Nested cross-origin iframes don't load — mUseRemoteSubframes=false cascades to all child contexts

[rubenvereecken]

The problem

Cross-origin iframes inside other iframes don't load. The inner iframes exist in the DOM with correct src attributes, but never navigate — zero network requests. This breaks any site that nests a captcha inside a wrapper iframe (Imperva/hCaptcha, Turnstile in some configurations).

Flat pages work fine — hCaptcha renders perfectly at the top level. It's specifically iframes-within-iframes that fail.

Built a minimal reproduction: an HTML page that nests hCaptcha inside a same-origin iframe. Vanilla Playwright Firefox: works. Camoufox (any config, even fully stripped down): fails.

Root cause

disable-remote-subframes.patch (commit 8a1abfb) gates BrowsingContext::SetRemoteSubframes() behind MaskConfig::GetBool("enableRemoteSubframes"). Since that key is never set, mUseRemoteSubframes stays false in the top-level context.

The problem: there's a second write site the patch doesn't cover — CreateDetached() (line ~535):

context->mUseRemoteSubframes = inherit->mUseRemoteSubframes;

This copies directly from the parent, bypassing the setter. Every child context inherits false, cascading through all nesting levels. Combined with fission.autostart=true, Firefox is in an inconsistent state — Fission is "on" but all contexts have remote subframes disabled — and nested cross-origin iframes silently fail.

Proposed fix

The original patch was solving the right problem (#150 — Playwright can't click into OOPIFs). The goal was keeping iframes same-process while leaving COOP intact. webContentIsolationStrategy=0 achieves that more cleanly — ShouldIsolateSite() returns false for all content, so iframes stay same-process. But mUseRemoteSubframes stays true and propagates normally through CreateDetached(), so nested navigation works.

Strategy 0 vs 1 has no JS-observable difference — no DOM API, no window property, no timing side-channel. The "WAFs can detect this!" comment in camoufox.cfg annotates fission.autostart=true, not the strategy value. COOP handling, BFCache-in-parent, and fingerprint spoofing are all unaffected.

I've got a build with this change that passes all tests. Happy to submit a PR.

Related: #533 (earlier report of the same symptom)

[rubenvereecken]

Update: the strategy=0 fix works great for nested iframes. Built and tested — full hCaptcha solver pipeline running end-to-end inside Imperva's iframe challenge.

One related issue worth noting (may or may not be Camoufox-specific): when a page's JavaScript triggers a reload (e.g. window.location.reload()), the new document sometimes isn't fully tracked by Playwright/Juggler. page.content() returns the new HTML, but page.evaluate() queries a stale DOM — elements from the HTTP response aren't instantiated in the live DOM.

Happens specifically when Imperva's reese84 JS challenge completes and reloads to the captcha page. Our workaround: detect the stale state and force a Playwright-initiated page.reload(), which properly resets the document lifecycle. Adds ~8s when it triggers but works reliably.

Not sure if this is Camoufox-specific or a broader Playwright/Juggler limitation — haven't tested on vanilla Playwright Firefox yet. Happy to investigate further if useful.