Changeset 247851 in webkit

Timestamp:

Jul 25, 2019 6:26:24 PM (5 years ago)

Author:

jiewen_tan@apple.com

Message:

WebPageProxy::receivedPolicyDecision should check navigation ID before clear pendingAPIRequest
​https://bugs.webkit.org/show_bug.cgi?id=200108
<rdar://problem/53521238>

Reviewed by Chris Dumez.

Source/WebKit:

Assuming there are two loads happening one after another. There is an issue when clients save
the first decisionHandler and then call WKNavigationActionPolicyCancel for it right after the
second decisionHandler received, -[WKWebView URL] could return a null string even though it is
loading the second one.

To solve that, this patch pairs a navigationID with the pendingAPIRequestURL such that
WebPageProxy::receivedPolicyDecision could clear the pendingAPIRequestURL only if
the passed navigation ID matches the current one.

• UIProcess/PageLoadState.cpp:

(WebKit::PageLoadState::reset):
(WebKit::PageLoadState::activeURL):
(WebKit::PageLoadState::estimatedProgress):
(WebKit::PageLoadState::pendingAPIRequestURL const):
(WebKit::PageLoadState::pendingAPIRequest const):
(WebKit::PageLoadState::setPendingAPIRequest):
(WebKit::PageLoadState::clearPendingAPIRequest):
(WebKit::PageLoadState::isLoading):
(WebKit::PageLoadState::setPendingAPIRequestURL): Deleted.
(WebKit::PageLoadState::clearPendingAPIRequestURL): Deleted.

• UIProcess/PageLoadState.h:

(WebKit::PageLoadState::setPendingAPIRequest):
(WebKit::PageLoadState::setPendingAPIRequestURL): Deleted.

• UIProcess/WebPageProxy.cpp:

(WebKit::WebPageProxy::launchProcessForReload):
(WebKit::WebPageProxy::loadRequestWithNavigationShared):
(WebKit::WebPageProxy::loadFile):
(WebKit::WebPageProxy::loadDataWithNavigationShared):
(WebKit::WebPageProxy::loadAlternateHTML):
(WebKit::WebPageProxy::loadWebArchiveData):
(WebKit::WebPageProxy::reload):
(WebKit::WebPageProxy::goToBackForwardItem):
(WebKit::WebPageProxy::receivedPolicyDecision):
(WebKit::WebPageProxy::continueNavigationInNewProcess):
(WebKit::WebPageProxy::didStartProvisionalLoadForFrameShared):
(WebKit::WebPageProxy::didSameDocumentNavigationForFrame):
(WebKit::WebPageProxy::decidePolicyForNavigationAction):

Tools:

Added an API test.

• TestWebKitAPI/Tests/WebKitCocoa/DecidePolicyForNavigationAction.mm:

(-[DecidePolicyForNavigationActionController webView:decidePolicyForNavigationAction:decisionHandler:]):
(TEST):

Location:

trunk

Files:

• Source/WebKit/ChangeLog (modified) (1 diff)
• Source/WebKit/UIProcess/PageLoadState.cpp (modified) (6 diffs)
• Source/WebKit/UIProcess/PageLoadState.h (modified) (3 diffs)
• Source/WebKit/UIProcess/WebPageProxy.cpp (modified) (16 diffs)
• Tools/ChangeLog (modified) (1 diff)
• Tools/TestWebKitAPI/Tests/WebKitCocoa/DecidePolicyForNavigationAction.mm (modified) (4 diffs)

