PlzNavigate: clear pending entry on aborted navigations

content/browser/frame_host/navigator_impl.cc

 // Copyright 2013 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "content/browser/frame_host/navigator_impl.h"
 
 #include <utility>
 
 #include "base/metrics/histogram.h"
 #include "base/time/time.h"
@@ skipping 186 matching lines @@
 
     // We used to cancel the pending renderer here for cross-site downloads.
     // However, it's not safe to do that because the download logic repeatedly
     // looks for this WebContents based on a render ID. Instead, we just
     // leave the pending renderer around until the next navigation event
     // (Navigate, DidNavigate, etc), which will clean it up properly.
     //
     // TODO(creis): Find a way to cancel any pending RFH here.
   }
 
-  // Racy conditions can cause a fail message to arrive after its corresponding
-  // pending entry has been replaced by another navigation. If
-  // |DiscardPendingEntry| is called in this case, then the completely valid
-  // entry for the new navigation would be discarded. See crbug.com/513742. To
-  // catch this case, the current pending entry is compared against the current
-  // navigation handle's entry id, which should correspond to the failed load.
-  NavigationHandleImpl* handle = render_frame_host->navigation_handle();
-  NavigationEntry* pending_entry = controller_->GetPendingEntry();
-  bool pending_matches_fail_msg =
-      handle && pending_entry &&
-      handle->pending_nav_entry_id() == pending_entry->GetUniqueID();
-  if (pending_matches_fail_msg) {
-    // We usually clear the pending entry when it fails, so that an arbitrary
-    // URL isn't left visible above a committed page. This must be enforced
-    // when the pending entry isn't visible (e.g., renderer-initiated
-    // navigations) to prevent URL spoofs for in-page navigations that don't go
-    // through DidStartProvisionalLoadForFrame.
-    //
-    // However, we do preserve the pending entry in some cases, such as on the
-    // initial navigation of an unmodified blank tab. We also allow the
-    // delegate to say when it's safe to leave aborted URLs in the omnibox, to
-    // let the user edit the URL and try again. This may be useful in cases
-    // that the committed page cannot be attacker-controlled. In these cases,
-    // we still allow the view to clear the pending entry and typed URL if the
-    // user requests (e.g., hitting Escape with focus in the address bar).
-    //
-    // Note: don't touch the transient entry, since an interstitial may exist.
-    bool should_preserve_entry = controller_->IsUnmodifiedBlankTab() ||
-                                 delegate_->ShouldPreserveAbortedURLs();
-    if (pending_entry != controller_->GetVisibleEntry() ||
-        !should_preserve_entry) {
-      controller_->DiscardPendingEntry(true);
-
-      // Also force the UI to refresh.
-      controller_->delegate()->NotifyNavigationStateChanged(
-          INVALIDATE_TYPE_URL);
-    }
-  }
+  DiscardPendingEntryOnFailureIfNeeded(render_frame_host->navigation_handle());
 
   if (delegate_)
     delegate_->DidFailProvisionalLoadWithError(render_frame_host, params);
 }
 
 void NavigatorImpl::DidFailLoadWithError(
     RenderFrameHostImpl* render_frame_host,
     const GURL& url,
     int error_code,
     const base::string16& error_description,
@@ skipping 655 matching lines @@
 
 // PlzNavigate
 void NavigatorImpl::FailedNavigation(FrameTreeNode* frame_tree_node,
                                      bool has_stale_copy_in_cache,
                                      int error_code) {
   CHECK(IsBrowserSideNavigationEnabled());
 
   NavigationRequest* navigation_request = frame_tree_node->navigation_request();
   DCHECK(navigation_request);
 
+  DiscardPendingEntryOnFailureIfNeeded(navigation_request->navigation_handle());
+
   // If the request was canceled by the user do not show an error page.
   if (error_code == net::ERR_ABORTED) {
     frame_tree_node->ResetNavigationRequest(false);
     return;
   }
 
   // Select an appropriate renderer to show the error page.
   RenderFrameHostImpl* render_frame_host =
       frame_tree_node->render_manager()->GetFrameHostForNavigation(
           *navigation_request);
@@ skipping 184 matching lines @@
           pending_entry->transferred_global_request_id());
       entry->set_should_replace_entry(pending_entry->should_replace_entry());
       entry->SetRedirectChain(pending_entry->GetRedirectChain());
     }
     controller_->SetPendingEntry(std::move(entry));
     if (delegate_)
       delegate_->NotifyChangedNavigationState(content::INVALIDATE_TYPE_URL);
   }
 }
 
+void NavigatorImpl::DiscardPendingEntryOnFailureIfNeeded(
+    NavigationHandleImpl* handle) {
+  // Racy conditions can cause a fail message to arrive after its corresponding
+  // pending entry has been replaced by another navigation. If
+  // |DiscardPendingEntry| is called in this case, then the completely valid
+  // entry for the new navigation would be discarded. See crbug.com/513742. To
+  // catch this case, the current pending entry is compared against the current
+  // navigation handle's entry id, which should correspond to the failed load.
+  NavigationEntry* pending_entry = controller_->GetPendingEntry();
+  bool pending_matches_fail_msg =
+      handle && pending_entry &&
+      handle->pending_nav_entry_id() == pending_entry->GetUniqueID();
+  if (!pending_matches_fail_msg)
+    return;
+
+  // We usually clear the pending entry when it fails, so that an arbitrary URL
+  // isn't left visible above a committed page. This must be enforced when the
+  // pending entry isn't visible (e.g., renderer-initiated navigations) to
+  // prevent URL spoofs for in-page navigations that don't go through
+  // DidStartProvisionalLoadForFrame.
+  //
+  // However, we do preserve the pending entry in some cases, such as on the
+  // initial navigation of an unmodified blank tab. We also allow the delegate
+  // to say when it's safe to leave aborted URLs in the omnibox, to let the
+  // user edit the URL and try again. This may be useful in cases that the
+  // committed page cannot be attacker-controlled. In these cases, we still
+  // allow the view to clear the pending entry and typed URL if the user
+  // requests (e.g., hitting Escape with focus in the address bar).
+  //
+  // Note: don't touch the transient entry, since an interstitial may exist.
+  bool should_preserve_entry = controller_->IsUnmodifiedBlankTab() ||
+                               delegate_->ShouldPreserveAbortedURLs();
+  if (pending_entry != controller_->GetVisibleEntry() ||
+      !should_preserve_entry) {
+    controller_->DiscardPendingEntry(true);
+
+    // Also force the UI to refresh.
+    controller_->delegate()->NotifyNavigationStateChanged(INVALIDATE_TYPE_URL);
+  }
+}
+
 }  // namespace content