So we don't forget: process-swap-on-cross-site-navigation-enabled should default to TRUE in the GTK 4 API, so we are secure by default. Alternatively: we could remove this setting and force it to TRUE. However, it would probably be useful to allow non-browser applications to disable it.
(In reply to Michael Catanzaro from comment #0) > Alternatively: we could remove this setting and force it to TRUE. However, > it would probably be useful to allow non-browser applications to disable it. Problem is PSON might become mandatory in the future. Exposing process model details in our public API has historically not worked well for us: basically all such APIs are now deprecated and broken. It's safer in the long run to just force PSON to be on. If someone has a real good reason to disable it (e.g. small app loading only content from one security origin, want to avoid overhead of prewarming a process that will never be used) then I see the temptation to keep the setting around. But apps can break real badly if PSON is forced and they don't expect it. So I'm not sure this is a good idea. More opinions welcome.
Maybe the benefit of having only one web process is worth the risk of breaking if PSON becomes forced in the future. For a small app like devhelp, you don't really want the overhead of a second prewarmed web process sitting around, when you know it will never be used.
So I tested Epiphany and found it actually creates only a single web process when opened with one web view, with no prewarmed process, so I think we should just force this on always.
Pull request: https://github.com/WebKit/WebKit/pull/5470
Committed 255825@main (94be12a42fa1): <https://commits.webkit.org/255825@main> Reviewed commits have been landed. Closing PR #5470 and removing active labels.