WebView loadDataWithBaseURL() was determined as a same page navigation

WebView loadDataWithBaseURL() was determined as a same page navigation

In WebView, if loadDataWithBaseURL() is called with null or non-data
baseUrl consequently, previous historyUrl and new baseUrl is compared
to detemine a same page navigation. To be consistent with others, we
need to use the new URL for the comparison, but it isn't clear what
should be URL for loadDataWithBaseURL().

In this patch, we assume loadDataWithBaseURL() does not make a same page
navigation always to be compatible in most API usages.

BUG=662823

[Takashi Toyoshima, 2016-11-25 09:47:43]

The CQ bit was checked by toyoshim@chromium.org to run a CQ dry run

[commit-bot: I haz the power, 2016-11-25 09:47:54]

Dry run: CQ is trying da patch. Follow status at
 
https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...

[commit-bot: I haz the power, 2016-11-25 11:02:02]

The CQ bit was unchecked by commit-bot@chromium.org

[commit-bot: I haz the power, 2016-11-25 11:02:03]

Dry run: This issue passed the CQ dry run.

[Takashi Toyoshima, 2016-11-25 11:53:26]

Description was changed from

==========
WebView loadDataWithBaseURL() was determined as a same page navigation

In WebView, if loadDataWithBaseURL() is called with null or non-data
baseUrl consequently, previous historyUrl and new baseUrl is compared
to detemine a same page navigation. To be consistent with others, we
need to use the new URL for the comparison, but it isn't clear what
should be URL for loadDataWithBaseURL().

In this patch, we assume loadDataWithBaseURL() does not make a same page
navigation always to be compatible in most API usages.

BUG=662823
==========

to

==========
WebView loadDataWithBaseURL() was determined as a same page navigation

In WebView, if loadDataWithBaseURL() is called with null or non-data
baseUrl consequently, previous historyUrl and new baseUrl is compared
to detemine a same page navigation. To be consistent with others, we
need to use the new URL for the comparison, but it isn't clear what
should be URL for loadDataWithBaseURL().

In this patch, we assume loadDataWithBaseURL() does not make a same page
navigation always to be compatible in most API usages.

BUG=662823
==========

[Takashi Toyoshima, 2016-11-25 11:53:26]

toyoshim@chromium.org changed reviewers:
+ creis@chromium.org, torne@chromium.org

[Takashi Toyoshima, 2016-11-25 11:54:56]

Hi, can you take a look?

creis@ do you think this is a right fix in terms of navigation?

trone@ is this approach fine with WebView?

[Torne, 2016-11-28 11:48:57]

This LGTM from a WebView perspective; this just means webview will be back to
the old state (no scroll/etc restoration) when using loadDataWithBaseURL,
correct?

[Torne, 2016-11-28 11:48:57]

This LGTM from a WebView perspective; this just means webview will be back to
the old state (no scroll/etc restoration) when using loadDataWithBaseURL,
correct?

[Charlie Reis, 2016-11-28 20:07:26]

creis@chromium.org changed reviewers:
+ dcheng@chromium.org

[Charlie Reis, 2016-11-28 20:07:27]

[+dcheng]

Sorry, I'm out of my depth here (and not an owner in Blink).  I would defer to
Nate but he's out on leave.  Daniel, are you able to review this?

In general, I tend to not care too much about loadDataWithBaseURL fixes if they
pass the tests, but we should understand whether this affects other cases or
not.  (It does feel like this is a feature that desperately needs refactoring,
but I certainly won't ask for that in this CL.)

https://codereview.chromium.org/2531013002/diff/1/third_party/WebKit/Source/c...
File third_party/WebKit/Source/core/loader/FrameLoader.cpp (right):

https://codereview.chromium.org/2531013002/diff/1/third_party/WebKit/Source/c...
third_party/WebKit/Source/core/loader/FrameLoader.cpp:942: //
TODO(crbug.com/662823): WebFrameLoaderImpl::loadData() sets baseUrl for
Can you clarify what still needs to be done here?  I would also suggest filing a
separate bug for it, since I expect that we'll be closing 662823 when this CL
lands.

https://codereview.chromium.org/2531013002/diff/1/third_party/WebKit/Source/c...
third_party/WebKit/Source/core/loader/FrameLoader.cpp:945: bool
isDataUrlWithEmulatedBaseUrl = request.substituteData().isValid();
nit: isDataUrlWithBaseUrl seems like it would be more consistent with the API
name.