trunk/Source/WebKit/ChangeLog

@@ +1 @@
+2019-07-25  Jiewen Tan  <jiewen_tan@apple.com>
+
+        WebPageProxy::receivedPolicyDecision should check navigation ID before clear pendingAPIRequest
+        https://bugs.webkit.org/show_bug.cgi?id=200108
+        <rdar://problem/53521238>
+
+        Reviewed by Chris Dumez.
+
+        Assuming there are two loads happening one after another. There is an issue when clients save
+        the first decisionHandler and then call WKNavigationActionPolicyCancel for it right after the
+        second decisionHandler received, -[WKWebView URL] could return a null string even though it is
+        loading the second one.
+
+        To solve that, this patch pairs a navigationID with the pendingAPIRequestURL such that
+        WebPageProxy::receivedPolicyDecision could clear the pendingAPIRequestURL only if
+        the passed navigation ID matches the current one.
+
+        * UIProcess/PageLoadState.cpp:
+        (WebKit::PageLoadState::reset):
+        (WebKit::PageLoadState::activeURL):
+        (WebKit::PageLoadState::estimatedProgress):
+        (WebKit::PageLoadState::pendingAPIRequestURL const):
+        (WebKit::PageLoadState::pendingAPIRequest const):
+        (WebKit::PageLoadState::setPendingAPIRequest):
+        (WebKit::PageLoadState::clearPendingAPIRequest):
+        (WebKit::PageLoadState::isLoading):
+        (WebKit::PageLoadState::setPendingAPIRequestURL): Deleted.
+        (WebKit::PageLoadState::clearPendingAPIRequestURL): Deleted.
+        * UIProcess/PageLoadState.h:
+        (WebKit::PageLoadState::setPendingAPIRequest):
+        (WebKit::PageLoadState::setPendingAPIRequestURL): Deleted.
+        * UIProcess/WebPageProxy.cpp:
+        (WebKit::WebPageProxy::launchProcessForReload):
+        (WebKit::WebPageProxy::loadRequestWithNavigationShared):
+        (WebKit::WebPageProxy::loadFile):
+        (WebKit::WebPageProxy::loadDataWithNavigationShared):
+        (WebKit::WebPageProxy::loadAlternateHTML):
+        (WebKit::WebPageProxy::loadWebArchiveData):
+        (WebKit::WebPageProxy::reload):
+        (WebKit::WebPageProxy::goToBackForwardItem):
+        (WebKit::WebPageProxy::receivedPolicyDecision):
+        (WebKit::WebPageProxy::continueNavigationInNewProcess):
+        (WebKit::WebPageProxy::didStartProvisionalLoadForFrameShared):
+        (WebKit::WebPageProxy::didSameDocumentNavigationForFrame):
+        (WebKit::WebPageProxy::decidePolicyForNavigationAction):
+
 2019-07-25  Commit Queue  <commit-queue@webkit.org>
 

trunk/Source/WebKit/UIProcess/PageLoadState.cpp

@@ -155 +155 @@
     m_uncommittedState.hasInsecureContent = false;
 
-    m_uncommittedState.pendingAPIRequestURL = String();
+    m_uncommittedState.pendingAPIRequest = { };
     m_uncommittedState.provisionalURL = String();
     m_uncommittedState.url = String();
@@ -183 +183 @@
     // even when there's no main frame yet, as it might be the
     // first API request.
-    if (!data.pendingAPIRequestURL.isNull())
-        return data.pendingAPIRequestURL;
+    if (!data.pendingAPIRequest.url.isNull())
+        return data.pendingAPIRequest.url;
 
     if (!data.unreachableURL.isEmpty())
@@ -224 +224 @@
 double PageLoadState::estimatedProgress(const Data& data)
 {
-    if (!data.pendingAPIRequestURL.isNull())
+    if (!data.pendingAPIRequest.url.isNull())
         return initialProgressValue;
 
@@ -237 +237 @@
 const String& PageLoadState::pendingAPIRequestURL() const
 {
-    return m_committedState.pendingAPIRequestURL;
+    return m_committedState.pendingAPIRequest.url;
+}
+
+auto PageLoadState::pendingAPIRequest() const -> const PendingAPIRequest&
+{
+    return m_committedState.pendingAPIRequest;
 }
 
@@ -245 +250 @@
 }
 
-void PageLoadState::setPendingAPIRequestURL(const Transaction::Token& token, const String& pendingAPIRequestURL, const URL& resourceDirectoryURL)
-{
-    ASSERT_UNUSED(token, &token.m_pageLoadState == this);
-    m_uncommittedState.pendingAPIRequestURL = pendingAPIRequestURL;
+void PageLoadState::setPendingAPIRequest(const Transaction::Token& token, PendingAPIRequest&& pendingAPIRequest, const URL& resourceDirectoryURL)
+{
+    ASSERT_UNUSED(token, &token.m_pageLoadState == this);
+    m_uncommittedState.pendingAPIRequest = WTFMove(pendingAPIRequest);
     m_uncommittedState.resourceDirectoryURL = resourceDirectoryURL;
 }
 
