It only happens with the runtime flag --site-per-process.
I change the priority 1->2 M61->M62, but will keep working on it.

We need to fix this as site isolation is being gradually turned on.

The Android rollout will follow desktop, but we should still fix this soon.

asimjour@ was looking into this, was there any progress toward a solution?

Amir, just wondering if there is any update on this?
Also, has --site-per-process turned on by default on Android?

RE: has --site-per-process turned on by default on Android?

Up to date there are no OOPIFs / isolation modes shipping on Android.  The recently announced site-per-process enterprise policy [1] is restricted to desktops (ChromeOS, Windows, Mac, Linux).

[1] https://www.blog.google/topics/connected-workspaces/security-enhancements-and-more-enterprise-chrome-browser-customers/

One more data point: --site-per-process does however work well on Android, so it definitely can be experimented/worked with. chrome://flags/#enable-site-per-process

I'm changing how our input is routed (to do it through Android UI). This *should* fix any issues we have here.

I agree that's the best way to fix it. If input is arriving via calls to ui::ViewClient, then from the point of view of content, they are just regular user input and can be handled the same.

Related "PSA: Please make sure your code works with OOPIFs": https://groups.google.com/a/chromium.org/d/topic/blink-dev/fCTPcKBlmJ4/discussion

Won't get this in for 65. Was there any reason this was urgent for 65?

RE: prioritization / context question from #19

Site Isolation (which leads to OOPIFs) is part of Google's response to the Spectre attack.  After the Spectre announcements (e.g. https://support.google.com/faqs/answer/7622138#chrome) there is an increase in the number of Site Isolation users and we expect to see more usage growth going forward.  AFAIK, the Oculus browser is based on Chromium and I think it also is considering using Site Isolation.

lukasza, is Site Isolation still behind a flag for M-65?

If so, I don't think it's worth us rushing our fix for M-65, as it's coming in way too hot and is likely to cause more problems than it solves if we're not careful.

Yes, Site Isolation is behind an opt-in flag for M65 (and/or behind an opt-in Enterprise Policy, but this particular policy only applies to desktop platforms, not to Android).

User Scenario: You have to enable the "Top document isolation" flag, and then you can go to a page like https://jsfiddle.net/fsbhjy9t/1/ and make sure you can interact with the wikipedia window in the corner.

Added test case "Interact with content in iframes" to "VR Browsing manual test plan" document.  Verified that the feature was working as expected on build 66.0.3359.10.