Site Isolation Web Inspector: deterministic Network IDs, event routing
2bfe8ae
Source/WebCore/inspector/InspectorIdentifierRegistry.h
+ static inline String protocolFrameId(WebCore::FrameIdentifier frameID, WebCore::ProcessIdentifier processID)
+ {
+ return makeString("frame-"_s, processID.toUInt64(), '.', static_cast<uint32_t>(frameID.toRawValue()));
+ }
+
+ // FIXME: <https://webkit.org/b/310164> Callers that receive FrameIdentifier via IPC
+ // without a separate ProcessIdentifier should be updated to pass one explicitly.
+ static inline String protocolFrameId(WebCore::FrameIdentifier frameID)
+ {
+ return makeString("frame-"_s, frameID.toRawValue() >> 32, '.', static_cast<uint32_t>(frameID.toRawValue()));
+ }
+
+ static inline String protocolRequestId(WebCore::ProcessIdentifier pid, WebCore::ResourceLoaderIdentifier resourceID)
+ {
+ return makeString("request-"_s, pid.toUInt64(), '.', resourceID.toUInt64());
+ }
Source/WebInspectorUI/UserInterface/Controllers/NetworkManager.js
+ if (!frame && frameIdentifier.startsWith("frame-")) {
+ let mainResource = new WI.Resource("about:blank");
+ frame = new WI.Frame(frameIdentifier, frameOptions.name, frameOptions.securityOrigin, null, mainResource);
+ this._frameIdentifierMap.set(frame.id, frame);
+ ...
+ }
Web Inspector's Network domain is a page-level "octopus" domain: the frontend's NetworkManager maintains one unified resource list and frame tree, so events from all WebContent processes must be merged into a single coherent stream with globally non-colliding IDs. Previously, two resources in different processes could produce the same numeric ResourceLoaderIdentifier, causing silent aliasing in the Network panel.
This commit introduces deterministic frame/request/loader IDs encoded as "PID.OID" strings, upgrades ResourceLoaderIdentifier to a process-qualified ScopedResourceLoaderIdentifier, routes all cross-origin iframe Network events through ProxyingNetworkAgent, and fixes NetworkManager to lazily create stub frames and handle null loaderIdentifiers. PageNetworkAgent is disabled in WebContent processes under SI to prevent duplicate events for the main frame.
Significance
This is a significant Site Isolation infrastructure expansion that opens new IPC paths between untrusted WebContent processes and the inspector infrastructure in UIProcess, with process-qualified identifiers crossing privilege boundaries.
Audit directions
a Aaaaaaaaaaaaaaaaaaa Aa Aaaaaaaaaaaaaa Aaa Aaaaa Aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa Aaaaaaaa Aaaa Aaaaaaaaaaaaaaaaaaaaa Aa Aaa Aaa Aaa Aaaaa Aaaa Aaa Aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa Aaa Aaa Aaaaa Aaaaa Aa Aaaaa Aaaaaaaaaaa Aaaa Aaaa Aaaaa Aa Aaaaa Aaaaaaaaaa Aa Aaaaaaaaaaaa Aaa Aaaaaaaaa Aaaaaaaa Aaaaaaaaaaa Aaaaa Aaaaaaa Aaa Aaaa Aaaaaaa Aaaaaaaa Aaaaaaaa Aaaaaaaaa Aa Aaa Aaaaaaaaa
a Aaaaa Aaaaa Aaaaaaaaaaa Aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa Aaaaaaa Aaaa Aaa Aaaa Aaaaaaaaaa Aaaaaaaaaa Aa Aaa Aaaaaaaaaaaaaaa Aa Aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa Aaaaaaa Aaaaaaaa Aaaa Aaa Aaaaaaa Aaaaaaaaaaaaaaaaaaa Aaaaaaa Aaa Aaaaaa Aaaaaa Aaaaaaaa a Aaaaaaaaaaa Aaaaaaaaaa Aaaaaaa Aaaaa Aaaaa Aaaaaaa Aaaaaaaaa Aaa Aaa Aaaaaa Aaaaaaaaa Aa Aaaaaaa Aaaaaaaa Aaa Aaaa Aaa Aaaaaaaaa Aaaaaaaaa
a Aaaaaaaaaaaaaaaaaaaa Aaaaaaaa Aaaa Aaaaaa Aaaaaaaaaaaaaaaaaaaa Aaaaa Aaaa Aa Aaaaaaaaaaaaaaaaaaaa Aaaa Aaa Aaaaaaaa Aa Aaa Aaa Aaaaaaaaaa Aaaaaaaaaa Aaaaaa Aaa Aaaaaaaaaaaaaaaaa Aaaaa Aaaa Aaaaaaaaaaa Aaaaaaaaaaa Aaaaaaa Aaaaaaaa Aaaaa Aaaaaaaaaaa
a Aaaaaa Aaaaaaaaaa Aaaa Aaaaaaaaaaa a Aaaaaaaaaaa Aaaaaaaaaa Aaaaaaa Aaaaaaa Aaaaaaa Aaaaaaaaaaaaaaaaa Aaaaaa Aaaaa Aaaaa Aaaaaaaaaaaaaaaaaaaaa Aaaa Aaaaaaa Aaaaaa Aa Aaaaaa Aaaaaaaa Aaaaaaa
a Aaaa Aaaaaa Aa Aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa Aa Aa Aa Aaaaaaa Aaaaaaaaaaaa Aaaaaaaaaaaaaaaaaaaaaaaaaaaaaa Aaaaa Aaaaaa Aaaaa Aaaa Aa Aaa Aaaaa Aaaaa Aaaaaaa Aaa Aaaaa Aa Aa Aaaaaaaaaaaa Aaaaaaaaaaaa Aaaaa Aaaaa Aaaaaaaaaaaaaaaaaaaaaa Aa Aaa Aaa Aaaaaaaaaa
🔒New cross-process IPC paths and ID construction logic have several edge cases and trust-boundary interactions worth security investigation.
Subscribe to read more