-void PageLoadState::clearPendingAPIRequestURL(const Transaction::Token& token)
-{
-    ASSERT_UNUSED(token, &token.m_pageLoadState == this);
-    m_uncommittedState.pendingAPIRequestURL = String();
+void PageLoadState::clearPendingAPIRequest(const Transaction::Token& token)
+{
+    ASSERT_UNUSED(token, &token.m_pageLoadState == this);
+    m_uncommittedState.pendingAPIRequest = { };
 }
 
@@ -411 +416 @@
 bool PageLoadState::isLoading(const Data& data)
 {
-    if (!data.pendingAPIRequestURL.isNull())
+    if (!data.pendingAPIRequest.url.isNull())
         return true;
 

trunk/Source/WebKit/UIProcess/PageLoadState.h

@@ -114 +114 @@
     };
 
+    struct PendingAPIRequest {
+        uint64_t navigationID { 0 };
+        String url;
+    };
+
     void addObserver(Observer&);
     void removeObserver(Observer&);
@@ -145 +150 @@
 
     const String& pendingAPIRequestURL() const;
-    void setPendingAPIRequestURL(const Transaction::Token&, const String& pendingAPIRequestURL, const URL& resourceDirectoryPath = { });
-    void clearPendingAPIRequestURL(const Transaction::Token&);
+    const PendingAPIRequest& pendingAPIRequest() const;
+    void setPendingAPIRequest(const Transaction::Token&, PendingAPIRequest&& pendingAPIRequest, const URL& resourceDirectoryPath = { });
+    void clearPendingAPIRequest(const Transaction::Token&);
 
     void didStartProvisionalLoad(const Transaction::Token&, const String& url, const String& unreachableURL);
@@ -208 +214 @@
         bool hasInsecureContent;
 
-        String pendingAPIRequestURL;
+        PendingAPIRequest pendingAPIRequest;
 
         String provisionalURL;

trunk/Source/WebKit/UIProcess/WebPageProxy.cpp

@@ -889 +889 @@
     auto navigation = m_navigationState->createReloadNavigation();
 
+    String url = currentURL();
+    if (!url.isEmpty()) {
+        auto transaction = m_pageLoadState.transaction();
+        m_pageLoadState.setPendingAPIRequest(transaction, { navigation->navigationID(), url });
+    }
+
     // We allow stale content when reloading a WebProcess that's been killed or crashed.
     m_process->send(Messages::WebPage::GoToBackForwardItem(navigation->navigationID(), m_backForwardList->currentItem()->itemID(), FrameLoadType::IndexedBackForward, ShouldTreatAsContinuingLoad::No, WTF::nullopt), m_pageID);
@@ -1116 +1122 @@
     auto url = request.url();
     if (shouldTreatAsContinuingLoad != ShouldTreatAsContinuingLoad::Yes)
-        m_pageLoadState.setPendingAPIRequestURL(transaction, url);
+        m_pageLoadState.setPendingAPIRequest(transaction, { navigation.navigationID(), url });
 
     LoadParameters loadParameters;
@@ -1169 +1175 @@
     auto transaction = m_pageLoadState.transaction();
 
-    m_pageLoadState.setPendingAPIRequestURL(transaction, fileURLString, resourceDirectoryURL);
+    m_pageLoadState.setPendingAPIRequest(transaction, { navigation->navigationID(), fileURLString }, resourceDirectoryURL);
 
     String resourceDirectoryPath = resourceDirectoryURL.fileSystemPath();
@@ -1213 +1219 @@
     auto transaction = m_pageLoadState.transaction();
 
-    m_pageLoadState.setPendingAPIRequestURL(transaction, !baseURL.isEmpty() ? baseURL : WTF::blankURL().string());
+    m_pageLoadState.setPendingAPIRequest(transaction, { navigation.navigationID(), !baseURL.isEmpty() ? baseURL : WTF::blankURL().string() });
 
     LoadParameters loadParameters;
@@ -1252 +1258 @@
     auto transaction = m_pageLoadState.transaction();
 
-    m_pageLoadState.setPendingAPIRequestURL(transaction, unreachableURL);
+    m_pageLoadState.setPendingAPIRequest(transaction, { 0, unreachableURL });
     m_pageLoadState.setUnreachableURL(transaction, unreachableURL);
 
@@ -1288 +1294 @@
 
     auto transaction = m_pageLoadState.transaction();
-    m_pageLoadState.setPendingAPIRequestURL(transaction, WTF::blankURL().string());
+    m_pageLoadState.setPendingAPIRequest(transaction, { 0, WTF::blankURL().string() });
 
