POST data is lost when navigating back to a post that does cross-site transfer |
|||||
Issue description
Repro steps:
1. Navigate to a page with a form that posts to a location
that will issue a cross-site 307 redirect:
<form id="form" method="POST" action="/cross-site-307/x.com/echoall">
<input type="text" name="text" value="value">
<input type="submit">
</form>
2. Submit the form. Verify that POST data got sent correctly.
3. Navigate to yet another page.
4. Go back in session history (to #2 above effectively).
Expected behavior: POST data gets sent in step 4 just as it was send in step 2.
Actual behavior: POST data gets lost somewhere...
,
May 18 2016
This needs further investigation, but one suspicious place is where NavigatorImpl::RequestTransferURL always creates an empty, fresh PageState:
entry->AddOrUpdateFrameEntry(
node, -1, -1, nullptr,
static_cast<SiteInstanceImpl*>(source_site_instance), dest_url,
referrer_to_use, PageState(), "GET", -1);
,
May 23 2016
Comment 2: Yes, that's where I would expect it to be lost.
,
May 23 2016
,
May 24 2016
,
May 24 2016
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/2ad8fef46aa29f84a97e5600d3c5c8447f79c3ff commit 2ad8fef46aa29f84a97e5600d3c5c8447f79c3ff Author: lukasza <lukasza@chromium.org> Date: Tue May 24 23:00:43 2016 Test for navigating back to navigation that posts to a cross-site 307 redirect. This test is currently broken in --site-per-process mode. BUG= 613004 Review-Url: https://codereview.chromium.org/1993093002 Cr-Commit-Position: refs/heads/master@{#395721} [modify] https://crrev.com/2ad8fef46aa29f84a97e5600d3c5c8447f79c3ff/content/browser/session_history_browsertest.cc [modify] https://crrev.com/2ad8fef46aa29f84a97e5600d3c5c8447f79c3ff/content/public/test/browser_test_utils.cc [modify] https://crrev.com/2ad8fef46aa29f84a97e5600d3c5c8447f79c3ff/content/public/test/browser_test_utils.h [add] https://crrev.com/2ad8fef46aa29f84a97e5600d3c5c8447f79c3ff/content/test/data/session_history/form_that_posts_cross_site.html [modify] https://crrev.com/2ad8fef46aa29f84a97e5600d3c5c8447f79c3ff/testing/buildbot/filters/site-per-process.content_browsertests.filter
,
Jun 3 2016
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/5aa2c3740801f1c148c85db6612c24be0a76b6fe commit 5aa2c3740801f1c148c85db6612c24be0a76b6fe Author: lukasza <lukasza@chromium.org> Date: Fri Jun 03 19:38:08 2016 Forwarding POST body into renderer after a cross-site transfer. After this CL, ResourceRequestBody from ResourceHostMsg_Request will get sent after a cross-site transfer in FrameMsg_Navigate: - ResourceDispatcherHostImpl::BeginRequest stores ResourceHostMsg_Request::request_body into ResourceRequestInfoImpl::body_ - NavigationResourceThrottle::WillStartRequest forwards ResourceRequestInfoImpl::body_ into a call to NavigationHandleImpl::WillStartRequest, where the body gets stored in NavigationHandleImpl::resource_request_body_ - NavigationHandleImpl::WillRedirectRequest takes care to reset the body if a redirect changed the method to a non-POST. (see also https://crbug.com/582211#c22 ). - RenderFrameHostManager::OnCrossSiteResponse forwards NavigationHandleImpl::resource_request_body_ into the call to NavigatorImpl::RequestTransferURL. The body is used to set the proper method on FrameNavigationEntry and used to populate CommonNavigationParams. BUG= 582211 , 613004 CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_site_isolation Review-Url: https://codereview.chromium.org/1956383003 Cr-Commit-Position: refs/heads/master@{#397779} [modify] https://crrev.com/5aa2c3740801f1c148c85db6612c24be0a76b6fe/chrome/test/base/ui_test_utils.cc [modify] https://crrev.com/5aa2c3740801f1c148c85db6612c24be0a76b6fe/content/browser/frame_host/navigation_handle_impl.cc [modify] https://crrev.com/5aa2c3740801f1c148c85db6612c24be0a76b6fe/content/browser/frame_host/navigation_handle_impl.h [modify] https://crrev.com/5aa2c3740801f1c148c85db6612c24be0a76b6fe/content/browser/frame_host/navigation_handle_impl_unittest.cc [modify] https://crrev.com/5aa2c3740801f1c148c85db6612c24be0a76b6fe/content/browser/frame_host/navigation_request.cc [modify] https://crrev.com/5aa2c3740801f1c148c85db6612c24be0a76b6fe/content/browser/frame_host/navigator.h [modify] https://crrev.com/5aa2c3740801f1c148c85db6612c24be0a76b6fe/content/browser/frame_host/navigator_impl.cc [modify] https://crrev.com/5aa2c3740801f1c148c85db6612c24be0a76b6fe/content/browser/frame_host/navigator_impl.h [modify] https://crrev.com/5aa2c3740801f1c148c85db6612c24be0a76b6fe/content/browser/frame_host/render_frame_host_manager.cc [modify] https://crrev.com/5aa2c3740801f1c148c85db6612c24be0a76b6fe/content/browser/frame_host/render_frame_proxy_host.cc [modify] https://crrev.com/5aa2c3740801f1c148c85db6612c24be0a76b6fe/content/browser/loader/DEPS [modify] https://crrev.com/5aa2c3740801f1c148c85db6612c24be0a76b6fe/content/browser/loader/navigation_resource_throttle.cc [modify] https://crrev.com/5aa2c3740801f1c148c85db6612c24be0a76b6fe/content/browser/loader/resource_dispatcher_host_impl.cc [modify] https://crrev.com/5aa2c3740801f1c148c85db6612c24be0a76b6fe/content/browser/loader/resource_request_info_impl.cc [modify] https://crrev.com/5aa2c3740801f1c148c85db6612c24be0a76b6fe/content/browser/loader/resource_request_info_impl.h [modify] https://crrev.com/5aa2c3740801f1c148c85db6612c24be0a76b6fe/content/common/navigation_params.cc [modify] https://crrev.com/5aa2c3740801f1c148c85db6612c24be0a76b6fe/content/public/browser/navigation_handle.h [modify] https://crrev.com/5aa2c3740801f1c148c85db6612c24be0a76b6fe/testing/buildbot/filters/site-per-process.content_browsertests.filter [modify] https://crrev.com/5aa2c3740801f1c148c85db6612c24be0a76b6fe/third_party/WebKit/LayoutTests/FlagExpectations/site-per-process
,
Jun 7 2016
|
|||||
►
Sign in to add a comment |
|||||
Comment 1 by lukasza@chromium.org
, May 18 2016