Bug 309172
| Summary: | [Site Isolation] prepareForProvisionalLoadInProcess should guard against cancellation during network process's handling | ||
|---|---|---|---|
| Product: | WebKit | Reporter: | Qianlang Chen <qianlangchen> |
| Component: | Frames | Assignee: | Qianlang Chen <qianlangchen> |
| Status: | RESOLVED FIXED | ||
| Severity: | Normal | CC: | webkit-bug-importer |
| Priority: | P2 | Keywords: | InRadar |
| Version: | WebKit Nightly Build | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
Qianlang Chen
Under site isolation, while the network process is handling the addAllowedFirstPartyForCookies message, the provisional loading could be cancelled already. When that handling finishes, we need to guard against that so its WebPageProxy doesn't later trigger WebPage::LoadRequest on a cancelled provisional frame
Basically, when the completionHandler in [1] gets called, provisional loading could've already been cancelled, and LoadRequest should no longer be sent to that frame because it'd fail the assertion at [2] as the frame would've been unregistered already
- [1]: https://github.com/WebKit/WebKit/blob/c1df92d228fc00d75c93f5a6adcd3e8bddb005b7/Source/WebKit/UIProcess/WebPageProxy.cpp#L5647
- [2]: https://github.com/WebKit/WebKit/blob/c1df92d228fc00d75c93f5a6adcd3e8bddb005b7/Source/WebKit/WebProcess/WebPage/WebPage.cpp#L2223
I'll add more details and/or relevant repro steps below
| Attachments | ||
|---|---|---|
| Add attachment proposed patch, testcase, etc. |
Qianlang Chen
Pull request: https://github.com/WebKit/WebKit/pull/59908
EWS
Committed 308729@main (077e5cdf8cb0): <https://commits.webkit.org/308729@main>
Reviewed commits have been landed. Closing PR #59908 and removing active labels.
Radar WebKit Bug Importer
<rdar://problem/171826034>