I'm mildly concerned that checking for this via substituteData might affect more
cases than just loadDataWithBaseURL.  I'm not familiar with what SubstituteData
is used for, so I can't say.

[dcheng, 2016-11-28 20:12:55]

https://codereview.chromium.org/2531013002/diff/1/third_party/WebKit/Source/c...
File third_party/WebKit/Source/core/loader/FrameLoader.cpp (right):

https://codereview.chromium.org/2531013002/diff/1/third_party/WebKit/Source/c...
third_party/WebKit/Source/core/loader/FrameLoader.cpp:945: bool
isDataUrlWithEmulatedBaseUrl = request.substituteData().isValid();
I echo Charlie's concern here: is this actually selective to only the data URL
with base URL case? I see SubstituteData() created in a number of other places
(https://cs.chromium.org/chromium/src/third_party/WebKit/Source/core/fetch/Sub...),
so it's not clear to me that this filtering is selective enough (or maybe it is,
but needs comments to explain why)

[Takashi Toyoshima, 2016-11-29 09:13:33]

I filed a new bug crbug.com/669408 as creis@ suggested.
Torne, can you join the thread?

The WebView document looks a little unclear to me in following points.

- What the page URL should be? Same URL with baseUrl, or encoded content in a
data URL format?
- The last note the baseUrl is sent as a referer seems to imply baseUrl is used
for URL.

Without understanding this, I could not say what is the right fix here actually.

[Takashi Toyoshima, 2016-11-29 09:39:36]

https://codereview.chromium.org/2531013002/diff/1/third_party/WebKit/Source/c...
File third_party/WebKit/Source/core/loader/FrameLoader.cpp (right):

https://codereview.chromium.org/2531013002/diff/1/third_party/WebKit/Source/c...
third_party/WebKit/Source/core/loader/FrameLoader.cpp:942: //
TODO(crbug.com/662823): WebFrameLoaderImpl::loadData() sets baseUrl for
Filed a new bug, crbug.com/669408.

Actually, this comment wasn't enough to explain everything. Sorry for that.

As I told torne@, WebView spec looks a little unclear to me. The document does
not explain what should be the page URL for this API. Since we need the page URL
to detect the same page navigation correctly, I just tried to exclude all
loadDataWithBaseURL() cases from the same page navigation in this patch as a
workaround.

If the URL should be the same URL with baseUrl, current behavior should be a
right expected one.

If the URL should be encoded content in a data URL format, we may need
exceptional code to send the baseURL as a referer for this WebView API.

IMO, assuming baseUrl as a page URL sounds more reasonable.

https://codereview.chromium.org/2531013002/diff/1/third_party/WebKit/Source/c...
third_party/WebKit/Source/core/loader/FrameLoader.cpp:945: bool
isDataUrlWithEmulatedBaseUrl = request.substituteData().isValid();
Agreed.
Probably, we should discuss what is the right behavior first.

Then, if we decided to handle loadDataWithBaseURL() cases in a special way like
this, I'd introduce an explicit flag in the SubstituteData() to say this content
is generated by loadDataWithBaseURL().

[Torne, 2016-11-29 13:53:58]

On 2016/11/29 09:13:33, toyoshim wrote:
> I filed a new bug crbug.com/669408 as creis@ suggested.
> Torne, can you join the thread?
> 
> The WebView document looks a little unclear to me in following points.
> 
> - What the page URL should be? Same URL with baseUrl, or encoded content in a
> data URL format?
> - The last note the baseUrl is sent as a referer seems to imply baseUrl is
used
> for URL.
> 
> Without understanding this, I could not say what is the right fix here
actually.

