<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>[278900] branches/safari-611-branch</title>
</head>
<body>

<style type="text/css"><!--
#msg dl.meta { border: 1px #006 solid; background: #369; padding: 6px; color: #fff; }
#msg dl.meta dt { float: left; width: 6em; font-weight: bold; }
#msg dt:after { content:':';}
#msg dl, #msg dt, #msg ul, #msg li, #header, #footer, #logmsg { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt;  }
#msg dl a { font-weight: bold}
#msg dl a:link    { color:#fc3; }
#msg dl a:active  { color:#ff0; }
#msg dl a:visited { color:#cc6; }
h3 { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; font-weight: bold; }
#msg pre { overflow: auto; background: #ffc; border: 1px #fa0 solid; padding: 6px; }
#logmsg { background: #ffc; border: 1px #fa0 solid; padding: 1em 1em 0 1em; }
#logmsg p, #logmsg pre, #logmsg blockquote { margin: 0 0 1em 0; }
#logmsg p, #logmsg li, #logmsg dt, #logmsg dd { line-height: 14pt; }
#logmsg h1, #logmsg h2, #logmsg h3, #logmsg h4, #logmsg h5, #logmsg h6 { margin: .5em 0; }
#logmsg h1:first-child, #logmsg h2:first-child, #logmsg h3:first-child, #logmsg h4:first-child, #logmsg h5:first-child, #logmsg h6:first-child { margin-top: 0; }
#logmsg ul, #logmsg ol { padding: 0; list-style-position: inside; margin: 0 0 0 1em; }
#logmsg ul { text-indent: -1em; padding-left: 1em; }#logmsg ol { text-indent: -1.5em; padding-left: 1.5em; }
#logmsg > ul, #logmsg > ol { margin: 0 0 1em 0; }
#logmsg pre { background: #eee; padding: 1em; }
#logmsg blockquote { border: 1px solid #fa0; border-left-width: 10px; padding: 1em 1em 0 1em; background: white;}
#logmsg dl { margin: 0; }
#logmsg dt { font-weight: bold; }
#logmsg dd { margin: 0; padding: 0 0 0.5em 0; }
#logmsg dd:before { content:'\00bb';}
#logmsg table { border-spacing: 0px; border-collapse: collapse; border-top: 4px solid #fa0; border-bottom: 1px solid #fa0; background: #fff; }
#logmsg table th { text-align: left; font-weight: normal; padding: 0.2em 0.5em; border-top: 1px dotted #fa0; }
#logmsg table td { text-align: right; border-top: 1px dotted #fa0; padding: 0.2em 0.5em; }
#logmsg table thead th { text-align: center; border-bottom: 1px solid #fa0; }
#logmsg table th.Corner { text-align: left; }
#logmsg hr { border: none 0; border-top: 2px dashed #fa0; height: 1px; }
#header, #footer { color: #fff; background: #636; border: 1px #300 solid; padding: 6px; }
#patch { width: 100%; }
#patch h4 {font-family: verdana,arial,helvetica,sans-serif;font-size:10pt;padding:8px;background:#369;color:#fff;margin:0;}
#patch .propset h4, #patch .binary h4 {margin:0;}
#patch pre {padding:0;line-height:1.2em;margin:0;}
#patch .diff {width:100%;background:#eee;padding: 0 0 10px 0;overflow:auto;}
#patch .propset .diff, #patch .binary .diff  {padding:10px 0;}
#patch span {display:block;padding:0 10px;}
#patch .modfile, #patch .addfile, #patch .delfile, #patch .propset, #patch .binary, #patch .copfile {border:1px solid #ccc;margin:10px 0;}
#patch ins {background:#dfd;text-decoration:none;display:block;padding:0 10px;}
#patch del {background:#fdd;text-decoration:none;display:block;padding:0 10px;}
#patch .lines, .info {color:#888;background:#fff;}
--></style>
<div id="msg">
<dl class="meta">
<dt>Revision</dt> <dd><a href="http://trac.webkit.org/projects/webkit/changeset/278900">278900</a></dd>
<dt>Author</dt> <dd>alancoon@apple.com</dd>
<dt>Date</dt> <dd>2021-06-15 14:49:24 -0700 (Tue, 15 Jun 2021)</dd>
</dl>

<h3>Log Message</h3>
<pre>Cherry-pick <a href="http://trac.webkit.org/projects/webkit/changeset/278318">r278318</a>. rdar://problem/79355222

    REGRESSION (iOS 14.5): Can't go back and render previous page properly after "location.href"
    https://bugs.webkit.org/show_bug.cgi?id=226323
    <rdar://problem/78623536>

    Reviewed by Alex Christensen.

