Out of process Iframes from the Same Domain

948 views
Skip to first unread message

Deepal Jayasekara

unread,
Apr 27, 2018, 11:34:29 AM4/27/18
to Chromium-dev

As far as I understand, we can make iframes from 3rd party sites run on a different process using strict site isolation flag on chrome. We can set it as follows by from chrome://flags enter image description here


After this change and restart, I can see in Chrome Task Manager that subframes outside the parent page domain will have their own processes instead of sharing the parent process. (e.g, My parent page is run on localhost, and two of my iframes also run on localhost. But those two are not listed here because strict site isolation does not affect those)


enter image description here


But is there a way to make all iframes in a page out-of-process including iframes from the same domain? 

Appreciate if anybody can help me with this.

Thanks in advance.

Dominic Mazzoni

unread,
Apr 27, 2018, 11:56:46 AM4/27/18
to dpjaya...@gmail.com, Chromium-dev
The web allows different frames from the same origin to access each other synchronously, for example using an iframe's contentWindow and contentDocument properties. A lot of sites depend on that, so we couldn't force iframes into a different process without breaking a lot of the web.


--
--
Chromium Developers mailing list: chromi...@chromium.org
View archives, change email options, or unsubscribe:
http://groups.google.com/a/chromium.org/group/chromium-dev
---
You received this message because you are subscribed to the Google Groups "Chromium-dev" group.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/chromium-dev/8d683267-c241-4248-9de2-41a1b402ea1a%40chromium.org.

Samuel Reed

unread,
Jan 30, 2019, 12:15:35 PM1/30/19
to Chromium-dev, dpjaya...@gmail.com
Is there a way to opt-in to this, i.e. I *want* a same-domain iframe to be OOP and have asynchronous communication?

Charlie Reis

unread,
Jan 30, 2019, 12:48:09 PM1/30/19
to samuel.t...@gmail.com, Chromium-dev, Deepal Jayasekara, Chromium Site Isolation
[+site-isolation-dev]

Currently there is no way to isolate same-site frames.  In the future, there are two opt-in things we are considering:
  • Allowing an origin to disable assignments to document.domain, in which case we might be able to isolate the origin (scheme, host, port) rather than the site (scheme, registered domain).  Related to https://crbug.com/904351, which is a pre-req.
  • Putting same-origin sandboxed iframes in a separate process.  See https://crbug.com/510122.
In both cases, we have to be careful about the impact to the process count in Chrome, so at best we're planning to experiment with it after a few other Site Isolation related launches.

Charlie


To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/chromium-dev/0e1425a3-6bf5-4e52-b716-a5fb83871f34%40chromium.org.
Reply all
Reply to author
Forward
0 new messages