Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: 66c11208b93940ff73844d9954eabdd78d87cc57
https://github.com/WebKit/WebKit/commit/66c11208b93940ff73844d9954eabdd78d87cc57
Author: Ryosuke Niwa <[email protected]>
Date: 2026-05-03 (Sun, 03 May 2026)
Changed paths:
M LayoutTests/platform/ios-site-isolation/TestExpectations
M LayoutTests/platform/mac-site-isolation/TestExpectations
M Source/WebCore/loader/FrameLoader.cpp
M Source/WebKit/UIProcess/WebPageProxy.cpp
M Source/WebKit/WebProcess/WebPage/WebBackForwardListProxy.h
M Source/WebKit/WebProcess/WebPage/WebPage.cpp
M Source/WebKit/WebProcess/WebPage/WebPage.h
M Source/WebKit/WebProcess/WebPage/WebPage.messages.in
Log Message:
-----------
[Site Isolation] navigate-cross-origin-iframe-to-same-url-with-fragment.html
fails
https://bugs.webkit.org/show_bug.cgi?id=313884
Reviewed by Basuke Suzuki.
This PR fixes two independent bugs that was affecting this test.
1. Wrong origin used for "same-as-current" check (WebCore)
When UI process forwards a navigation to another web process,
WebPage::loadRequest builds
the FrameLoadRequest from the iframe's own LocalFrame (so
requesterSecurityOrigin becomes
the iframe's own origin) and passes the real initiator separately as
crossSiteRequester.
FrameLoader::load(FrameLoadRequest&&, NavigationRequester&&) was passing
the iframe's own
origin into shouldTreatURLAsSameAsCurrent. With same origin + same URL it
returned true
-> FrameLoadType::Same -> shouldPerformFragmentNavigation exited early
(because loadType
!= Same was false) so no new back-forward entry was added.
2. Stale history.length cache in parent web process (WebKit)
Each web process caches back-forward list counts locally in
WebBackForwardListProxy,
invalidated only when that process calls addItem. Under site isolation,
when the iframe's
(separate) process added a BF entry, the parent's cache stayed stale, so
history.length
in the parent kept returning the old value.
Test:
imported/w3c/web-platform-tests/html/browsers/browsing-the-web/navigating-across-documents/navigate-cross-origin-iframe-to-same-url-with-fragment.html
imported/w3c/web-platform-tests/html/browsers/browsing-the-web/navigating-across-documents/navigate-cross-origin-iframe-to-same-url.html
* LayoutTests/platform/ios-site-isolation/TestExpectations:
* LayoutTests/platform/mac-site-isolation/TestExpectations:
* Source/WebCore/loader/FrameLoader.cpp:
(WebCore::FrameLoader::load):
(WebCore::FrameLoader::loadWithDocumentLoader):
* Source/WebKit/UIProcess/WebPageProxy.cpp:
(WebKit::WebPageProxy::didChangeBackForwardList):
* Source/WebKit/WebProcess/WebPage/WebBackForwardListProxy.h:
(WebKit::WebBackForwardListProxy::invalidateCachedListCounts):
* Source/WebKit/WebProcess/WebPage/WebPage.cpp:
(WebKit::WebPage::invalidateBackForwardListCache):
* Source/WebKit/WebProcess/WebPage/WebPage.h:
* Source/WebKit/WebProcess/WebPage/WebPage.messages.in:
Canonical link: https://commits.webkit.org/312489@main
To unsubscribe from these emails, change your notification settings at
https://github.com/WebKit/WebKit/settings/notifications
