Move existing kSitePerProcess checks to a policy-oracle object

content/browser/loader/resource_dispatcher_host_impl.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 // See http://dev.chromium.org/developers/design-documents/multi-process-resource-loading
 
 #include "content/browser/loader/resource_dispatcher_host_impl.h"
 
 #include <algorithm>
 #include <set>
@@ skipping 59 matching lines @@
 #include "content/public/browser/global_request_id.h"
 #include "content/public/browser/plugin_service.h"
 #include "content/public/browser/resource_dispatcher_host_delegate.h"
 #include "content/public/browser/resource_request_details.h"
 #include "content/public/browser/resource_throttle.h"
 #include "content/public/browser/stream_handle.h"
 #include "content/public/browser/stream_info.h"
 #include "content/public/browser/user_metrics.h"
 #include "content/public/common/content_switches.h"
 #include "content/public/common/process_type.h"
+#include "content/public/common/site_isolation_policy.h"
 #include "ipc/ipc_message_macros.h"
 #include "ipc/ipc_message_start.h"
 #include "net/base/auth.h"
 #include "net/base/load_flags.h"
 #include "net/base/mime_util.h"
 #include "net/base/net_errors.h"
 #include "net/base/registry_controlled_domains/registry_controlled_domain.h"
 #include "net/base/request_priority.h"
 #include "net/base/upload_data_stream.h"
 #include "net/cert/cert_status_flags.h"
@@ skipping 1289 matching lines @@
   // CrossSiteResourceHandler is not needed. This codepath is not used for the
   // actual navigation request, but only the subsequent blob URL load. This does
   // not require request transfers.
   if (!base::CommandLine::ForCurrentProcess()->HasSwitch(
           switches::kEnableBrowserSideNavigation)) {
     // Install a CrossSiteResourceHandler for all main frame requests. This will
     // check whether a transfer is required and, if so, pause for the UI thread
     // to drive the transfer.
     bool is_swappable_navigation =
         request_data.resource_type == RESOURCE_TYPE_MAIN_FRAME;
-    // If we are using --site-per-process, install it for subframes as well.
+    // If out-of-process iframes are possible, then all subframe requests need
+    // to go through the CrossSiteResourceHandler to enforce the site isolation
+    // policy.
     if (!is_swappable_navigation &&
-        base::CommandLine::ForCurrentProcess()->HasSwitch(
-            switches::kSitePerProcess)) {
+        SiteIsolationPolicy::AreCrossProcessFramesPossible()) {
       is_swappable_navigation =
           request_data.resource_type == RESOURCE_TYPE_SUB_FRAME;
     }
     if (is_swappable_navigation && process_type == PROCESS_TYPE_RENDERER)
       handler.reset(new CrossSiteResourceHandler(handler.Pass(), request));
   }
 
   return AddStandardHandlers(request, request_data.resource_type,
                              resource_context, filter_->appcache_service(),
                              child_id, route_id, handler.Pass());
@@ skipping 949 matching lines @@
   if ((load_flags & net::LOAD_REPORT_RAW_HEADERS)
       && !policy->CanReadRawCookies(child_id)) {
     VLOG(1) << "Denied unauthorized request for raw headers";
     load_flags &= ~net::LOAD_REPORT_RAW_HEADERS;
   }
 
   return load_flags;
 }
 
 }  // namespace content