[webkit-changes] [WebKit/WebKit] 534d98: [Site Isolation] Cross-site redirect in s... Roberto Rodriguez Fri, 03 Apr 2026 21:58:24 -0700 Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: 534d9836c83d92de540b54e0517ac2927694c978 https://github.com/WebKit/WebKit/commit/534d9836c83d92de540b54e0517ac2927694c978 Author: Roberto Rodriguez <roberto_rodrigu...@apple.com> Date: 2026-04-03 (Fri, 03 Apr 2026) Changed paths: M LayoutTests/platform/ios-site-isolation/TestExpectations M LayoutTests/platform/mac-site-isolation/TestExpectations M Source/WebCore/loader/DocumentLoader.cpp M Source/WebCore/loader/FrameLoader.cpp Log Message: ----------- [Site Isolation] Cross-site redirect in <object> subframe causes parent page to complete prematurely https://bugs.webkit.org/show_bug.cgi?id=311362 rdar://173954545 Reviewed by Sihui Liu. When an <object type="text/html"> element's load is redirected to a different site with site isolation enabled, the parent page fires its load event before the redirected content loads in the new process. The child frame's error handling path does not distinguish between a real failure and a process-swap cancellation, so the child frame is marked complete and the <object> element renders fallback content instead of waiting for the cross-process load to finish. Forward the LoadWillContinueInAnotherProcess flag from cancelMainResourceLoad to mainReceivedError, and use it in receivedMainResourceError to skip fallback rendering and set m_provisionalLoadHappeningInAnotherProcess so the parent waits for the cross-process load. Tested by enabling: LayoutTests/http/tests/security/contentSecurityPolicy/object-redirect-allowed.html LayoutTests/http/tests/security/contentSecurityPolicy/object-redirect-allowed2.html * LayoutTests/platform/ios-site-isolation/TestExpectations: * LayoutTests/platform/mac-site-isolation/TestExpectations: * Source/WebCore/loader/DocumentLoader.cpp: (WebCore::DocumentLoader::cancelMainResourceLoad): * Source/WebCore/loader/FrameLoader.cpp: (WebCore::FrameLoader::receivedMainResourceError): Canonical link: https://commits.webkit.org/310557@main To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications Previous message View by thread View by date Next message Reply via email to Search the site The Mail Archive home webkit-changes - all messages webkit-changes - about the list Expand Previous message Next message The Mail Archive home Add your mailing list FAQ Support Privacy WebKit/WebKit/push/refs/heads/main/fd4d29-534d98@github.com

[Roberto Rodriguez]

  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: 534d9836c83d92de540b54e0517ac2927694c978
      
https://github.com/WebKit/WebKit/commit/534d9836c83d92de540b54e0517ac2927694c978
  Author: Roberto Rodriguez <roberto_rodrigu...@apple.com>
  Date:   2026-04-03 (Fri, 03 Apr 2026)

  Changed paths:
    M LayoutTests/platform/ios-site-isolation/TestExpectations
    M LayoutTests/platform/mac-site-isolation/TestExpectations
    M Source/WebCore/loader/DocumentLoader.cpp
    M Source/WebCore/loader/FrameLoader.cpp

  Log Message:
  -----------
  [Site Isolation] Cross-site redirect in <object> subframe causes parent page 
to complete prematurely
https://bugs.webkit.org/show_bug.cgi?id=311362
rdar://173954545

Reviewed by Sihui Liu.

 When an <object type="text/html"> element's load is redirected to a different 
site with site
isolation enabled, the parent page fires its load event before the redirected 
content loads in
the new process. The child frame's error handling path does not distinguish 
between a real
failure and a process-swap cancellation, so the child frame is marked complete 
and the <object>
element renders fallback content instead of waiting for the cross-process load 
to finish.

Forward the LoadWillContinueInAnotherProcess flag from cancelMainResourceLoad to
mainReceivedError, and use it in receivedMainResourceError to skip fallback 
rendering and set
m_provisionalLoadHappeningInAnotherProcess so the parent waits for the 
cross-process load.

Tested by enabling:
LayoutTests/http/tests/security/contentSecurityPolicy/object-redirect-allowed.html
LayoutTests/http/tests/security/contentSecurityPolicy/object-redirect-allowed2.html

* LayoutTests/platform/ios-site-isolation/TestExpectations:
* LayoutTests/platform/mac-site-isolation/TestExpectations:
* Source/WebCore/loader/DocumentLoader.cpp:
(WebCore::DocumentLoader::cancelMainResourceLoad):
* Source/WebCore/loader/FrameLoader.cpp:
(WebCore::FrameLoader::receivedMainResourceError):

Canonical link: https://commits.webkit.org/310557@main



To unsubscribe from these emails, change your notification settings at 
https://github.com/WebKit/WebKit/settings/notifications