New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 658530 link

Starred by 2 users

Issue metadata

Status: Fixed
Owner:
Closed: Nov 2016
Cc:
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux , Windows , Mac
Pri: 1
Type: Bug-Regression



Sign in to add a comment

Links in sandboxed iframe not opening, url bar stops working

Reported by tom...@gmail.com, Oct 22 2016

Issue description

UserAgent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.21 Safari/537.36

Steps to reproduce the problem:
1. Go to https://onlyzero.net/1HeLLo4uzjaLetFx6NH3PMwFP3qbRbTf3D/
2. Click on "ZeroHello" (or any other page) on left list

What is the expected behavior?
It should navigate to the site.

What went wrong?
Nothing is happening, browser reload/back buttons or url editing also not working.

Did this work before? Yes 54

Chrome version: 55.0.2883.21  Channel: beta
OS Version: 10.0
Flash Version: Shockwave Flash 23.0 r0

Iframe options: sandbox="allow-forms allow-scripts allow-top-navigation allow-popups "
The http get is received by the server, but it's displayed as cancelled in devtool's network tab.
 
Cc: kkaluri@chromium.org
Labels: -Type-Bug -Pri-2 hasbisected-per-revision M-54 OS-Linux OS-Mac Pri-1 Type-Bug-Regression
Owner: clamy@chromium.org
Status: Assigned (was: Unconfirmed)
Able to reproduce this issue on Windows 10,Ubuntu 14.04 and Mac 10.12 on latest chrome beta version 55.0.2883.21. 
Issue is broken in M55. 

Below are the bisect details for the same:

Bisect Info:
===========
Good Build : 55.0.2873.0,  Revision Range (421052)                                           
Bad Build  : 55.0.2874.0 , Revision Range (421409)


After executing the bisect script, i got the following CL's between good and bad build versions
=============================================================================================== 
https://chromium.googlesource.com/chromium/src/+log/637695e922a60107439263a586edf0a90ec3cd65..cbf524d4ff19eb202e4ff67810f1909e05b52849



The suspecting Change Log is :
-----------
https://chromium.googlesource.com/chromium/src/+/cbf524d4ff19eb202e4ff67810f1909e05b52849




From the above CL suspecting the below change
Review URL: https://codereview.chromium.org/2364943002

clamy @- Could you please look into this issue, if it's related to your change?  if not could you please help us to reassign this issue to the right owner.

Thanks.!
Labels: -hasbisected-per-revision hasbisect-per-revision

Comment 3 by e...@chromium.org, Oct 24 2016

Components: -Blink Blink>Loader
Cc: ranjitkan@chromium.org
Labels: -M-54 ReleaseBlock-Stable M-55
Just to update, able to reproduce the issue on Win 10, MAC 10.11.6, Ubuntu 14.04. for canary version 56.0.2900.0. Adding blocker label, so that issue gets fixed before M55 hits stable.

@clamy: Request you to please take a look into it and provide an update on this.

Thanks.!

Comment 5 by gov...@chromium.org, Oct 26 2016

**** Bulk edit -  please ignore if not applicable ****

A friendly reminder that M55 Stable is launch is coming soon! Your bug is labelled as Stable ReleaseBlock, pls make sure to land the fix and get it merged into the release branch ASAP so it gets enough baking time in Beta (before Stable promotion). Thank you!
Able to reproduce the issue on Mac 10.11.6 using chrome latest version 56.0.2905.0.

clamy@ Could you please look into this issue.

Thanks,

Comment 7 by gov...@chromium.org, Oct 31 2016

**** Bulk edit -  please ignore if not applicable ****

A friendly reminder that M55 Stable is launch is coming soon! Your bug is labelled as Stable ReleaseBlock, pls make sure to land the fix and get it merged into the release branch ASAP so it gets enough baking time in Beta (before Stable promotion). Thank you!


Comment 8 by clamy@chromium.org, Nov 2 2016

Cc: lukasza@chromium.org creis@chromium.org
+creis, lukasza

This came while I was ooo so I did not have time to look at it. Could it be related to the popup issues lukasza@ had been looking at?
I think this isn't related to WindowOpenDisposition and/or to anchor targets.