I don't know what you mean by "page URL" in this context, and the only reference
to know what the expected behaviour is supposed to be is probably "whatever
webview currently does" - webview's API needs to be compatible with the
behaviour of older versions in general because we have no real way to know what
details applications are relying on.

I'm not sure what else I can answer without more specific context for what you
mean, sorry.

[Takashi Toyoshima, 2016-11-30 06:24:56]

IMO, Blink should not make much efforts to keep minor old behaviors that are not
defined in the spec or documented well, especially when it just relied on
(wrong) implementation. Also if users are less than 0.03%, we can consider to
drop it.

The page URL I mentioned here is the |URL| that the navigation spec uses;
https://www.w3.org/TR/html5/browsers.html#browsing-the-web

In current implementation loadDataWithBaseURL() sets the baseUrl to the page URL
even though baseUrl and URL are different concept. Unfortunately, the Android
document says this baseUrl is used as HTTP referer. This is incompatible with
the web, and I guess it just excuses its wrong implementation, setting baseUrl
to the page URL results in using it as HTTP referer. For instance, in the page
loaded by loadDataWithBaseURL(), location.href will return the baseUrl, right?
But if you want to set only baseUrl, it should affect only document.baseURI. It
should not change location.href, and HTTP referer. I'm not sure if this is the
original behavior or a bug introduced when it switched to use Blink.

[Torne, 2016-11-30 10:22:10]

On 2016/11/30 06:24:56, toyoshim wrote:
> IMO, Blink should not make much efforts to keep minor old behaviors that are
not
> defined in the spec or documented well, especially when it just relied on
> (wrong) implementation.

By "minor old behaviour" do you mean the scroll restoration behaviour
specifically? That's something we had a developer file a bug about, which is a
good sign it may be a compatibility concern for WebView. We don't have an easy
way to determine whether this is actually minor or not for the ecosystem at
large :/

> Also if users are less than 0.03%, we can consider to
> drop it.

WebView has no way to gather metrics, and it's not clear how we would measure
usage of this anyway - how would we know when we'd hit the problematic case?

> The page URL I mentioned here is the |URL| that the navigation spec uses;
> https://www.w3.org/TR/html5/browsers.html#browsing-the-web
> 
> In current implementation loadDataWithBaseURL() sets the baseUrl to the page
URL
> even though baseUrl and URL are different concept. Unfortunately, the Android
> document says this baseUrl is used as HTTP referer. This is incompatible with
> the web, and I guess it just excuses its wrong implementation, setting baseUrl
> to the page URL results in using it as HTTP referer. For instance, in the page
> loaded by loadDataWithBaseURL(), location.href will return the baseUrl, right?
> But if you want to set only baseUrl, it should affect only document.baseURI.
It
> should not change location.href, and HTTP referer. I'm not sure if this is the
> original behavior or a bug introduced when it switched to use Blink.

You're overlooking a much more important effect of the base URL, which is that
it's used as the actual page origin for security purposes. Just setting
document.baseURI wouldn't work at all.

The purpose of loadDataWithBaseURL is to be able to load a chunk of data the app
already has as if it were a page loaded from a real HTTP location. This means it
has to have the correct origin (for example, to allow XMLHttpRequest to the real
webserver), relative URLs have to be loaded relative to that URL, the referrer
for embedded resources must be that URL (in case the site has referrer-based
access control), and for consistency it does make sense that location.href is
also that URL. A better name for this API might have been
"loadFakeDataForRealURL(String realURL, String data, ...)", to avoid confusing
things with document.baseURI. This is certainly how applications use it and
expect it to work.

I'm not sure what you mean here by "wrong implementation", and I'm fairly sure
this was always the behaviour of WebView - however even if it wasn't, the
Chromium WebView has now been out there in the wild for sufficiently long that
there apps that *also* depend on any behaviours we accidentally changed in the
transition, and so even inconsistency with the pre-chromium WebView isn't
necessarily an automatic pass to change behaviour.

[Takashi Toyoshima, 2016-11-30 10:36:03]

> You're overlooking a much more important effect of the base URL, which is that
> it's used as the actual page origin for security purposes. Just setting
> document.baseURI wouldn't work at all.

