Links in sandboxed iframe not opening, url bar stops working
Reported by
tom...@gmail.com,
Oct 22 2016
|
||||||||||
Issue descriptionUserAgent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.21 Safari/537.36 Steps to reproduce the problem: 1. Go to https://onlyzero.net/1HeLLo4uzjaLetFx6NH3PMwFP3qbRbTf3D/ 2. Click on "ZeroHello" (or any other page) on left list What is the expected behavior? It should navigate to the site. What went wrong? Nothing is happening, browser reload/back buttons or url editing also not working. Did this work before? Yes 54 Chrome version: 55.0.2883.21 Channel: beta OS Version: 10.0 Flash Version: Shockwave Flash 23.0 r0 Iframe options: sandbox="allow-forms allow-scripts allow-top-navigation allow-popups " The http get is received by the server, but it's displayed as cancelled in devtool's network tab.
,
Oct 24 2016
,
Oct 24 2016
,
Oct 26 2016
Just to update, able to reproduce the issue on Win 10, MAC 10.11.6, Ubuntu 14.04. for canary version 56.0.2900.0. Adding blocker label, so that issue gets fixed before M55 hits stable. @clamy: Request you to please take a look into it and provide an update on this. Thanks.!
,
Oct 26 2016
**** Bulk edit - please ignore if not applicable **** A friendly reminder that M55 Stable is launch is coming soon! Your bug is labelled as Stable ReleaseBlock, pls make sure to land the fix and get it merged into the release branch ASAP so it gets enough baking time in Beta (before Stable promotion). Thank you!
,
Oct 31 2016
Able to reproduce the issue on Mac 10.11.6 using chrome latest version 56.0.2905.0. clamy@ Could you please look into this issue. Thanks,
,
Oct 31 2016
**** Bulk edit - please ignore if not applicable **** A friendly reminder that M55 Stable is launch is coming soon! Your bug is labelled as Stable ReleaseBlock, pls make sure to land the fix and get it merged into the release branch ASAP so it gets enough baking time in Beta (before Stable promotion). Thank you!
,
Nov 2 2016
+creis, lukasza This came while I was ooo so I did not have time to look at it. Could it be related to the popup issues lukasza@ had been looking at?
,
Nov 2 2016
I think this isn't related to WindowOpenDisposition and/or to anchor targets. FWIW, I see that the difference after r421184 is that after step 2 of the repro (clicking on "ZeroHello"), NavigationThrottle::ThrottleCheckResult::CANCEL is sent back to the IO thread (it used to be PROCEED) from the following callstack: #2 0x7f4e261f328c content::(anonymous namespace)::SendCheckResultToIOThread() #3 0x7f4e261f2fa7 content::(anonymous namespace)::FindNavigationHandle() #4 0x7f4e261f2907 content::(anonymous namespace)::WillProcessResponseOnUIThread() ... FWIW, I see that FindNavigationHandle has found a |render_frame_host|, but then NavigatorImpl::GetNavigationHandleForFrameHost returns null: [24261:24261:1102/155836:ERROR:navigator_impl.cc(1009)] GetNavigationHandleForFrameHost; render_frame_host->navigation_handle() = (nil)
,
Nov 3 2016
Thanks for looking at this. I'll have a look at why we don't have a NavigationHandle in that case.
,
Nov 3 2016
After investigating some more, the issue is that we get a same-page navigation in the middle of the different-page navigation which deletes the different-page NavigationHandle. When the different-page navigation wants to check WillprocessResponse, we don't find the NavigationHandle and cancel it. I'll work on a patch to not have the NavigationHandle be deleted in that case. If we feel that it is to risky to cheery-pick to the M55 branch, I can revert the original patch on the M55 branch (it's needed for work that landed in M56), or make a simple change to make sure we allow the navigation to proceed even if we don't find the NavigationHandle.
,
Nov 7 2016
**** Bulk edit - please ignore if not applicable **** A friendly reminder that M55 Stable is launch is coming soon! Your bug is labelled as Stable ReleaseBlock, pls make sure to land the fix and get it merged into the release branch ASAP so it gets enough baking time in Beta (before Stable promotion). Thank you! Also due to Thanksgiving holidays in US, please make sure all fixes are ready and merged to M55 latest by 5:00 PM PT Friday, 11/18/16.