    Source/WebKit:

    A while back, we did an optimization to allow several WebPage objects associated with the
    same WebPageProxy to live in the same WebProcess. This allowed us to reuse a process from
    a SuspendedPageProxy for a forward navigation, without destroying the SuspendedPageProxy.
    However, this added quite a bit of complexity and this broke some same-process back/forward
    navigations like in this bug. In particular, it is really hard to get do our history
    management right (with the current model) if there is more than more WebPage in a process
    for the same WebPageProxy.

    To address issues, we go back to the older model with one WebPage per WebProcess for a
    given WebPageProxy. To achieve this, we make sure to destroy of SuspendedPageProxy objects
    for the current page and destination process before we process-swap (like we used to do).

    * UIProcess/WebBackForwardCache.cpp:
    (WebKit::WebBackForwardCache::removeEntriesForPageAndProcess):
    * UIProcess/WebBackForwardCache.h:
    * UIProcess/WebPageProxy.cpp:
    (WebKit::WebPageProxy::receivedNavigationPolicyDecision):

    Tools:

    New API test written by Alex Christensen to cover this case.

    * TestWebKitAPI/Tests/WebKitCocoa/ProcessSwapOnNavigation.mm:

    git-svn-id: https://svn.webkit.org/repository/webkit/trunk@278318 268f45cc-cd09-0410-ab3c-d52691b4dbfc</pre>

<h3>Modified Paths</h3>
<ul>
<li><a href="#branchessafari611branchSourceWebKitChangeLog">branches/safari-611-branch/Source/WebKit/ChangeLog</a></li>
<li><a href="#branchessafari611branchSourceWebKitUIProcessWebBackForwardCachecpp">branches/safari-611-branch/Source/WebKit/UIProcess/WebBackForwardCache.cpp</a></li>
<li><a href="#branchessafari611branchSourceWebKitUIProcessWebBackForwardCacheh">branches/safari-611-branch/Source/WebKit/UIProcess/WebBackForwardCache.h</a></li>
<li><a href="#branchessafari611branchSourceWebKitUIProcessWebPageProxycpp">branches/safari-611-branch/Source/WebKit/UIProcess/WebPageProxy.cpp</a></li>
<li><a href="#branchessafari611branchToolsChangeLog">branches/safari-611-branch/Tools/ChangeLog</a></li>
<li><a href="#branchessafari611branchToolsTestWebKitAPITestsWebKitCocoaProcessSwapOnNavigationmm">branches/safari-611-branch/Tools/TestWebKitAPI/Tests/WebKitCocoa/ProcessSwapOnNavigation.mm</a></li>
</ul>

