Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: a26da26bbd793760c4f032c2be7f3fa74af9bcc8
https://github.com/WebKit/WebKit/commit/a26da26bbd793760c4f032c2be7f3fa74af9bcc8
Author: Brandon Stewart <[email protected]>
Date: 2026-06-16 (Tue, 16 Jun 2026)
Changed paths:
M
LayoutTests/http/tests/site-isolation/inspector/page/resource-tree-cross-origin-iframe-expected.txt
M
LayoutTests/http/tests/site-isolation/inspector/page/resource-tree-cross-origin-iframe.html
M Source/WebKit/Shared/WebPageCreationParameters.h
M Source/WebKit/Shared/WebPageCreationParameters.serialization.in
M Source/WebKit/UIProcess/Inspector/Agents/ProxyingPageAgent.cpp
M Source/WebKit/UIProcess/Inspector/Agents/ProxyingPageAgent.h
M Source/WebKit/UIProcess/Inspector/WebPageInspectorController.cpp
M Source/WebKit/UIProcess/Inspector/WebPageInspectorController.h
M Source/WebKit/UIProcess/WebPageProxy.cpp
M Source/WebKit/WebProcess/Inspector/PageAgentProxy.cpp
M Source/WebKit/WebProcess/Inspector/WebInspectorBackend.cpp
M Source/WebKit/WebProcess/Inspector/WebInspectorBackend.h
M Source/WebKit/WebProcess/WebPage/WebFrame.cpp
M Source/WebKit/WebProcess/WebPage/WebPage.cpp
Log Message:
-----------
[Site Isolation] Report cross-origin frame url/securityOrigin in
Page.getResourceTree
https://bugs.webkit.org/show_bug.cgi?id=316665
rdar://179117295
Reviewed by BJ Burg.
Under Site Isolation, Page.getResourceTree returned the cross-origin frame
tree's
structure (ids, parent linkage, names) but reported a stale url/securityOrigin
for
cross-origin children: the inspectedPage's WebFrameProxy never observes a
cross-origin
child's commit (which happens in another WebContent process), so its url() stays
about:blank and its securityOrigin inherits the parent.
The only source of the child's committed url/origin is its own process's
Page.frameNavigated event (re-enabled by the previous change). Two things
prevented it
from reaching the UIProcess ProxyingPageAgent for a cross-origin child:
1. Page instrumentation was page-level: a single PageAgentProxy on the page's
InstrumentingAgents, with the committing frame relying on the frame->page
fallback.
In a freshly-spawned cross-origin process that fallback did not fire for the
provisional frame's first commit. Mirror the network agent's per-frame model
instead:
register a PageAgentProxy on the committing frame's OWN InstrumentingAgents,
where
InspectorInstrumentation::didCommitLoadImpl resolves enabledPageProxy().
2. The child commits (with CommitTiming::WaitForLoad) and emits frameNavigated
in its own
process BEFORE the UIProcess processed didCommitProvisionalFrame, which is
where the
ProxyingPageAgent message receiver for that process used to be registered.
With no
receiver yet, the event was dropped. Register the receiver in
didCreateProvisionalFrame
(before commit) instead.
ProxyingPageAgent now caches each frame's committed {url, mimeType,
securityOrigin} from
frameNavigated and buildFrameTree prefers that cache over the stale
WebFrameProxy state.
* Source/WebKit/WebProcess/Inspector/WebInspectorBackend.h:
* Source/WebKit/WebProcess/Inspector/WebInspectorBackend.cpp:
(WebKit::WebInspectorBackend::ensurePageInstrumentationForFrame):
(WebKit::WebInspectorBackend::enablePageInstrumentation):
(WebKit::WebInspectorBackend::disablePageInstrumentation):
(WebKit::WebInspectorBackend::removePageInstrumentationForFrame):
Replace the single page-level m_pageAgentProxy with a per-frame
m_framePageAgentProxies map. ensurePageInstrumentationForFrame registers a
PageAgentProxy
on the frame's own InstrumentingAgents (mirroring ensureInstrumentationForFrame
for the
network proxy). enablePageInstrumentation sets the gate and instruments
existing local
frames; disablePageInstrumentation clears the map (each proxy's destructor
clears its
slot).
