StabilityTracer: MobileSafari at Received an invalid message 'WebLockRegistryProxy_ClientIsGoingAway'#66888
Draft
RupinMittal wants to merge 1 commit into
Conversation
…RegistryProxy_ClientIsGoingAway' https://bugs.webkit.org/show_bug.cgi?id=315738 rdar://178065152 Reviewed by NOBODY (OOPS!). The message check added to requestLock() and clientIsGoingAway(): MESSAGE_CHECK(m_process->hasCommittedClientOrigin(clientOrigin)); may still fail after the fix in rdar://177020691. The issue is that the ClientOrigins that the UI process stores in the map may be different than the ones sent by web process to requestLock(). The ClientOrigins that the web process sends are computed in WebLockManager::clientOriginFromContext(). In cases where the document's topOrigin or securityOrigin is inherited from the parent or owner document, this function will indeed use the inherited origins. But the UI process side doesn't account for inherited security origins. WebFrameProxy::didCommitLoad() computes the topOrigin and securityOrigin straight from the URL. So in the case of an about:blank URL, it will compute an opaque securityOrigin, whereas the web process will find and send over the inherited securityOrigin. The new test WebLocks.CrossSiteIframeUsingLocksInsideAboutBlankPopup demonstrates such a scenario. In this case, there is a main frame hosted on server1. It creates an about:blank popup and embeds in it an iframe that is hosted on server2. The UI process will store the following (topOrigin, securityOrigin): main frame: { server1, server1 } popup: { opaque1, opaque2 } iframe: { opaque3, server2 } The web process accounts for inherited origins and will have: main frame: { server1, server1 } popup: { server1, server1 } iframe: { server1, server2 } So when the iframe sends the requestLock() or clientIsGoingAway() IPCs, its ClientOrigin isn't found in the map, and the message check kills the web process. We need to replicate the inheritance logic of the web process in the UI process. This already exists in WebFrameProxy::updateDocumentSecurityOrigin(). So we fix the issue by ensuring that we pass the creator (parent or opener if there's no parent) to this function so that it correctly computes and sets the documentSecurityOrigin and then using these computed securityOrigins. * Source/WebKit/UIProcess/WebFrameProxy.cpp: (WebKit::WebFrameProxy::didCommitLoad): * Tools/TestWebKitAPI/Tests/WebKit/WKWebView/WebLocks.mm: (TestWebKitAPI::TEST(WebLocks, CrossSiteIframeUsingLocksInsideAboutBlankPopup)):
Collaborator
|
EWS run on current version of this PR (hash 35d9135) Details
|
🧪 wpe-wk2
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
35d9135
35d9135