So it isn't baseUrl any more. What the API actually provides is to set the page
URL. That's what I asked. API name and document say it's baseUrl, but it's the
URL in the real implementation. If we want to respect actual implementation and
behaviors, we can assume baseUrl as a page URL.

[Torne, 2016-11-30 10:47:55]

On 2016/11/30 10:36:03, toyoshim wrote:
> > You're overlooking a much more important effect of the base URL, which is
that
> > it's used as the actual page origin for security purposes. Just setting
> > document.baseURI wouldn't work at all.
> 
> So it isn't baseUrl any more. What the API actually provides is to set the
page
> URL. That's what I asked. API name and document say it's baseUrl, but it's the
> URL in the real implementation. If we want to respect actual implementation
and
> behaviors, we can assume baseUrl as a page URL.

Do I understand correctly that the page URL being the same is what normally
determines a same page navigation though? So wouldn't that mean that the case
the bug was about would still restore the scroll position?

Maybe it's not really loadDataWithBaseURL that's the actual issue with scroll
restoration, thinking about it :/
The problem in the bug is that the developer doesn't care about the URL at all
(and so just passes null), and expects that because the data has changed it will
be treated as a fresh page load. If there was a real URL being used, though,
then I'm not sure it would be surprising for two calls with the same URL to be
treated as a same-page navigation.

Maybe the actual issue is that the use case of "about:blank used as a starting
point to inject arbitrary content from external code" (which you can do with
iframes on regular web content as well, no? this isn't specific to webview) is a
special case to begin with?

[Takashi Toyoshima, 2016-11-30 10:51:53]

I checked an old API document from SDK 1.0r2, and am a bit confused actually.

> void loadDataWithBaseURL (String baseUrl, String data, String mimeType, String
encoding, String failUrl);
>
> (snip) The base URL is the URL that represents the page that is loaded through
this interface. As such, it is used for the history entry and to resolve any
relative URLs.

But current document says

> void loadDataWithBaseURL (String baseUrl, String data, String mimeType, String
encoding, String historyUrl);

So it seems definition of the last String argument was changed at some points. I
can read the original document as the baseUrl is virtually assumed as a page
URL, and it should be used for the history, too. But recent API document does
not say it, and last argument was just changed to set the history URL instead of
using baseUrl.

This explains why Blink set the historyUrl to failUrl internally. What's the
expected implementation/behavior here? Does this work correctly as documents
say?

[Torne, 2016-11-30 10:55:43]

On 2016/11/30 10:51:53, toyoshim wrote:
> I checked an old API document from SDK 1.0r2, and am a bit confused actually.
> 
> > void loadDataWithBaseURL (String baseUrl, String data, String mimeType,
String
> encoding, String failUrl);
> >
> > (snip) The base URL is the URL that represents the page that is loaded
through
> this interface. As such, it is used for the history entry and to resolve any
> relative URLs.

Such an old SDK doesn't really matter to anything now. Any behaviour that dates
back to before around SDK 9 (gingerbread) isn't likely to be relevant, as
developers haven't been targeting such old versions for a long time, and so the
behaviour on more recent versions is the "canonical" behaviour.

> But current document says
> 
> > void loadDataWithBaseURL (String baseUrl, String data, String mimeType,
String
> encoding, String historyUrl);
> 
> So it seems definition of the last String argument was changed at some points.
I
> can read the original document as the baseUrl is virtually assumed as a page
> URL, and it should be used for the history, too. But recent API document does
> not say it, and last argument was just changed to set the history URL instead
of
> using baseUrl.
> 
> This explains why Blink set the historyUrl to failUrl internally. What's the
> expected implementation/behavior here? Does this work correctly as documents
> say?

The expected behaviour is whatever WebView does, as I said - that's how app
compatibility has to work. I don't think WebView's behaviour here has actually
changed for a long time, and I'm fairly sure the pre-chromium webview behaved
the same way here. Whether it matches the documentation is much less important
and we would typically fix the documentation in cases where the behaviour has
been different for a long enough time that apps are relying on it.

