Bug 314131

Summary:	[Site Isolation] Only reuse target back/forward item's process when navigating the main frame
Product:	WebKit	Reporter:	Basuke Suzuki <basuke>
Component:	New Bugs	Assignee:	Basuke Suzuki <basuke>
Status:	RESOLVED FIXED
Severity:	Normal	CC:	webkit-bug-importer
Priority:	P2	Keywords:	InRadar
Version:	WebKit Nightly Build
Hardware:	Unspecified
OS:	Unspecified

Basuke Suzuki

Reported 2026-05-05 15:34:39 PDT

In WebProcessPool::processForNavigationInternal, when handling a back/forward navigation, the code looks up targetItem->lastProcessIdentifier() and reuses that process for any frame — including subframes. Under Site Isolation with multi-process BFCache enabled, subframe back/forward navigations can reach this code path. The target back/forward item's lastProcessIdentifier is always the main frame's process, so using it for a subframe navigation picks the wrong process. Guard the lastProcessIdentifier lookup with frame.isMainFrame() so only main-frame navigations take this path. Subframe back/forward navigations fall through to the normal process-selection logic, which selects the appropriate site-matched process for the subframe. Prep patch for rdar://173743733 (multi-process BFCache restoration under Site Isolation).

Attachments
Add attachment proposed patch, testcase, etc.

Basuke Suzuki

Comment 1 2026-05-05 16:45:54 PDT

<rdar://problem/176305015>

Basuke Suzuki

Comment 2 2026-05-05 16:46:10 PDT

Pull request: https://github.com/WebKit/WebKit/pull/64311

EWS

Comment 3 2026-05-06 14:17:25 PDT

Committed 312735@main (4fd10b14732e): <https://commits.webkit.org/312735@main> Reviewed commits have been landed. Closing PR #64311 and removing active labels.

Note You need to log in before you can comment on or make changes to this bug.