-
arthursonzogni authored
This fixes https://crbug.com/796561 and adds a regression test. The issue was a race between the browser and renderer processes while updating the renderer's history. The renderer's history is updated in * RenderFrameImpl::CommitNavigation and in * RenderFrameImpl::DidCommitProvisionalLoad. ┌────────┐ ┌───────┐ │Renderer│ │Browser│ └───┬────┘ └───┬───┘ │ BeginNavigation │ │ - url=iframe.html │ │ - history_offset = 0 │ │ - history_length = 1 │ 1) │ ──────────────────────────> ┐ │ │ │ │ DidCommitProvisionalLoad │ │ │ - "pushState" │ │ │ - history_offset = 1 │ │ │ - history_length = 2 │ │ 2) │ ──────────────────────────> │ │ │ │ │ CommitNavigation │ │ │ - url=iframe.html │ │ │ - history_offset = 0 │ │ │ - history_length = 1 │ │ ┌─│ <───────────────────────────┘ │ │ │ │ │ DidCommitProvisionalLoad │ │ │ - url=iframe.hmtl │ │ │ - history_offset = 0 │ │ │ - history_length = 1 │ └>│ ──────────────────────────> ┌───┴────┐ ┌───┴───┐ │Renderer│ │Browser│ └────────┘ └───────┘ What happens in the bug. 1) An iframe is created: [history.offset = 0, history.size = 1]. 2) history.pushState: history is updated [offset = 1, size = 2]. 3) CommitNavigation is received, history is updated using the old values transmitted in 1) with BeginNavigation. This CL update the values sent in CommitNavigation. This reduce considerably the duration when the race can happen. Before this CL, the race could happen if a history.pushState is sent in between BeginNavigation and CommitNavigation (~300ms <-> severals seconds). After this CL, the race happens if the history.pushState is sent between when the CommitNavigation message is sent and when it is received by the renderer process. Bug: 796561 Change-Id: I7bf72fadbf9f4946da28126a394adddf051f49a8 Reviewed-on: https://chromium-review.googlesource.com/881171Reviewed-by:
Charlie Reis <creis@chromium.org> Commit-Queue: Arthur Sonzogni <arthursonzogni@chromium.org> Cr-Commit-Position: refs/heads/master@{#533233}
841b1d49