[Torne, 2016-11-30 10:57:46]

The current function signature and documentation have been there since at least
Froyo (the oldest version I can easily check), so yeah, any previous version is
totally irrelevant and it doesn't seem likely that the behaviour has actually
changed in any significant way since Froyo.

[Takashi Toyoshima, 2016-11-30 11:21:51]

Re#19

Regardless of my CL, reported case has been assumed as a same page navigation in
Blink.
That's why my CL affects this case as a result of expected behavior change. It's
same with the case a page is reloaded, and scroll position is restored though
content is modified.

> If there was a real URL being used, though, then I'm not sure it would be
surprising for two calls with the same URL to be treated as a same-page
navigation.

Actually we have detected such cases as a same-page navigation from the WebKit
era, though same page navigation's behaviors were different from today.
But to solve such cache problems, we have a cache control protocol in HTTP. It
does not have a power for data URL, but in case of data URL, the URL can be
changed if content is changed. That's equivalent to assign a unique ID for each
unique content, and work fine to avoid being cached.

If I am a user, I'd call loadData() with an arbitrary content with <base> tag to
specify the base URL. But it does not overwrite CORS checks. So, if a user uses
loadDataWithBaseURL() to bypass the CORS check, it won't work.
For iframe case, we have some alternatives, e.g. encoding arbitrary content into
data URL, calling URL.createObjectURL for generated Blob/ArrayBuffer/etc. But we
can not bypass CORS check of course for security.

[Takashi Toyoshima, 2016-11-30 12:12:57]

Re #21
> The expected behaviour is whatever WebView does, as I said - that's how app
> compatibility has to work

So do you have a chance to update the API document correctly to match with
actual implementation?
Also, can you have metrics in the future to discuss this kind of problems
productively?

Blink developers could not pay much attentions to keep undocumented behaviors
for a long period only for WebView.
We always need large code changes to improve the web, adding features,
optimizing speed, and so on. It may change old behaviors unexpectedly.
Or we may even intentionally make changes to fix wrong/bad/inconsistent/etc
things or to be aligned with other browsers.
So ideally, we need a spec and layout/unit tests in Blink if something should
not be changed.

I feel the goal and priority are different between Blink and WebView. That's
acceptable, and we both have enough reasons.
But IMO, moving forward with minimum compatibility breaks is better than
sticking old behaviors. That had been web developers' dream until some years
ago.

[Torne, 2016-11-30 14:08:21]

On 2016/11/30 11:21:51, toyoshim wrote:
> Re#19
> 
> Regardless of my CL, reported case has been assumed as a same page navigation
in
> Blink.
> That's why my CL affects this case as a result of expected behavior change.
It's
> same with the case a page is reloaded, and scroll position is restored though
> content is modified.

Yes, I understand that - the issue is that before your CL it didn't matter to
the developer whether it was treated as a same page navigation in Blink or not,
because there wasn't any observable behaviour difference, but now with your CL
it makes a difference.

> > If there was a real URL being used, though, then I'm not sure it would be
> surprising for two calls with the same URL to be treated as a same-page
> navigation.
> 
> Actually we have detected such cases as a same-page navigation from the WebKit
> era, though same page navigation's behaviors were different from today.
> But to solve such cache problems, we have a cache control protocol in HTTP. It
> does not have a power for data URL, but in case of data URL, the URL can be
> changed if content is changed. That's equivalent to assign a unique ID for
each
> unique content, and work fine to avoid being cached.

I don't think you understand what I meant here, as I'm not sure how your
response relates. What I meant is that in the case of a sequence like:
loadDataWithBaseUrl("http://foo.com", data, ...);
loadDataWithBaseUrl("http://foo.com", different_data, ...);
it probably *is* fine that the scroll/zoom are restored, and probably even
actively desirable in some cases, because this *is* semantically like reloading
the page from the server and just getting different content.

