Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: 24039354222e5203965d41a72ecdcab56f7fe5f3
https://github.com/WebKit/WebKit/commit/24039354222e5203965d41a72ecdcab56f7fe5f3
Author: Anthony Tarbinian <[email protected]>
Date: 2025-11-21 (Fri, 21 Nov 2025)
Changed paths:
M Source/WebKit/UIProcess/ProvisionalPageProxy.cpp
M Tools/TestWebKitAPI/Tests/WebKitCocoa/SiteIsolation.mm
Log Message:
-----------
[Site Isolation] Prevent didStartProvisionalLoad from being called twice on
browsing context switches
https://bugs.webkit.org/show_bug.cgi?id=302678
rdar://164680770
Reviewed by Alex Christensen.
When a cross-origin document is opened with window.open(), there is a scenario
where `FrameLoadState::didStartProvisionalLoad` can be called twice with the
same URL and trigger the ASSERT in `FrameLoadState::didStartProvisionalLoad`
which checks that the provisional url for that frame is empty.
This scenario can happen when a cross origin document is opened and a browsing
context switch is triggered due to the new document's incompatible Cross Origin
Opener Policy (COOP). The first calls of
`FrameLoadState::didStartProvisionalLoad`
is during the initial load of the page. The second call happens when the
browsing
context switch happens due to the incompatible COOP policy of the new document.
For the second call, the call stack is:
`WebPageProxy::triggerBrowsingContextGroupSwitchForNavigation` ->
`WebPageProxy::continueNavigationInNewProcess` ->
`ProvisionalPageProxy` constructor ->
`didStartProvisionalLoad`.
This ASSERT was also hit by the LayoutTest
"imported/w3c/web-platform-tests/html/cross-origin-opener-policy/javascript-url.https.html"
with Site Isolation (which this patch fixes).
This patch doesn't call `FrameLoadState::didStartProvisionalLoad` when
`m_isProcessSwappingForNewWindow` is true. Earlier in the ProvisionalPageProxy
constructor, `m_mainFrame` is set to `page.mainFrame()` (which is the previous
frame). In this case, the current main frame points to the previous main frame
which has already had `didStartProvisionalLoad` called for it.
Test: Tools/TestWebKitAPI/Tests/WebKitCocoa/SiteIsolation.mm
* Source/WebKit/UIProcess/ProvisionalPageProxy.cpp:
(WebKit::ProvisionalPageProxy::ProvisionalPageProxy):
* Tools/TestWebKitAPI/Tests/WebKitCocoa/SiteIsolation.mm:
(TestWebKitAPI::(SiteIsolation,
BrowsingContextGroupSwitchForIncompatibleCrossOriginOpenerPolicy)):
Canonical link: https://commits.webkit.org/303420@main
To unsubscribe from these emails, change your notification settings at
https://github.com/WebKit/WebKit/settings/notifications
