Allow targeted links to work on tabs that have swapped out processes.

content/renderer/render_view_impl.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "content/renderer/render_view_impl.h"
 
 #include <algorithm>
 #include <cmath>
 #include <string>
 #include <vector>
@@ skipping 2225 matching lines @@
                                      suggested_name));
   } else {
     OpenURL(frame, request.url(),
             Referrer(referrer, GetReferrerPolicyFromRequest(request)), policy);
   }
 }
 
 WebNavigationPolicy RenderViewImpl::decidePolicyForNavigation(
     WebFrame* frame, const WebURLRequest& request, WebNavigationType type,
     const WebNode&, WebNavigationPolicy default_policy, bool is_redirect) {
-  // TODO(creis): Remove this when we fix OnSwapOut to not need a navigation.
+  Referrer referrer(
+      GURL(request.httpHeaderField(WebString::fromUTF8("Referer"))),
+      GetReferrerPolicyFromRequest(request));
+
   if (is_swapped_out_) {
-    // It is possible for in-progress navigations to arrive here just after we
-    // are swapped out, including iframes.  We should cancel them.
-    if (request.url() != GURL(chrome::kSwappedOutURL))
+    if (request.url() != GURL(chrome::kSwappedOutURL)) {
+      // Targeted links may try to navigate a swapped out frame.  Allow the
+      // browser process to navigate the tab instead.  Note that it is also
+      // possible for non-targeted navigations (from this view) to arrive
+      // here just after we are swapped out.  It's ok to send them to the
+      // browser, as long as they're for the top level frame.
+      // TODO(creis): Ensure this supports targeted form submissions when
+      // fixing http://crbug.com/101395.
+      if (frame->parent() == NULL) {
+        OpenURL(frame, request.url(), referrer, default_policy);
+        return WebKit::WebNavigationPolicyIgnore;  // Suppress the load here.
+      }
+
+      // We should otherwise ignore in-process iframe navigations, if they
+      // arrive just after we are swapped out.
       return WebKit::WebNavigationPolicyIgnore;
+    }
 
     // Allow chrome::kSwappedOutURL to complete.
     return default_policy;
   }
 
   // Webkit is asking whether to navigate to a new URL.
   // This is fine normally, except if we're showing UI from one security
   // context and they're trying to navigate to a different context.
   const GURL& url = request.url();
 
   // A content initiated navigation may have originated from a link-click,
   // script, drag-n-drop operation, etc.
   bool is_content_initiated =
       DocumentState::FromDataSource(frame->provisionalDataSource())->
           navigation_state()->is_content_initiated();
 
   // Experimental:
   // If --enable-strict-site-isolation is enabled, send all top-level
   // navigations to the browser to let it swap processes when crossing site
   // boundaries.  This is currently expected to break some script calls and
   // navigations, such as form submissions.
   const CommandLine& command_line = *CommandLine::ForCurrentProcess();
   if (command_line.HasSwitch(switches::kEnableStrictSiteIsolation) &&
       !frame->parent() && (is_content_initiated || is_redirect)) {
     WebString origin_str = frame->document().securityOrigin().toString();
     GURL frame_url(origin_str.utf8().data());
     // TODO(cevans): revisit whether this origin check is still necessary once
     // crbug.com/101395 is fixed.
     if (frame_url.GetOrigin() != url.GetOrigin()) {
-      Referrer referrer(
-          GURL(request.httpHeaderField(WebString::fromUTF8("Referer"))),
-          GetReferrerPolicyFromRequest(request));
       OpenURL(frame, url, referrer, default_policy);
       return WebKit::WebNavigationPolicyIgnore;
     }
   }
 
   // If the browser is interested, then give it a chance to look at top level
   // navigations.
   if (is_content_initiated) {
     bool browser_handles_top_level_requests =
         renderer_preferences_.browser_handles_top_level_requests &&
         IsNonLocalTopLevelNavigation(url, frame, type);
     if (browser_handles_top_level_requests ||
         renderer_preferences_.browser_handles_all_requests) {
-      Referrer referrer(
-          GURL(request.httpHeaderField(WebString::fromUTF8("Referer"))),
-          GetReferrerPolicyFromRequest(request));
       // Reset these counters as the RenderView could be reused for the next
       // navigation.
       page_id_ = -1;
       last_page_id_sent_to_browser_ = -1;
       OpenURL(frame, url, referrer, default_policy);
       return WebKit::WebNavigationPolicyIgnore;  // Suppress the load here.
     }
   }
 
   // Detect when we're crossing a permission-based boundary (e.g. into or out of
@@ skipping 33 matching lines @@
       // with hosted apps and extensions than WebUI pages.  We will remove this
       // check when cross-process POST submissions are supported.
       if (request.httpMethod() == "GET") {
         bool is_initial_navigation = page_id_ == -1;
         should_fork = content::GetContentClient()->renderer()->ShouldFork(
             frame, url, is_initial_navigation, &send_referrer);
       }
     }
 
     if (should_fork) {
-      Referrer referrer(
-          GURL(request.httpHeaderField(WebString::fromUTF8("Referer"))),
-          GetReferrerPolicyFromRequest(request));
       OpenURL(
           frame, url, send_referrer ? referrer : Referrer(), default_policy);
       return WebKit::WebNavigationPolicyIgnore;  // Suppress the load here.
     }
   }
 
   // Use the frame's original request's URL rather than the document's URL for
   // this check.  For a popup, the document's URL may become the opener window's
   // URL if the opener has called document.write.  See http://crbug.com/93517.
   GURL old_url(frame->dataSource()->request().url());
@@ skipping 2828 matching lines @@
 bool RenderViewImpl::WebWidgetHandlesCompositorScheduling() const {
   return !!RenderThreadImpl::current()->compositor_thread();
 }
 
 void RenderViewImpl::OnJavaBridgeInit() {
   DCHECK(!java_bridge_dispatcher_.get());
 #if defined(ENABLE_JAVA_BRIDGE)
   java_bridge_dispatcher_.reset(new JavaBridgeDispatcher(this));
 #endif
 }