The case that seems like a problem is *just* the case where the URL is null
(about:blank) because that doesn't really seem like it's actually a same-page
navigation in any meaningful way - there's no reason to really assume that the
page is related in any way if it's just arbitrary content injected into
about:blank.

This is just me musing about what the behaviour should actually be here.. I'm
just wondering what you think.

> If I am a user, I'd call loadData() with an arbitrary content with <base> tag
to
> specify the base URL. But it does not overwrite CORS checks. So, if a user
uses
> loadDataWithBaseURL() to bypass the CORS check, it won't work.
> For iframe case, we have some alternatives, e.g. encoding arbitrary content
into
> data URL, calling URL.createObjectURL for generated Blob/ArrayBuffer/etc. But
we
> can not bypass CORS check of course for security.

Sure, but the embedder in WebView is already all-powerful (they can also
substitute the contents of any network request), so letting them do things like
"load content generated by the app in such a way that it can still make XHRs to
the app's corresponding API server" (which is indeed "bypass CORS" when you look
at it) seems reasonable.

[Torne, 2016-11-30 14:19:32]

On 2016/11/30 12:12:57, toyoshim wrote:
> Re #21
> > The expected behaviour is whatever WebView does, as I said - that's how app
> > compatibility has to work
> 
> So do you have a chance to update the API document correctly to match with
> actual implementation?

Yes, when we find problems we update the API documentation. This sounds like it
would indeed be a good idea to go back and verify what various expected
behaviour of loadDataWithBaseURL actually is by looking at how it works and has
worked in past versions, and clarify the documentation to describe the behaviour
more accurately. I've filed crbug.com/669885 to track this.

> Also, can you have metrics in the future to discuss this kind of problems
> productively?

This hasn't been possible due to the way WebView is embedded in other
applications (privacy/security concerns, lack of any guaranteed network access,
etc) - we are looking into it at present and but aren't currently sure on what
timeline we'll be able to start gathering UMA metrics. Even if we had this
capability, however, it's really unclear to me what metric we would look at to
make a decision about the issue we're talking about here: how can metrics know
whether things that look like same-page navigations were intended to be treated
that way or not?

> Blink developers could not pay much attentions to keep undocumented behaviors
> for a long period only for WebView.
> We always need large code changes to improve the web, adding features,
> optimizing speed, and so on. It may change old behaviors unexpectedly.
> Or we may even intentionally make changes to fix wrong/bad/inconsistent/etc
> things or to be aligned with other browsers.
> So ideally, we need a spec and layout/unit tests in Blink if something should
> not be changed.
> 
> I feel the goal and priority are different between Blink and WebView. That's
> acceptable, and we both have enough reasons.
> But IMO, moving forward with minimum compatibility breaks is better than
> sticking old behaviors. That had been web developers' dream until some years
> ago.

I understand that Android's conservative approach to API compatibility is a
problem, and we frequently *do* ship changes to WebView that are compatibility
breaks when the evidence suggests that the impact on the ecosystem is minor, or
at least much smaller than the benefits. When I originally reviewed your CL I
tried to explain that the current situation was a possible outcome: that the
behavioural change caused by your CL might result in bug reports from WebView
developers and that if that happened, we may have to reconsider the change. We
aren't yet in a position to come to a really firm conclusion about whether this
change is too much of a compatibility break or not - M55 hasn't been shipped to
stable, and we are unfortunately aware that we get much less feedback in beta
than we would like.

We're not going to block launching M55 on fixing this, but once M55 goes to
stable it's possible we will receive more reports of apps that are negatively
affected.

I really don't know what the best thing to do here is. It seems to me that
scroll position restoration in the case of the baseURL and historyURL being
about:blank (i.e. null) is actually surprising and unlikely to be what any
developer actually wants. In the case of the URL being a real URL, I think it's
a much more open question..