,
Nov 8 2016
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/13dbcd1e7b46a500c1afde8256949aeecdcb18be commit 13dbcd1e7b46a500c1afde8256949aeecdcb18be Author: clamy <clamy@chromium.org> Date: Tue Nov 08 18:06:10 2016 Ensure that navigation will proceed when no NavigationHandle is found This is a fix for an issue where the NavigationHandle is destroyed by the commit of a same-page navigation, which will cancel an ongoing navigation. This patch allows the navigation to go through, and is meant to be a temporary fix until https://codereview.chromium.org/2475693002/ lands. BUG= 658530 Review-Url: https://codereview.chromium.org/2481173002 Cr-Commit-Position: refs/heads/master@{#430650} [modify] https://crrev.com/13dbcd1e7b46a500c1afde8256949aeecdcb18be/content/browser/loader/navigation_resource_throttle.cc
,
Nov 9 2016
,
Nov 9 2016
Your change meets the bar and is auto-approved for M55 (branch: 2883)
,
Nov 10 2016
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/34708c0c752eaf5bfa865c2233f4272cc5d3e208 commit 34708c0c752eaf5bfa865c2233f4272cc5d3e208 Author: clamy <clamy@chromium.org> Date: Thu Nov 10 10:58:55 2016 Ensure that navigation will proceed when no NavigationHandle is found This is a fix for an issue where the NavigationHandle is destroyed by the commit of a same-page navigation, which will cancel an ongoing navigation. This patch allows the navigation to go through, and is meant to be a temporary fix until https://codereview.chromium.org/2475693002/ lands. BUG= 658530 Review-Url: https://codereview.chromium.org/2481173002 Cr-Commit-Position: refs/heads/master@{#430650} (cherry picked from commit 13dbcd1e7b46a500c1afde8256949aeecdcb18be) Review URL: https://codereview.chromium.org/2488163004 . Cr-Commit-Position: refs/branch-heads/2883@{#518} Cr-Branched-From: 614d31daee2f61b0180df403a8ad43f20b9f6dd7-refs/heads/master@{#423768} [modify] https://crrev.com/34708c0c752eaf5bfa865c2233f4272cc5d3e208/content/browser/loader/navigation_resource_throttle.cc
,
Nov 10 2016
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/3bf35e3c0aed8dbfcdfcbc00e15c650e62838d03 commit 3bf35e3c0aed8dbfcdfcbc00e15c650e62838d03 Author: clamy <clamy@chromium.org> Date: Thu Nov 10 15:59:44 2016 Do not reset NavigationHandle when navigating same-page This CL ensures that the NavigationHandle in the RenderFrameHost is not reset when the frame just navigated same-page. This matches what Blink is doing, where a same-page navigation will not interrupt a cross-document one. BUG= 658530 CQ_INCLUDE_TRYBOTS=master.tryserver.chromium.linux:linux_site_isolation Review-Url: https://codereview.chromium.org/2475693002 Cr-Commit-Position: refs/heads/master@{#431265} [modify] https://crrev.com/3bf35e3c0aed8dbfcdfcbc00e15c650e62838d03/chrome/browser/ssl/chrome_security_state_model_client_unittest.cc [modify] https://crrev.com/3bf35e3c0aed8dbfcdfcbc00e15c650e62838d03/content/browser/frame_host/interstitial_page_navigator_impl.cc [modify] https://crrev.com/3bf35e3c0aed8dbfcdfcbc00e15c650e62838d03/content/browser/frame_host/interstitial_page_navigator_impl.h [modify] https://crrev.com/3bf35e3c0aed8dbfcdfcbc00e15c650e62838d03/content/browser/frame_host/navigation_controller_impl.cc [modify] https://crrev.com/3bf35e3c0aed8dbfcdfcbc00e15c650e62838d03/content/browser/frame_host/navigation_controller_impl.h [modify] https://crrev.com/3bf35e3c0aed8dbfcdfcbc00e15c650e62838d03/content/browser/frame_host/navigation_controller_impl_browsertest.cc [modify] https://crrev.com/3bf35e3c0aed8dbfcdfcbc00e15c650e62838d03/content/browser/frame_host/navigator.cc [modify] https://crrev.com/3bf35e3c0aed8dbfcdfcbc00e15c650e62838d03/content/browser/frame_host/navigator.h [modify] https://crrev.com/3bf35e3c0aed8dbfcdfcbc00e15c650e62838d03/content/browser/frame_host/navigator_impl.cc [modify] https://crrev.com/3bf35e3c0aed8dbfcdfcbc00e15c650e62838d03/content/browser/frame_host/navigator_impl.h [modify] https://crrev.com/3bf35e3c0aed8dbfcdfcbc00e15c650e62838d03/content/browser/frame_host/render_frame_host_impl.cc [modify] https://crrev.com/3bf35e3c0aed8dbfcdfcbc00e15c650e62838d03/content/browser/frame_host/render_frame_host_impl.h [modify] https://crrev.com/3bf35e3c0aed8dbfcdfcbc00e15c650e62838d03/content/browser/loader/navigation_resource_throttle.cc [modify] https://crrev.com/3bf35e3c0aed8dbfcdfcbc00e15c650e62838d03/testing/buildbot/filters/browser-side-navigation.linux.content_browsertests.filter [modify] https://crrev.com/3bf35e3c0aed8dbfcdfcbc00e15c650e62838d03/third_party/WebKit/Source/core/loader/FrameLoader.cpp
,
Nov 10 2016
,
Nov 16 2016
Verified the fix on Windows 10, Ubuntu 14.04 and Mac 10.11.6 using Chrome Beta version #55.0.2883.52 as per the comment #0. Observed that the fix is working as expected. Attaching the screencast for reference Hence, adding the verified labels |
||||||||||
►
Sign in to add a comment |
||||||||||
Comment 1 by kkaluri@chromium.org
, Oct 24 2016Labels: -Type-Bug -Pri-2 hasbisected-per-revision M-54 OS-Linux OS-Mac Pri-1 Type-Bug-Regression
Owner: clamy@chromium.org
Status: Assigned (was: Unconfirmed)