     LoadParameters loadParameters;
@@ -1346 +1352 @@
     String url = currentURL();
     if (!url.isEmpty()) {
-        auto transaction = m_pageLoadState.transaction();
-        m_pageLoadState.setPendingAPIRequestURL(transaction, url);
-
         // We may not have an extension yet if back/forward list was reinstated after a WebProcess crash or a browser relaunch
         maybeInitializeSandboxExtensionHandle(m_process, URL(URL(), url), currentResourceDirectoryURL(), sandboxExtensionHandle);
@@ -1357 +1360 @@
     
     auto navigation = m_navigationState->createReloadNavigation();
+
+    if (!url.isEmpty()) {
+        auto transaction = m_pageLoadState.transaction();
+        m_pageLoadState.setPendingAPIRequest(transaction, { navigation->navigationID(), url });
+    }
 
     // Store decision to reload without content blockers on the navigation so that we can later set the corresponding
@@ -1425 +1433 @@
         return launchProcessWithItem(item);
 
-    auto transaction = m_pageLoadState.transaction();
-
-    m_pageLoadState.setPendingAPIRequestURL(transaction, item.url());
-
     RefPtr<API::Navigation> navigation;
     if (!m_backForwardList->currentItem()->itemIsInSameDocument(item))
         navigation = m_navigationState->createBackForwardNavigation(item, m_backForwardList->currentItem(), frameLoadType);
+
+    auto transaction = m_pageLoadState.transaction();
+    m_pageLoadState.setPendingAPIRequest(transaction, { navigation ? navigation->navigationID() : 0, item.url() });
 
     m_process->send(Messages::WebPage::GoToBackForwardItem(navigation ? navigation->navigationID() : 0, item.itemID(), frameLoadType, ShouldTreatAsContinuingLoad::No, WTF::nullopt), m_pageID);
@@ -2878 +2885 @@
     auto transaction = m_pageLoadState.transaction();
 
-    if (action == PolicyAction::Ignore && willContinueLoadInNewProcess == WillContinueLoadInNewProcess::No)
-        m_pageLoadState.clearPendingAPIRequestURL(transaction);
+    if (action == PolicyAction::Ignore && willContinueLoadInNewProcess == WillContinueLoadInNewProcess::No && navigation && navigation->navigationID() == m_pageLoadState.pendingAPIRequest().navigationID)
+        m_pageLoadState.clearPendingAPIRequest(transaction);
 
     DownloadID downloadID = { };
@@ -2957 +2964 @@
 
         auto transaction = m_pageLoadState.transaction();
-        m_pageLoadState.setPendingAPIRequestURL(transaction, item->url());
+        m_pageLoadState.setPendingAPIRequest(transaction, { navigation.navigationID(), item->url() });
 
         m_provisionalPage->goToBackForwardItem(navigation, *item, WTFMove(websitePolicies));
@@ -3977 +3984 @@
     auto transaction = m_pageLoadState.transaction();
 
-    m_pageLoadState.clearPendingAPIRequestURL(transaction);
+    m_pageLoadState.clearPendingAPIRequest(transaction);
 
     if (frame->isMainFrame()) {
@@ -4442 +4449 @@
     }
 
-    m_pageLoadState.clearPendingAPIRequestURL(transaction);
+    m_pageLoadState.clearPendingAPIRequest(transaction);
     frame->didSameDocumentNavigation(url);
 
@@ -4624 +4631 @@
     auto transaction = m_pageLoadState.transaction();
 
-    bool fromAPI = request.url() == m_pageLoadState.pendingAPIRequestURL();
+    bool fromAPI = navigationID == m_pageLoadState.pendingAPIRequest().navigationID;
     if (!fromAPI)
-        m_pageLoadState.clearPendingAPIRequestURL(transaction);
+        m_pageLoadState.clearPendingAPIRequest(transaction);
 
     if (!checkURLReceivedFromCurrentOrPreviousWebProcess(process, request.url())) {
@@ -4685 +4692 @@
     auto listener = makeRef(frame.setUpPolicyListenerProxy([this, protectedThis = makeRef(*this), frame = makeRef(frame), sender = WTFMove(sender), navigation] (PolicyAction policyAction, API::WebsitePolicies* policies, ProcessSwapRequestedByClient processSwapRequestedByClient, RefPtr<SafeBrowsingWarning>&& safeBrowsingWarning) mutable {
 
