Could you provide a test page?

Hi,
Would a simulation account to our system work for you? And if so could I email it privately to you?

Thank you for providing more feedback. Adding requester "yhirano@chromium.org" to the cc list and removing "Needs-Feedback" label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Thanks, I would like to ask one thing before accessing your system - could you test with BrowserSideNavigation disabled via chrome://flags/#browser-side-navigation? That might affect v61 results.

Hi, I've tried with the flag disabled but it still occurs. 
I will prepare a simulation account with a description and screenshots for you

Thank you for providing more feedback. Adding requester "yhirano@chromium.org" to the cc list and removing "Needs-Feedback" label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

I see, thanks. Then I will investigate. My mail address is yhirano@chromium.org.

I confirmed the issue with 61.0.3163.98 on Android.

dominickn@, can you take a look?

We're going to need some more details here. Otherwise, yhirano@ will need to provide them.

 - when you add to homescreen, is the shortcut opening in Chrome itself or as a standalone progressive web app?
 - how exactly have you implemented the auto submitting form? I.e. where is POST being specified?

Over to piotrs@ for investigation.

This should already be fixed in newest Canary for this particular webapp, however there is a broader problem that right now still affects WebAPKs. Patches are being reviewed right now and I will be trying to merge the fix to m63.

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/a4d8beb85c47926af04d11d2ae514b00d0ddd839

commit a4d8beb85c47926af04d11d2ae514b00d0ddd839
Author: Piotr Swigon <piotrs@chromium.org>
Date: Tue Oct 17 06:44:37 2017

[WebApps] Prevent POST requests from opening in CCT.

POST requests should not get opened in CCT, as:
1) Request might not require redirecting the user.
2) CCT will issue the request as GET and drop the request body.

Test for this change has been extracted to crrev.com/c/722488
for easier merging.

Bug:  771984 
Change-Id: I1f49409ec3de20c9c29352e5e23c571a365e515b
Reviewed-on: https://chromium-review.googlesource.com/722384
Reviewed-by: Dominick Ng <dominickn@chromium.org>
Commit-Queue: Piotr Swigon <piotrs@chromium.org>
Cr-Commit-Position: refs/heads/master@{#509307}
[modify] https://crrev.com/a4d8beb85c47926af04d11d2ae514b00d0ddd839/chrome/android/java/src/org/chromium/chrome/browser/webapps/WebappInterceptNavigationDelegate.java

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/e3f4b2ac8458db6aae544271db13cdf9c6516f57

commit e3f4b2ac8458db6aae544271db13cdf9c6516f57
Author: Piotr Swigon <piotrs@chromium.org>
Date: Tue Oct 17 09:25:33 2017

[WebApps] Test for preventing POST requests from opening in CCT.

This patch contains a test for the change in crrev.com/c/722384, which
has been extracted out for easier merging.

Bug:  771984 
Change-Id: I22ef843febc297a4f2a85a2d0957e7619981e781
Reviewed-on: https://chromium-review.googlesource.com/722488
Commit-Queue: Piotr Swigon <piotrs@chromium.org>
Reviewed-by: Dominick Ng <dominickn@chromium.org>
Cr-Commit-Position: refs/heads/master@{#509333}
[modify] https://crrev.com/e3f4b2ac8458db6aae544271db13cdf9c6516f57/chrome/android/java/src/org/chromium/chrome/browser/webapps/WebappInterceptNavigationDelegate.java
[modify] https://crrev.com/e3f4b2ac8458db6aae544271db13cdf9c6516f57/chrome/android/javatests/src/org/chromium/chrome/browser/webapps/WebappNavigationTest.java

This is fixed now for both legacy web apps and WebAPKs. I will try to merge the fix for WebAPKs into m63, but this particular website should be working already on Chrome Canary 64.0.3241.0.

Hi,
Great to hear, thanks for the quick work! 

I would like to request a merge of crrev.com/c/722384, which is a one-line change fixing POST requests to off webapp scope URLs when running as a WebAPK.

Tests has been landed in a separate patch, so that the fix can be merge more easily (tests in crrev.com/c/722488).

