[Site Isolation] Enable same-site BFCache with cross-site iframes via UIProcess coordination
444bd55
Site Isolation runs cross-origin iframes in separate WebContent processes; under that model, suspending or restoring a BFCache'd page requires coordinating an arbitrary number of renderer processes in parallel. BFCache itself preserves a complete page snapshot (DOM, JS heap, media state) so back/forward traversal is instant; previously, pages with cross-site iframes were simply excluded from it.
Source/WebCore/loader/FrameLoader.cpp
- if (RefPtr provisionalItem = history().provisionalItem(); provisionalItem && BackForwardCache::singleton().get(*provisionalItem, protect(frame->page()).get())) {
+ RefPtr provisionalItem = history().provisionalItem();
+ bool hasCachedPage = provisionalItem && BackForwardCache::singleton().get(*provisionalItem, protect(frame->page()).get());
+ if (hasCachedPage && shouldRestoreFromBackForwardCache != ShouldRestoreFromBackForwardCache::No) {
loadProvisionalItemFromCachedPage();
return;
}
+ if (hasCachedPage) {
+ BackForwardCache::singleton().remove(*provisionalItem);
+ } else if (shouldRestoreFromBackForwardCache == ShouldRestoreFromBackForwardCache::Yes)
+ FRAMELOADER_RELEASE_LOG_ERROR(ResourceLoading, "...");
This commit makes the UIProcess the sole BFCache authority via a three-valued ShouldRestoreFromBackForwardCache signal (Yes/No/Unspecified). On cache, UIProcess walks the live frame tree and dispatches SuspendWithFrameItem to each iframe process; on restore, takeForRestoration() atomically takes ownership and dispatches RestoreWithFrameItem to each iframe process before commit. Legacy non-SI paths pass ::Unspecified and fall through to previous hasCachedPage semantics. A race guard handles DidCacheBackForwardItem IPCs arriving after the user has already navigated back.
Significance
This is the architectural ground-truth for BFCache under Site Isolation, shifting cache lifecycle authority from the WebProcess to the UIProcess and introducing new ownership semantics (takeForRestoration(), m_pagesPendingClose-style mirror entries) across multiple renderer processes.
Audit directions
Aaaaaaa Aaaaaaaaaa Aaaaaaa Aaa Aaa Aaaa Aaaaa Aa Aaaaaaaaaaaaaaaaaaaaaaaaa Aaaaaaaa Aaa Aaaaaa Aaaaaa Aaa Aaaaaaa Aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa a Aaa Aaaaaaaaaaaaa Aaaaaaaaaaa Aaaaaaaaaaa Aaaaaaaa Aaaaaaaa Aaaaaaaaa Aaaaa Aaaaa Aaaaa Aaaaaaaaaa Aaaaaaa a Aaaaa Aaaaaaaaa Aaaaaa Aaaaaa Aaa Aaaaaaaaaaaaaaaaaaaaaaaaaaaaa Aaaaaa Aaaaaaaaaaaaaaaaaaaaaaaaaa Aa Aaaaaaaa Aaa Aaaaaaaaaaaa Aaaaaaaaaaaaaaaaa Aaaa Aaaaaa Aa Aaa Aaaaa Aaaaa Aa Aaaaaa Aaa Aaaaaaaaaaa Aaa Aaaaaaaaaa Aaaaaaa a Aaaaaa Aaaa Aa Aaaaaaaa Aaaaaaaaa Aaa Aaaaaaa Aaaaaaaaaaaaaaaaaaaaaaaa Aaaaaaa Aaaaaaaaa Aaaaaa Aaaa Aaaaaaaaaaaaaa Aaaaaaaaaa Aaa Aaaaa Aaaaaaaaaaa Aaaaa Aaa Aaaaa Aaa Aaa Aaaaaa Aaaa Aaaaaa Aaa Aaaaaaaaaaaaaaa Aaaaa Aaa a Aaaaaaaaaa Aaaaaaaaaaaaaaaaaaaaaa Aa Aa Aaaaaa Aaa Aaaaaaa Aa Aa Aaaaaaa Aaa Aaa Aaaaaaaaaaaaaaaaaaaaaaaaaaaaaa Aaaaa Aaaaaaaa Aaaaaaa Aaaaaaaaaaaaaaaaaaaaaaa Aaaaa Aaaaaa Aaaaaaa Aaaaaaaaaaaa a a Aaaaaaa Aa Aaaaaaaaaaaa Aaaaa Aaaaa Aaa Aaaaaa Aaaaa Aaaaaaa Aaaaaaaaaaaa
🔒New multi-process state synchronization, race guards, and ownership transfer paths in the suspend/restore pipeline have several edge cases worth auditing.
Subscribe to read more