To fix the cross-site post submission bug.

content/browser/web_contents/web_contents_impl.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "content/browser/web_contents/web_contents_impl.h"
 
 #include <utility>
 
 #include "base/command_line.h"
 #include "base/metrics/histogram.h"
@@ skipping 117 matching lines @@
 //   the ResourceDispatcherHost, who unpauses the response.  Data is then sent
 //   to the pending RVH.
 // - The pending renderer sends a FrameNavigate message that invokes the
 //   DidNavigate method.  This replaces the current RVH with the
 //   pending RVH.
 // - The previous renderer is kept swapped out in RenderViewHostManager in case
 //   the user goes back.  The process only stays live if another tab is using
 //   it, but if so, the existing frame relationships will be maintained.
 
 using webkit_glue::WebPreferences;
+using webkit_glue::ResourceRequestBody;
 
 namespace content {
 namespace {
 
 // Amount of time we wait between when a key event is received and the renderer
 // is queried for its state and pushed to the NavigationEntry.
 const int kQueryStateDelay = 5000;
 
 const int kSyncWaitDelay = 40;
 
@@ skipping 57 matching lines @@
   params->extra_headers = entry.extra_headers();
   params->transferred_request_child_id =
       entry.transferred_global_request_id().child_id;
   params->transferred_request_request_id =
       entry.transferred_global_request_id().request_id;
   params->is_overriding_user_agent = entry.GetIsOverridingUserAgent();
   // Avoid downloading when in view-source mode.
   params->allow_download = !entry.IsViewSourceMode();
   params->is_post = entry.GetHasPostData();
   if(entry.GetBrowserInitiatedPostData()) {
-      params->browser_initiated_post_data.assign(
-          entry.GetBrowserInitiatedPostData()->front(),
-          entry.GetBrowserInitiatedPostData()->front() +
-              entry.GetBrowserInitiatedPostData()->size());
-
+      params->browser_initiated_post_data =
+          entry.GetBrowserInitiatedPostData();
   }
 
   if (reload_type == NavigationControllerImpl::RELOAD_ORIGINAL_REQUEST_URL &&
       entry.GetOriginalRequestURL().is_valid() && !entry.GetHasPostData()) {
     // We may have been redirected when navigating to the current URL.
     // Use the URL the user originally intended to visit, if it's valid and if a
     // POST wasn't involved; the latter case avoids issues with sending data to
     // the wrong page.
     params->url = entry.GetOriginalRequestURL();
   } else {
@@ skipping 2617 matching lines @@
 
 void WebContentsImpl::DocumentOnLoadCompletedInMainFrame(
     RenderViewHost* render_view_host,
     int32 page_id) {
   NotificationService::current()->Notify(
       NOTIFICATION_LOAD_COMPLETED_MAIN_FRAME,
       Source<WebContents>(this),
       Details<int>(&page_id));
 }
 
-void WebContentsImpl::RequestOpenURL(RenderViewHost* rvh,
-                                     const GURL& url,
-                                     const Referrer& referrer,
-                                     WindowOpenDisposition disposition,
-                                     int64 source_frame_id,
-                                     bool is_cross_site_redirect) {
+void WebContentsImpl::RequestOpenURL(
+    RenderViewHost* rvh,
+    const GURL& url,
+    const Referrer& referrer,
+    WindowOpenDisposition disposition,
+    int64 source_frame_id,
+    bool is_cross_site_redirect,
+    std::string extra_header,
+    scoped_refptr<ResourceRequestBody> request_body) {
   // If this came from a swapped out RenderViewHost, we only allow the request
   // if we are still in the same BrowsingInstance.
   if (static_cast<RenderViewHostImpl*>(rvh)->is_swapped_out() &&
       !rvh->GetSiteInstance()->IsRelatedSiteInstance(GetSiteInstance())) {
     return;
   }
 
   // Delegate to RequestTransferURL because this is just the generic
   // case where |old_request_id| is empty.
   RequestTransferURL(url, referrer, disposition, source_frame_id,
-                     GlobalRequestID(), is_cross_site_redirect);
+                     GlobalRequestID(), is_cross_site_redirect,
+                     extra_header, request_body);
 }
 
 void WebContentsImpl::RequestTransferURL(
     const GURL& url,
     const Referrer& referrer,
     WindowOpenDisposition disposition,
     int64 source_frame_id,
     const GlobalRequestID& old_request_id,
-    bool is_cross_site_redirect) {
+    bool is_cross_site_redirect,
+    std::string extra_header,
+    scoped_refptr<ResourceRequestBody> request_body) {
   WebContents* new_contents = NULL;
   PageTransition transition_type = PAGE_TRANSITION_LINK;
   if (render_manager_.web_ui()) {
     // When we're a Web UI, it will provide a page transition type for us (this
     // is so the new tab page can specify AUTO_BOOKMARK for automatically
     // generated suggestions).
     //
     // Note also that we hide the referrer for Web UI pages. We don't really
     // want web sites to see a referrer of "chrome://blah" (and some
     // chrome: URLs might have search terms or other stuff we don't want to
     // send to the site), so we send no referrer.
     OpenURLParams params(url, Referrer(), source_frame_id, disposition,
         render_manager_.web_ui()->GetLinkTransitionType(),
         false /* is_renderer_initiated */);
     params.transferred_global_request_id = old_request_id;
     new_contents = OpenURL(params);
     transition_type = render_manager_.web_ui()->GetLinkTransitionType();
   } else {
     OpenURLParams params(url, referrer, source_frame_id, disposition,
         PAGE_TRANSITION_LINK, true /* is_renderer_initiated */);
     params.transferred_global_request_id = old_request_id;
     params.is_cross_site_redirect = is_cross_site_redirect;
+    if(request_body != NULL) {

[Charlie Reis, 2012/11/20 05:46:03]

nit: Space after if.
nit: Don't need "!= NULL"

[irobert, 2012/11/22 01:37:00]

Done.

+      params.transition = content::PAGE_TRANSITION_FORM_SUBMIT;
+      params.extra_headers = extra_header;
+      params.browser_initiated_post_data = request_body;
+    }
     new_contents = OpenURL(params);
   }
   if (new_contents) {
     // Notify observers.
     FOR_EACH_OBSERVER(WebContentsObserver, observers_,
                       DidOpenRequestedURL(new_contents,
                                           url,
                                           referrer,
                                           disposition,
                                           transition_type,
@@ skipping 413 matching lines @@
 
 BrowserPluginGuest* WebContentsImpl::GetBrowserPluginGuest() {
   return browser_plugin_guest_.get();
 }
 
 BrowserPluginEmbedder* WebContentsImpl::GetBrowserPluginEmbedder() {
   return browser_plugin_embedder_.get();
 }
 
 }  // namespace content