't call
BrowsingContextGroup::ensureProcessForSite from
WebPageProxy::initializeWebPage.
In the scenario where an empty site inherits an
origin from their opener site, there's no need to call
ensureProcessForSite with the empty site. Instead, we can
directly grab the FrameProcess of the opener.
Calling BrowsingContextGroup::ensureProcessForSite with an
empty site causes issues since BrowsingContextGroup::m_processMap
isn't aware of empty sites and their origin inheritance relationships.
Previously, this problem was avoided by passing in an "effectiveSite"
to ensureProcessForSite. In the case of inheriting from the opener, we
would make the "effectiveSite" the origin of the opener. However this is
complicated when the opener is also an empty site.
For example, an about:blank with an opaque origin opens another about:blank,
inheriting from an "about:blank" with an opaque origin became
tricky as it was defined as a Site with an empty protocol
(vs. other about:blanks which have a protocol of "about:").
This caused BrowsingContextGroup to treat the two about:blanks
as different sites which it tried to inject browsing context into.
Since the two about:blanks are in the same process, injecting
browsing context into the same process twice caused a collision
in the IPC message receiver HashMap which triggered the assertion
causing this issue.
This PR also fixes a case where an empty site is opened from
another empty site and the opener belongs to a process which
is associated with a non-empty site.
Take this example:
1. Navigate window 1 to "https://a.com";
2. Now, navigate window 1 to "about:blank". Here the about:blank's
process->site() will be "https://a.com";
3. Have window 1 call, window.open() with no arguments. The
opened window should inherit the origin of "https://a.com";,
not "about:blank".
Test: Tools/TestWebKitAPI/Tests/WebKitCocoa/SiteIsolation.mm
Test: Tools/TestWebKitAPI/Tests/WebKitCocoa/SiteIsolation.mm
* Source/WebKit/UIProcess/API/APIPageConfiguration.h:
(API::PageConfiguration::processInheritedFromOpener const):
(API::PageConfiguration::setProcessInheritedFromOpener):
* Source/WebKit/UIProcess/WebPageProxy.cpp:
(WebKit::WebPageProxy::Internals::Internals):
(WebKit::processInheritedFromOpener):
(WebKit::WebPageProxy::WebPageProxy):
(WebKit::WebPageProxy::initializeWebPage):
(WebKit::openerOrigin): Deleted.
* Source/WebKit/UIProcess/WebPageProxyInternals.h:
* Source/WebKit/UIProcess/WebProcessPool.cpp:
(WebKit::WebProcessPool::createWebPage):
* Tools/TestWebKitAPI/Tests/WebKitCocoa/SiteIsolation.mm:
(TestWebKitAPI::(SiteIsolation, OpenAboutBlankFromAboutBlank)):
(TestWebKitAPI::(SiteIsolation, OpenNonEmptySiteFromAboutBlank)):
(TestWebKitAPI::(SiteIsolation, OpenEmptySiteFromProcessWithNonEmptySite)):
Canonical link: https://commits.webkit.org/309761@main
To unsubscribe from these emails, change your notification settings at
https://github.com/WebKit/WebKit/settings/notifications