</div>
<div id="patch">
<h3>Diff</h3>
<a id="branchessafari611branchSourceWebKitChangeLog"></a>
<div class="modfile"><h4>Modified: branches/safari-611-branch/Source/WebKit/ChangeLog (278899 => 278900)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-611-branch/Source/WebKit/ChangeLog       2021-06-15 21:49:19 UTC (rev 278899)
+++ branches/safari-611-branch/Source/WebKit/ChangeLog  2021-06-15 21:49:24 UTC (rev 278900)
</span><span class="lines">@@ -1,3 +1,68 @@
</span><ins>+2021-06-15  Alan Coon  <alancoon@apple.com>
+
+        Cherry-pick r278318. rdar://problem/79355222
+
+    REGRESSION (iOS 14.5): Can't go back and render previous page properly after "location.href"
+    https://bugs.webkit.org/show_bug.cgi?id=226323
+    <rdar://problem/78623536>
+    
+    Reviewed by Alex Christensen.
+    
+    Source/WebKit:
+    
+    A while back, we did an optimization to allow several WebPage objects associated with the
+    same WebPageProxy to live in the same WebProcess. This allowed us to reuse a process from
+    a SuspendedPageProxy for a forward navigation, without destroying the SuspendedPageProxy.
+    However, this added quite a bit of complexity and this broke some same-process back/forward
+    navigations like in this bug. In particular, it is really hard to get do our history
+    management right (with the current model) if there is more than more WebPage in a process
+    for the same WebPageProxy.
+    
+    To address issues, we go back to the older model with one WebPage per WebProcess for a
+    given WebPageProxy. To achieve this, we make sure to destroy of SuspendedPageProxy objects
+    for the current page and destination process before we process-swap (like we used to do).
+    
+    * UIProcess/WebBackForwardCache.cpp:
+    (WebKit::WebBackForwardCache::removeEntriesForPageAndProcess):
+    * UIProcess/WebBackForwardCache.h:
+    * UIProcess/WebPageProxy.cpp:
+    (WebKit::WebPageProxy::receivedNavigationPolicyDecision):
+    
+    Tools:
+    
+    New API test written by Alex Christensen to cover this case.
+    
+    * TestWebKitAPI/Tests/WebKitCocoa/ProcessSwapOnNavigation.mm:
+    
+    
+    git-svn-id: https://svn.webkit.org/repository/webkit/trunk@278318 268f45cc-cd09-0410-ab3c-d52691b4dbfc
+
+    2021-06-01  Chris Dumez  <cdumez@apple.com>
+
+            REGRESSION (iOS 14.5): Can't go back and render previous page properly after "location.href"
+            https://bugs.webkit.org/show_bug.cgi?id=226323
+            <rdar://problem/78623536>
+
+            Reviewed by Alex Christensen.
+
+            A while back, we did an optimization to allow several WebPage objects associated with the
+            same WebPageProxy to live in the same WebProcess. This allowed us to reuse a process from
+            a SuspendedPageProxy for a forward navigation, without destroying the SuspendedPageProxy.
+            However, this added quite a bit of complexity and this broke some same-process back/forward
+            navigations like in this bug. In particular, it is really hard to get do our history
+            management right (with the current model) if there is more than more WebPage in a process
+            for the same WebPageProxy.
+
+            To address issues, we go back to the older model with one WebPage per WebProcess for a
+            given WebPageProxy. To achieve this, we make sure to destroy of SuspendedPageProxy objects
+            for the current page and destination process before we process-swap (like we used to do).
+
+            * UIProcess/WebBackForwardCache.cpp:
+            (WebKit::WebBackForwardCache::removeEntriesForPageAndProcess):
+            * UIProcess/WebBackForwardCache.h:
+            * UIProcess/WebPageProxy.cpp:
+            (WebKit::WebPageProxy::receivedNavigationPolicyDecision):
+
</ins><span class="cx"> 2021-06-14  Russell Epstein  <repstein@apple.com>
</span><span class="cx"> 
</span><span class="cx">         Apply patch. rdar://problem/77619702
</span></span></pre></div>
<a id="branchessafari611branchSourceWebKitUIProcessWebBackForwardCachecpp"></a>
<div class="modfile"><h4>Modified: branches/safari-611-branch/Source/WebKit/UIProcess/WebBackForwardCache.cpp (278899 => 278900)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-611-branch/Source/WebKit/UIProcess/WebBackForwardCache.cpp       2021-06-15 21:49:19 UTC (rev 278899)
+++ branches/safari-611-branch/Source/WebKit/UIProcess/WebBackForwardCache.cpp  2021-06-15 21:49:24 UTC (rev 278900)
</span><span class="lines">@@ -145,6 +145,14 @@