FWIW, I see that the difference after r421184 is that after step 2 of the repro (clicking on "ZeroHello"), NavigationThrottle::ThrottleCheckResult::CANCEL is sent back to the IO thread (it used to be PROCEED) from the following callstack:

#2 0x7f4e261f328c content::(anonymous namespace)::SendCheckResultToIOThread()
#3 0x7f4e261f2fa7 content::(anonymous namespace)::FindNavigationHandle()
#4 0x7f4e261f2907 content::(anonymous namespace)::WillProcessResponseOnUIThread()
...

FWIW, I see that FindNavigationHandle has found a |render_frame_host|, but then NavigatorImpl::GetNavigationHandleForFrameHost returns null:

[24261:24261:1102/155836:ERROR:navigator_impl.cc(1009)] GetNavigationHandleForFrameHost;  render_frame_host->navigation_handle() = (nil)

Thanks for looking at this. I'll have a look at why we don't have a NavigationHandle in that case.
After investigating some more, the issue is that we get a same-page navigation in the middle of the different-page navigation which deletes the different-page NavigationHandle. When the different-page navigation wants to check WillprocessResponse, we don't find the NavigationHandle and cancel it.

I'll work on a patch to not have the NavigationHandle be deleted in that case. If we feel that it is to risky to cheery-pick to the M55 branch, I can revert the original patch on the M55 branch (it's needed for work that landed in M56), or make a simple change to make sure we allow the navigation to proceed even if we don't find the NavigationHandle.
**** Bulk edit -  please ignore if not applicable ****

A friendly reminder that M55 Stable is launch is coming soon! Your bug is labelled as Stable ReleaseBlock, pls make sure to land the fix and get it merged into the release branch ASAP so it gets enough baking time in Beta (before Stable promotion). Thank you!

Also due to Thanksgiving holidays in US, please make sure all fixes are ready and merged to M55 latest by 5:00 PM PT Friday, 11/18/16.
Project Member

Comment 13 by bugdroid1@chromium.org, Nov 8 2016

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/13dbcd1e7b46a500c1afde8256949aeecdcb18be

commit 13dbcd1e7b46a500c1afde8256949aeecdcb18be
Author: clamy <clamy@chromium.org>
Date: Tue Nov 08 18:06:10 2016

Ensure that navigation will proceed when no NavigationHandle is found

This is a fix for an issue where the NavigationHandle is destroyed by
the commit of a same-page navigation, which will cancel an ongoing
navigation. This patch allows the navigation to go through, and is meant
to be a temporary fix until https://codereview.chromium.org/2475693002/
lands.

BUG= 658530 

Review-Url: https://codereview.chromium.org/2481173002
Cr-Commit-Position: refs/heads/master@{#430650}

[modify] https://crrev.com/13dbcd1e7b46a500c1afde8256949aeecdcb18be/content/browser/loader/navigation_resource_throttle.cc

Labels: Merge-Request-55

Comment 15 by dimu@chromium.org, Nov 9 2016

Labels: -Merge-Request-55 Merge-Approved-55 Hotlist-Merge-Approved
Your change meets the bar and is auto-approved for M55 (branch: 2883)
Project Member

Comment 16 by bugdroid1@chromium.org, Nov 10 2016

Labels: -merge-approved-55 merge-merged-2883
The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/34708c0c752eaf5bfa865c2233f4272cc5d3e208

commit 34708c0c752eaf5bfa865c2233f4272cc5d3e208
Author: clamy <clamy@chromium.org>
Date: Thu Nov 10 10:58:55 2016

Ensure that navigation will proceed when no NavigationHandle is found

This is a fix for an issue where the NavigationHandle is destroyed by
the commit of a same-page navigation, which will cancel an ongoing
navigation. This patch allows the navigation to go through, and is meant
to be a temporary fix until https://codereview.chromium.org/2475693002/
lands.

BUG= 658530 

Review-Url: https://codereview.chromium.org/2481173002
Cr-Commit-Position: refs/heads/master@{#430650}
(cherry picked from commit 13dbcd1e7b46a500c1afde8256949aeecdcb18be)

Review URL: https://codereview.chromium.org/2488163004 .