* Source/WebKit/WebProcess/Inspector/PageAgentProxy.cpp:
(WebKit::PageAgentProxy::~PageAgentProxy):
disable() on destruction to clear the enabledPageProxy slot, matching
~FrameNetworkAgentProxy, so a later commit can't dereference a freed proxy.
* Source/WebKit/WebProcess/WebPage/WebFrame.cpp:
(WebKit::WebFrame::createSubframe):
(WebKit::WebFrame::createProvisionalFrame):
Call ensurePageInstrumentationForFrame beside ensureInstrumentationForFrame so
the
proxy is live on the frame's own InstrumentingAgents before its first commit.
* Source/WebKit/WebProcess/WebCoreSupport/WebLocalFrameLoaderClient.cpp:
(WebKit::WebLocalFrameLoaderClient::detachedFromParent2):
Remove the per-frame page proxy when the frame detaches.
* Source/WebKit/WebProcess/WebPage/WebPage.cpp:
(WebKit::WebPage::WebPage):
Honor WebPageCreationParameters::shouldEnablePageInstrumentation so a
newly-spawned
cross-origin process self-enables page instrumentation before its first commit.
* Source/WebKit/Shared/WebPageCreationParameters.h:
* Source/WebKit/Shared/WebPageCreationParameters.serialization.in:
Add shouldEnablePageInstrumentation (mirrors
shouldEnableNetworkInstrumentation).
* Source/WebKit/UIProcess/WebPageProxy.cpp:
(WebKit::WebPageProxy::creationParameters):
Set shouldEnablePageInstrumentation from isPageInstrumentationEnabled(); shared
by the
remote-page creation path, so cross-origin processes receive it.
* Source/WebKit/UIProcess/Inspector/WebPageInspectorController.h:
* Source/WebKit/UIProcess/Inspector/WebPageInspectorController.cpp:
(WebKit::WebPageInspectorController::isPageInstrumentationEnabled):
(WebKit::WebPageInspectorController::didCreateProvisionalFrame):
(WebKit::WebPageInspectorController::willDestroyProvisionalFrame):
(WebKit::WebPageInspectorController::didCommitProvisionalFrame):
Register the ProxyingPageAgent receiver for the provisional frame's process
before it
commits, balanced in willDestroyProvisionalFrame (discard path);
didCommitProvisionalFrame
no longer re-registers the page agent (it would double-count).
* Source/WebKit/UIProcess/Inspector/Agents/ProxyingPageAgent.h:
* Source/WebKit/UIProcess/Inspector/Agents/ProxyingPageAgent.cpp:
(Inspector::ProxyingPageAgent::frameNavigated):
(Inspector::ProxyingPageAgent::frameDetached):
(Inspector::ProxyingPageAgent::enableInstrumentationForProcess):
(Inspector::ProxyingPageAgent::disable):
(Inspector::ProxyingPageAgent::buildFrameTree):
Cache committed {url, mimeType, securityOrigin} per frame from frameNavigated;
prefer it
over the stale WebFrameProxy state in buildFrameTree; clear on
frameDetached/disable.
*
LayoutTests/http/tests/site-isolation/inspector/page/resource-tree-cross-origin-iframe.html:
*
LayoutTests/http/tests/site-isolation/inspector/page/resource-tree-cross-origin-iframe-expected.txt:
Wait for the child frame target's execution context (committed-and-ready) and
poll
getResourceTree until the committed url is reported; rebaseline the two
now-passing lines.
Canonical link: https://commits.webkit.org/315292@main
To unsubscribe from these emails, change your notification settings at
https://github.com/WebKit/WebKit/settings/notifications