</span><span class="cx">     });
</span><span class="cx"> }
</span><span class="cx"> 
</span><ins>+void WebBackForwardCache::removeEntriesForPageAndProcess(WebPageProxy& page, WebProcessProxy& process)
+{
+    removeEntriesMatching([pageID = page.identifier(), processIdentifier = process.coreProcessIdentifier()](auto& item) {
+        ASSERT(item.backForwardCacheEntry());
+        return item.pageID() == pageID && item.backForwardCacheEntry()->processIdentifier() == processIdentifier;
+    });
+}
+
</ins><span class="cx"> void WebBackForwardCache::removeEntriesMatching(const Function<bool(WebBackForwardListItem&)>& matches)
</span><span class="cx"> {
</span><span class="cx">     Vector<Ref<WebBackForwardListItem>> itemsWithEntriesToClear;
</span></span></pre></div>
<a id="branchessafari611branchSourceWebKitUIProcessWebBackForwardCacheh"></a>
<div class="modfile"><h4>Modified: branches/safari-611-branch/Source/WebKit/UIProcess/WebBackForwardCache.h (278899 => 278900)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-611-branch/Source/WebKit/UIProcess/WebBackForwardCache.h 2021-06-15 21:49:19 UTC (rev 278899)
+++ branches/safari-611-branch/Source/WebKit/UIProcess/WebBackForwardCache.h    2021-06-15 21:49:24 UTC (rev 278900)
</span><span class="lines">@@ -53,6 +53,7 @@
</span><span class="cx">     void pruneToSize(unsigned);
</span><span class="cx">     void removeEntriesForProcess(WebProcessProxy&);
</span><span class="cx">     void removeEntriesForPage(WebPageProxy&);
</span><ins>+    void removeEntriesForPageAndProcess(WebPageProxy&, WebProcessProxy&);
</ins><span class="cx">     void removeEntriesForSession(PAL::SessionID);
</span><span class="cx"> 
</span><span class="cx">     void addEntry(WebBackForwardListItem&, std::unique_ptr<SuspendedPageProxy>&&);
</span></span></pre></div>
<a id="branchessafari611branchSourceWebKitUIProcessWebPageProxycpp"></a>
<div class="modfile"><h4>Modified: branches/safari-611-branch/Source/WebKit/UIProcess/WebPageProxy.cpp (278899 => 278900)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-611-branch/Source/WebKit/UIProcess/WebPageProxy.cpp      2021-06-15 21:49:19 UTC (rev 278899)
+++ branches/safari-611-branch/Source/WebKit/UIProcess/WebPageProxy.cpp 2021-06-15 21:49:24 UTC (rev 278900)
</span><span class="lines">@@ -3240,6 +3240,13 @@
</span><span class="cx"> 
</span><span class="cx">             ASSERT(!destinationSuspendedPage || navigation->targetItem());
</span><span class="cx">             auto suspendedPage = destinationSuspendedPage ? backForwardCache().takeSuspendedPage(*navigation->targetItem()) : nullptr;
</span><ins>+
+            // It is difficult to get history right if we have several WebPage objects inside a single WebProcess for the same WebPageProxy. As a result, if we make sure to
+            // clear any SuspendedPageProxy for the current page that are backed by the destination process before we proceed with the navigation. This makes sure the WebPage
+            // we are about to create in the destination process will be the only one associated with this WebPageProxy.
+            if (!destinationSuspendedPage)
+                backForwardCache().removeEntriesForPageAndProcess(*this, processForNavigation);
+
</ins><span class="cx">             ASSERT(suspendedPage.get() == destinationSuspendedPage);
</span><span class="cx">             if (suspendedPage && suspendedPage->pageIsClosedOrClosing())
</span><span class="cx">                 suspendedPage = nullptr;
</span></span></pre></div>
<a id="branchessafari611branchToolsChangeLog"></a>
<div class="modfile"><h4>Modified: branches/safari-611-branch/Tools/ChangeLog (278899 => 278900)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-611-branch/Tools/ChangeLog       2021-06-15 21:49:19 UTC (rev 278899)
+++ branches/safari-611-branch/Tools/ChangeLog  2021-06-15 21:49:24 UTC (rev 278900)
</span><span class="lines">@@ -1,3 +1,54 @@
</span><ins>+2021-06-15  Alan Coon  <alancoon@apple.com>
+
+        Cherry-pick r278318. rdar://problem/79355222
+
+    REGRESSION (iOS 14.5): Can't go back and render previous page properly after "location.href"
+    https://bugs.webkit.org/show_bug.cgi?id=226323
+    <rdar://problem/78623536>
+    
+    Reviewed by Alex Christensen.
+    
+    Source/WebKit:
+    
+    A while back, we did an optimization to allow several WebPage objects associated with the
+    same WebPageProxy to live in the same WebProcess. This allowed us to reuse a process from
+    a SuspendedPageProxy for a forward navigation, without destroying the SuspendedPageProxy.
