New issue
Advanced search Search tips

Issue 670770 link

Starred by 1 user
Status: Fixed
Owner:
alex...@chromium.org
Closed: Dec 2016
Cc:
kenrb@chromium.org
dcheng@chromium.org
wfh@chromium.org
creis@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: All
Pri: 2
Type: Bug



Sign in to add a comment

OOPIF: Can't open popups after navigating a remote frame.

Project Member Reported by alex...@chromium.org, Dec 2 2016 
What steps will reproduce the problem?
(1) With --site-per-process, go to http://csreis.github.io/tests/cross-site-iframe.html
(2) Click "Go cross-site (simple page)"
(3) From DevTools, execute:
document.querySelector('button').onclick = () => {
  frames[0].location.href="https://csreis.github.io"; 
  window.open("data:text/html,foo"); 
}
(4) Click on "Go cross-site (simple page)" again.

What is the expected result?
A popup should open that displays "foo".  This is what happens without --site-per-process.

What happens instead?
Popup is blocked by the popup blocker, despite the window.open happening in the click handler while having a user gesture.

I think this is because RenderFrameProxy::navigate unconditionally consumes the user gesture:

void RenderFrameProxy::navigate(const blink::WebURLRequest& request,
                                bool should_replace_current_entry) {
  ...
  blink::WebUserGestureIndicator::consumeUserGesture();
  ...
}

whereas it looks like we should only be doing it if a navigation produces a new window.  E.g., in RenderFrameImpl::OpenURL, we have:

  if (policy == blink::WebNavigationPolicyNewBackgroundTab ||
      policy == blink::WebNavigationPolicyNewForegroundTab ||
      policy == blink::WebNavigationPolicyNewWindow ||
      policy == blink::WebNavigationPolicyNewPopup) {
    WebUserGestureIndicator::consumeUserGesture();
  }

I'll take a look at this as part of other user gesture work for OOPIFs.
Project Member

Comment 1 by bugdroid1@chromium.org, Dec 6 2016 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/70efdd1328c65ad6042b296659a8e3f733a4e2ca

commit 70efdd1328c65ad6042b296659a8e3f733a4e2ca
Author: alexmos <alexmos@chromium.org>
Date: Tue Dec 06 21:05:50 2016

Don't consume user gesture in RenderFrameProxy::navigate.

RenderFrameProxy::navigate should never result in opening a new tab
(see RenderFrameProxyHost::OnOpenURL, which DCHECKs that the
disposition is for a current tab).  Yet, it currently unconditionally
consumes the user gesture.  This leads to problems if a frame tries to
later consume the gesture, e.g., by opening a popup, after navigating
a remote frame.  This CL removes that problematic consumeUserGesture()
call.

BUG= 670770 , 589894

Review-Url: https://codereview.chromium.org/2553783003
Cr-Commit-Position: refs/heads/master@{#436721}

[modify] https://crrev.com/70efdd1328c65ad6042b296659a8e3f733a4e2ca/chrome/browser/chrome_site_per_process_browsertest.cc
[modify] https://crrev.com/70efdd1328c65ad6042b296659a8e3f733a4e2ca/content/renderer/render_frame_proxy.cc

Comment 2 by creis@chromium.org, Dec 9 2016

Status: Fixed (was: Assigned)
Seems to be working in 57.0.2945.0, so I assume this can be marked fixed.  Thanks!

Sign in to add a comment