[dcheng, 2016-12-02 19:17:14]

On 2016/11/30 14:19:32, Torne wrote:
> On 2016/11/30 12:12:57, toyoshim wrote:
> > Re #21
> > > The expected behaviour is whatever WebView does, as I said - that's how
app
> > > compatibility has to work
> > 
> > So do you have a chance to update the API document correctly to match with
> > actual implementation?
> 
> Yes, when we find problems we update the API documentation. This sounds like
it
> would indeed be a good idea to go back and verify what various expected
> behaviour of loadDataWithBaseURL actually is by looking at how it works and
has
> worked in past versions, and clarify the documentation to describe the
behaviour
> more accurately. I've filed crbug.com/669885 to track this.
> 
> > Also, can you have metrics in the future to discuss this kind of problems
> > productively?
> 
> This hasn't been possible due to the way WebView is embedded in other
> applications (privacy/security concerns, lack of any guaranteed network
access,
> etc) - we are looking into it at present and but aren't currently sure on what
> timeline we'll be able to start gathering UMA metrics. Even if we had this
> capability, however, it's really unclear to me what metric we would look at to
> make a decision about the issue we're talking about here: how can metrics know
> whether things that look like same-page navigations were intended to be
treated
> that way or not?
> 
> > Blink developers could not pay much attentions to keep undocumented
behaviors
> > for a long period only for WebView.
> > We always need large code changes to improve the web, adding features,
> > optimizing speed, and so on. It may change old behaviors unexpectedly.
> > Or we may even intentionally make changes to fix wrong/bad/inconsistent/etc
> > things or to be aligned with other browsers.
> > So ideally, we need a spec and layout/unit tests in Blink if something
should
> > not be changed.
> > 
> > I feel the goal and priority are different between Blink and WebView. That's
> > acceptable, and we both have enough reasons.
> > But IMO, moving forward with minimum compatibility breaks is better than
> > sticking old behaviors. That had been web developers' dream until some years
> > ago.
> 
> I understand that Android's conservative approach to API compatibility is a
> problem, and we frequently *do* ship changes to WebView that are compatibility
> breaks when the evidence suggests that the impact on the ecosystem is minor,
or
> at least much smaller than the benefits. When I originally reviewed your CL I
> tried to explain that the current situation was a possible outcome: that the
> behavioural change caused by your CL might result in bug reports from WebView
> developers and that if that happened, we may have to reconsider the change. We
> aren't yet in a position to come to a really firm conclusion about whether
this
> change is too much of a compatibility break or not - M55 hasn't been shipped
to
> stable, and we are unfortunately aware that we get much less feedback in beta
> than we would like.
> 
> We're not going to block launching M55 on fixing this, but once M55 goes to
> stable it's possible we will receive more reports of apps that are negatively
> affected.
> 
> I really don't know what the best thing to do here is. It seems to me that
> scroll position restoration in the case of the baseURL and historyURL being
> about:blank (i.e. null) is actually surprising and unlikely to be what any
> developer actually wants. In the case of the URL being a real URL, I think
it's
> a much more open question..

So I agree with toyoshim: we should rename/clarify the Blink API to make it
clear that we're supporting a WebView hack and what the hack is. It wasn't clear
to me that this is used to support spoofing an origin.

Horrible suggestion for fix:
When null is passed as the base URL / history URL, generate a random URL to use
instead =P

[Torne, 2016-12-05 14:49:14]

On 2016/12/02 19:17:14, dcheng wrote:
> So I agree with toyoshim: we should rename/clarify the Blink API to make it
> clear that we're supporting a WebView hack and what the hack is. It wasn't
clear
> to me that this is used to support spoofing an origin.

Probably a good idea if WebView is the only client of this Blink API.

> Horrible suggestion for fix:
> When null is passed as the base URL / history URL, generate a random URL to
use
> instead =P

That would probably be a *more* significant compatibility break, unfortunately
:)

[dcheng, 2016-12-05 18:24:31]

On 2016/12/05 14:49:14, Torne wrote:
> On 2016/12/02 19:17:14, dcheng wrote:
> > So I agree with toyoshim: we should rename/clarify the Blink API to make it
> > clear that we're supporting a WebView hack and what the hack is. It wasn't
> clear
> > to me that this is used to support spoofing an origin.
> 
> Probably a good idea if WebView is the only client of this Blink API.
> 
> > Horrible suggestion for fix:
> > When null is passed as the base URL / history URL, generate a random URL to
> use
> > instead =P
> 
> That would probably be a *more* significant compatibility break, unfortunately
> :)

Why? If the caller is passing in null, why do they care what the base URL is?

