313498 2026-04-27 16:16:56 -0700 [Site Isolation] Document::isSecureContext ignores RemoteFrame ancestors 2026-04-28 07:41:32 -0700 1 1 1 Unclassified WebKit New Bugs WebKit Nightly Build Unspecified Unspecified RESOLVED FIXED InRadar P2 Normal --- 1 a.tarbinian webkit-unassigned webkit-bug-importer oldest_to_newest 2205164 0 a.tarbinian 2026-04-27 16:16:56 -0700 In Document::isSecureContext, WebKit walks the frame tree to check if all of a frame's ancestors are "secure". It does this to gate access to powerful web APIs such as navigator.geolocation. For each ancestor, we call Document::isDocumentSecure which performs checks to see if the frame is potentially trustworthy. Below is the implementation. It does the following: 1. If the document is sandboxed, it checks if the document's URL is trustworthy 2. Otherwise, check if the document's security origin is trustworthy. ``` static inline bool isDocumentSecure(const Document& document) { if (document.isSandboxed(SandboxFlag::Origin)) return isURLPotentiallyTrustworthy(document.url()); return document.securityOrigin().isPotentiallyTrustworthy(); } ``` With site isolation enabled, it is possible for some of the document's ancestors to be RemoteFrames in different processes. Currently, the code in Document::isSecureContext, only handles LocalFrames and silently skips any RemoteFrame ancestors. This bug causes imported/w3c/web-platform-tests/secure-contexts/basic-popup-and-iframe-tests.html to fail with site isolation enabled. 2205165 1 webkit-bug-importer 2026-04-27 16:19:14 -0700 <rdar://problem/175714384> 2205347 2 ews-feeder 2026-04-28 07:41:30 -0700 Committed 312199@main (e211768ca32e): <https://commits.webkit.org/312199@main> Reviewed commits have been landed. Closing PR #63753 and removing active labels.