+    However, this added quite a bit of complexity and this broke some same-process back/forward
+    navigations like in this bug. In particular, it is really hard to get do our history
+    management right (with the current model) if there is more than more WebPage in a process
+    for the same WebPageProxy.
+    
+    To address issues, we go back to the older model with one WebPage per WebProcess for a
+    given WebPageProxy. To achieve this, we make sure to destroy of SuspendedPageProxy objects
+    for the current page and destination process before we process-swap (like we used to do).
+    
+    * UIProcess/WebBackForwardCache.cpp:
+    (WebKit::WebBackForwardCache::removeEntriesForPageAndProcess):
+    * UIProcess/WebBackForwardCache.h:
+    * UIProcess/WebPageProxy.cpp:
+    (WebKit::WebPageProxy::receivedNavigationPolicyDecision):
+    
+    Tools:
+    
+    New API test written by Alex Christensen to cover this case.
+    
+    * TestWebKitAPI/Tests/WebKitCocoa/ProcessSwapOnNavigation.mm:
+    
+    
+    git-svn-id: https://svn.webkit.org/repository/webkit/trunk@278318 268f45cc-cd09-0410-ab3c-d52691b4dbfc
+
+    2021-06-01  Chris Dumez  <cdumez@apple.com>
+
+            REGRESSION (iOS 14.5): Can't go back and render previous page properly after "location.href"
+            https://bugs.webkit.org/show_bug.cgi?id=226323
+            <rdar://problem/78623536>
+
+            Reviewed by Alex Christensen.
+
+            New API test written by Alex Christensen to cover this case.
+
+            * TestWebKitAPI/Tests/WebKitCocoa/ProcessSwapOnNavigation.mm:
+
</ins><span class="cx"> 2021-05-06  Russell Epstein  <repstein@apple.com>
</span><span class="cx"> 
</span><span class="cx">         Cherry-pick r276983. rdar://problem/77581150
</span></span></pre></div>
<a id="branchessafari611branchToolsTestWebKitAPITestsWebKitCocoaProcessSwapOnNavigationmm"></a>
<div class="modfile"><h4>Modified: branches/safari-611-branch/Tools/TestWebKitAPI/Tests/WebKitCocoa/ProcessSwapOnNavigation.mm (278899 => 278900)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-611-branch/Tools/TestWebKitAPI/Tests/WebKitCocoa/ProcessSwapOnNavigation.mm      2021-06-15 21:49:19 UTC (rev 278899)
+++ branches/safari-611-branch/Tools/TestWebKitAPI/Tests/WebKitCocoa/ProcessSwapOnNavigation.mm 2021-06-15 21:49:24 UTC (rev 278900)
</span><span class="lines">@@ -3350,6 +3350,33 @@
</span><span class="cx">     EXPECT_EQ(2u, seenPIDs.size());
</span><span class="cx"> }
</span><span class="cx"> 
</span><ins>+TEST(ProcessSwap, NavigateBackAfterCrossOriginClientRedirect)
+{
+    auto processPoolConfiguration = psonProcessPoolConfiguration();
+    auto processPool = adoptNS([[WKProcessPool alloc] _initWithConfiguration:processPoolConfiguration.get()]);
+
+    auto webViewConfiguration = adoptNS([[WKWebViewConfiguration alloc] init]);
+    [webViewConfiguration setProcessPool:processPool.get()];
+    auto handler = adoptNS([[PSONScheme alloc] init]);
+    [handler addMappingFromURLString:@"pson://webkit.org/navigated_from" toData:"<a href='pson://apple.com/'>hello</a>"];
+    [handler addMappingFromURLString:@"pson://apple.com/" toData:"<script>window.location.href='pson://webkit.org/redirected_to'</script>redirecting..."];
+    [handler addMappingFromURLString:@"pson://webkit.org/redirected_to" toData:"<p>hello again</p>"];
+    [webViewConfiguration setURLSchemeHandler:handler.get() forURLScheme:@"PSON"];
+
+    auto webView = adoptNS([[TestWKWebView alloc] initWithFrame:NSMakeRect(0, 0, 800, 600) configuration:webViewConfiguration.get()]);
+
+    [webView loadRequest:[NSURLRequest requestWithURL:[NSURL URLWithString:@"pson://webkit.org/navigated_from"]]];
+    [webView _test_waitForDidFinishNavigation];
+
+    [webView evaluateJavaScript:@"document.querySelector('a').click()" completionHandler:nil];
+    [webView _test_waitForDidFinishNavigation];
+    [webView _test_waitForDidFinishNavigation];
+    EXPECT_WK_STREQ([webView objectByEvaluatingJavaScript:@"window.location.href"], "pson://webkit.org/redirected_to");
+    [webView goBack];
+    [webView _test_waitForDidFinishNavigation];
+    EXPECT_WK_STREQ([webView objectByEvaluatingJavaScript:@"window.location.href"], "pson://webkit.org/navigated_from");
+}
+
</ins><span class="cx"> TEST(ProcessSwap, BackForwardCacheSkipBackForwardListItem)
</span><span class="cx"> {
</span><span class="cx">     auto processPoolConfiguration = psonProcessPoolConfiguration();
</span></span></pre>
</div>
</div>

</body>
</html>