[Torne, 2016-12-05 18:26:02]

On 2016/12/05 18:24:31, dcheng wrote:
> On 2016/12/05 14:49:14, Torne wrote:
> > On 2016/12/02 19:17:14, dcheng wrote:
> > > So I agree with toyoshim: we should rename/clarify the Blink API to make
it
> > > clear that we're supporting a WebView hack and what the hack is. It wasn't
> > clear
> > > to me that this is used to support spoofing an origin.
> > 
> > Probably a good idea if WebView is the only client of this Blink API.
> > 
> > > Horrible suggestion for fix:
> > > When null is passed as the base URL / history URL, generate a random URL
to
> > use
> > > instead =P
> > 
> > That would probably be a *more* significant compatibility break,
unfortunately
> > :)
> 
> Why? If the caller is passing in null, why do they care what the base URL is?

The docs say that passing in null defaults to "about:blank", so an app may well
rely on this.

[dcheng, 2016-12-05 18:27:49]

On 2016/12/05 18:26:02, Torne wrote:
> On 2016/12/05 18:24:31, dcheng wrote:
> > On 2016/12/05 14:49:14, Torne wrote:
> > > On 2016/12/02 19:17:14, dcheng wrote:
> > > > So I agree with toyoshim: we should rename/clarify the Blink API to make
> it
> > > > clear that we're supporting a WebView hack and what the hack is. It
wasn't
> > > clear
> > > > to me that this is used to support spoofing an origin.
> > > 
> > > Probably a good idea if WebView is the only client of this Blink API.
> > > 
> > > > Horrible suggestion for fix:
> > > > When null is passed as the base URL / history URL, generate a random URL
> to
> > > use
> > > > instead =P
> > > 
> > > That would probably be a *more* significant compatibility break,
> unfortunately
> > > :)
> > 
> > Why? If the caller is passing in null, why do they care what the base URL
is?
> 
> The docs say that passing in null defaults to "about:blank", so an app may
well
> rely on this.

A top-level about:blank page effectively has unique origin... but I suppose it
will be observable via document.URL.

I'm finding that the restrictions imposed by the WebView API are quite
burdensome to devising a satisfactory solution to this bug...

[Torne, 2016-12-06 12:25:26]

On 2016/12/05 18:27:49, dcheng wrote:
> A top-level about:blank page effectively has unique origin... but I suppose it
> will be observable via document.URL.

The fact that a top-level about:blank page effectively has unique origin is why
I proposed it doesn't seem entirely unreasonable to *not* treat that case as a
same-page navigation and not restore the scroll/zoom, because either the
about:blank pages are actually blank in which case the scroll/zoom aren't really
significant anyway, or they've had content injected into them via some mechanism
at which point that content is.. probably different content.

Is that too special a special case, or does that seem reasonable? I'm not sure
whether I really like this idea or not.

> I'm finding that the restrictions imposed by the WebView API are quite
> burdensome to devising a satisfactory solution to this bug...

Yes, unfortunately the WebView API here evolved around a pretty ad hoc set of
app requirements and has weird defaults :(

Since we've only had one bug about this even though it's been released to stable
for some weeks already, it may be okay to just not change anything here if
there's no logical/consistent way to avoid this case. toyoshim@ is pinging the
bug to ask the reporter if this was a "real" app that was broken or just a test
case, and whether it's a problem to just specify different URLs.

[Takashi Toyoshima, 2016-12-06 12:40:44]

Thank you for discussing here.

Yes, I want to know if this can cause a real problem and users can not find any
workaround or not.
If this is not a real issue, I'd close this problem as WontFix (works as
intended).

[Takashi Toyoshima, 2016-12-09 05:59:25]

We haven't received any updates from the original reporter.
So, I closed the report as WontFix because in terms of spec and implementation,
this could be assumed as an intentional behavior change.