-        auto completionHandler = [this, protectedThis = protectedThis.copyRef(), frame = frame.copyRef(), sender = WTFMove(sender), navigation = WTFMove(navigation), processSwapRequestedByClient, policies = makeRefPtr(policies)] (PolicyAction policyAction) mutable {
+        auto completionHandler = [this, protectedThis = protectedThis.copyRef(), frame = frame.copyRef(), sender = WTFMove(sender), navigation, processSwapRequestedByClient, policies = makeRefPtr(policies)] (PolicyAction policyAction) mutable {
             if (frame->isMainFrame()) {
                 if (!policies) {
@@ -4705 +4712 @@
             if (frame->isMainFrame() && safeBrowsingWarning->url().isValid()) {
                 auto transaction = m_pageLoadState.transaction();
-                m_pageLoadState.setPendingAPIRequestURL(transaction, safeBrowsingWarning->url());
+                m_pageLoadState.setPendingAPIRequest(transaction, { navigation->navigationID(), safeBrowsingWarning->url() });
                 m_pageLoadState.commitChanges();
             }

trunk/Tools/ChangeLog

@@ +1 @@
+2019-07-24  Jiewen Tan  <jiewen_tan@apple.com>
+
+        WebPageProxy::receivedPolicyDecision should check navigation ID before clear pendingAPIRequest
+        https://bugs.webkit.org/show_bug.cgi?id=200108
+        <rdar://problem/53521238>
+
+        Reviewed by Chris Dumez.
+
+        Added an API test.
+
+        * TestWebKitAPI/Tests/WebKitCocoa/DecidePolicyForNavigationAction.mm:
+        (-[DecidePolicyForNavigationActionController webView:decidePolicyForNavigationAction:decisionHandler:]):
+        (TEST):
+
 2019-07-25  Jonathan Bedard  <jbedard@apple.com>
 

trunk/Tools/TestWebKitAPI/Tests/WebKitCocoa/DecidePolicyForNavigationAction.mm

@@ -33 +33 @@
 #import <WebKit/WKProcessPoolPrivate.h>
 #import <WebKit/_WKProcessPoolConfiguration.h>
+#import <wtf/BlockPtr.h>
 #import <wtf/RetainPtr.h>
 #import <wtf/mac/AppKitCompatibilityDeclarations.h>
 
 static bool shouldCancelNavigation;
+static bool shouldDelayDecision;
 static bool createdWebView;
 static bool decidedPolicy;
@@ -42 +44 @@
 static RetainPtr<WKNavigationAction> action;
 static RetainPtr<WKWebView> newWebView;
+static BlockPtr<void(WKNavigationActionPolicy)> delayedDecision;
 
 static NSString *firstURL = @"data:text/html,First";
@@ -63 +66 @@
     }
 
+    if (shouldDelayDecision) {
+        if (delayedDecision)
+            delayedDecision(WKNavigationActionPolicyCancel);
+        delayedDecision = makeBlockPtr(decisionHandler);
+        decidedPolicy = true;
+        return;
+    }
+
     decisionHandler(webView == newWebView.get() ? WKNavigationActionPolicyCancel : WKNavigationActionPolicyAllow);
 
@@ -592 +603 @@
     newWebView = nullptr;
     action = nullptr;
+}
+
+TEST(WebKit, DelayDecidePolicyForNavigationAction)
+{
+    shouldDelayDecision = true;
+
+    auto webView = adoptNS([[WKWebView alloc] initWithFrame:NSMakeRect(0, 0, 800, 600)]);
+    auto controller = adoptNS([[DecidePolicyForNavigationActionController alloc] init]);
+    [webView setNavigationDelegate:controller.get()];
+
+    RetainPtr<NSURL> testURL = [[NSBundle mainBundle] URLForResource:@"simple" withExtension:@"html" subdirectory:@"TestWebKitAPI.resources"];
+    [webView loadRequest:[NSURLRequest requestWithURL:testURL.get()]];
+    TestWebKitAPI::Util::run(&decidedPolicy);
+    [webView loadRequest:[NSURLRequest requestWithURL:testURL.get()]];
+    TestWebKitAPI::Util::sleep(0.5); // Wait until the pending api request gets clear.
+    EXPECT_TRUE([[webView URL] isEqual:testURL.get()]);
+
+    shouldDelayDecision = false;
+    delayedDecision(WKNavigationActionPolicyCancel);
 }