Change is already in Canary and works fine.

Your change meets the bar and is auto-approved for M63. Please go ahead and merge the CL to branch 3239 manually. Please contact milestone owner if you have questions.
Owners: cmasso@(Android), cmasso@(iOS), gkihumba@(ChromeOS), govind@(Desktop)

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/561743ce9507c8c0a35472213c89148d44961d04

commit 561743ce9507c8c0a35472213c89148d44961d04
Author: Piotr Swigon <piotrs@chromium.org>
Date: Thu Oct 19 23:23:53 2017

[WebApps] Prevent POST requests from opening in CCT.

POST requests should not get opened in CCT, as:
1) Request might not require redirecting the user.
2) CCT will issue the request as GET and drop the request body.

Test for this change has been extracted to crrev.com/c/722488
for easier merging.

Bug:  771984 
Change-Id: I1f49409ec3de20c9c29352e5e23c571a365e515b
Reviewed-on: https://chromium-review.googlesource.com/722384
Reviewed-by: Dominick Ng <dominickn@chromium.org>
Commit-Queue: Piotr Swigon <piotrs@chromium.org>
Cr-Original-Commit-Position: refs/heads/master@{#509307}(cherry picked from commit a4d8beb85c47926af04d11d2ae514b00d0ddd839)
Reviewed-on: https://chromium-review.googlesource.com/729659
Reviewed-by: Piotr Swigon <piotrs@chromium.org>
Cr-Commit-Position: refs/branch-heads/3239@{#91}
Cr-Branched-From: adb61db19020ed8ecee5e91b1a0ea4c924ae2988-refs/heads/master@{#508578}
[modify] https://crrev.com/561743ce9507c8c0a35472213c89148d44961d04/chrome/android/java/src/org/chromium/chrome/browser/webapps/WebappInterceptNavigationDelegate.java

After discussions with sbirch@ marking this is an RBS for m62 iff there will be a respin for another issue. In such case crrev.com/c/722384 should be merged. It will not merge without conflict, but the one line which this patch adds can still be added.

We are planning a respin tomorrow. Please request this to be merged into M62 branch and confirm here that this merge is very safe for M62 and cannot make the issue any worse than what it is now.

Requesting an emergency merge of crrev.com/c/722384 into m62 (ahead of the security related respin tomorrow). As discussed between cmasso@ and owencm@.

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/bdc81887306ca70ae3876a905aa13f3aad2b7705

commit bdc81887306ca70ae3876a905aa13f3aad2b7705
Author: Piotr Swigon <piotrs@chromium.org>
Date: Wed Nov 01 23:36:08 2017

[WebApps] Prevent POST requests from opening in CCT.

POST requests should not get opened in CCT, as:
1) Request might not require redirecting the user.
2) CCT will issue the request as GET and drop the request body.

Test for this change has been extracted to crrev.com/c/722488
for easier merging.

(cherry picked from commit a4d8beb85c47926af04d11d2ae514b00d0ddd839)

Bug:  771984 
Change-Id: I1f49409ec3de20c9c29352e5e23c571a365e515b
Reviewed-on: https://chromium-review.googlesource.com/722384
Reviewed-by: Dominick Ng <dominickn@chromium.org>
Commit-Queue: Piotr Swigon <piotrs@chromium.org>
Cr-Original-Commit-Position: refs/heads/master@{#509307}
Reviewed-on: https://chromium-review.googlesource.com/749564
Reviewed-by: Piotr Swigon <piotrs@chromium.org>
Cr-Commit-Position: refs/branch-heads/3202@{#769}
Cr-Branched-From: fa6a5d87adff761bc16afc5498c3f5944c1daa68-refs/heads/master@{#499098}
[modify] https://crrev.com/bdc81887306ca70ae3876a905aa13f3aad2b7705/chrome/android/java/src/org/chromium/chrome/browser/webapps/WebappInterceptNavigationDelegate.java

FYI for anyone following along with this issue: the fix was included in a release that was made available to 100% of devices today, so the issue should largely be disappearing (although some devices may take a while to update of course).