Cr-Commit-Position: refs/branch-heads/2883@{#518}
Cr-Branched-From: 614d31daee2f61b0180df403a8ad43f20b9f6dd7-refs/heads/master@{#423768}

[modify] https://crrev.com/34708c0c752eaf5bfa865c2233f4272cc5d3e208/content/browser/loader/navigation_resource_throttle.cc

Project Member

Comment 17 by bugdroid1@chromium.org, Nov 10 2016

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/3bf35e3c0aed8dbfcdfcbc00e15c650e62838d03

commit 3bf35e3c0aed8dbfcdfcbc00e15c650e62838d03
Author: clamy <clamy@chromium.org>
Date: Thu Nov 10 15:59:44 2016

Do not reset NavigationHandle when navigating same-page

This CL ensures that the NavigationHandle in the RenderFrameHost is not
reset when the frame just navigated same-page. This matches what Blink
is doing, where a same-page navigation will not interrupt a
cross-document one.

BUG= 658530 
CQ_INCLUDE_TRYBOTS=master.tryserver.chromium.linux:linux_site_isolation

Review-Url: https://codereview.chromium.org/2475693002
Cr-Commit-Position: refs/heads/master@{#431265}

[modify] https://crrev.com/3bf35e3c0aed8dbfcdfcbc00e15c650e62838d03/chrome/browser/ssl/chrome_security_state_model_client_unittest.cc
[modify] https://crrev.com/3bf35e3c0aed8dbfcdfcbc00e15c650e62838d03/content/browser/frame_host/interstitial_page_navigator_impl.cc
[modify] https://crrev.com/3bf35e3c0aed8dbfcdfcbc00e15c650e62838d03/content/browser/frame_host/interstitial_page_navigator_impl.h
[modify] https://crrev.com/3bf35e3c0aed8dbfcdfcbc00e15c650e62838d03/content/browser/frame_host/navigation_controller_impl.cc
[modify] https://crrev.com/3bf35e3c0aed8dbfcdfcbc00e15c650e62838d03/content/browser/frame_host/navigation_controller_impl.h
[modify] https://crrev.com/3bf35e3c0aed8dbfcdfcbc00e15c650e62838d03/content/browser/frame_host/navigation_controller_impl_browsertest.cc
[modify] https://crrev.com/3bf35e3c0aed8dbfcdfcbc00e15c650e62838d03/content/browser/frame_host/navigator.cc
[modify] https://crrev.com/3bf35e3c0aed8dbfcdfcbc00e15c650e62838d03/content/browser/frame_host/navigator.h
[modify] https://crrev.com/3bf35e3c0aed8dbfcdfcbc00e15c650e62838d03/content/browser/frame_host/navigator_impl.cc
[modify] https://crrev.com/3bf35e3c0aed8dbfcdfcbc00e15c650e62838d03/content/browser/frame_host/navigator_impl.h
[modify] https://crrev.com/3bf35e3c0aed8dbfcdfcbc00e15c650e62838d03/content/browser/frame_host/render_frame_host_impl.cc
[modify] https://crrev.com/3bf35e3c0aed8dbfcdfcbc00e15c650e62838d03/content/browser/frame_host/render_frame_host_impl.h
[modify] https://crrev.com/3bf35e3c0aed8dbfcdfcbc00e15c650e62838d03/content/browser/loader/navigation_resource_throttle.cc
[modify] https://crrev.com/3bf35e3c0aed8dbfcdfcbc00e15c650e62838d03/testing/buildbot/filters/browser-side-navigation.linux.content_browsertests.filter
[modify] https://crrev.com/3bf35e3c0aed8dbfcdfcbc00e15c650e62838d03/third_party/WebKit/Source/core/loader/FrameLoader.cpp

Comment 18 by clamy@chromium.org, Nov 10 2016

Status: Fixed (was: Assigned)
Labels: TE-Verified-55.0.2883.52 TE-Verified-M55
Verified the fix on Windows 10, Ubuntu 14.04 and Mac 10.11.6 using Chrome Beta version #55.0.2883.52 as per the comment #0.

Observed that the fix is working as expected.

Attaching the screencast for reference

Hence, adding the verified labels

Issue 658530.mp4
656 KB View Download

Sign in to add a comment