"Top Document Isolation" mode

content/browser/frame_host/render_frame_host_manager.cc

Index: content/browser/frame_host/render_frame_host_manager.cc
diff --git a/content/browser/frame_host/render_frame_host_manager.cc b/content/browser/frame_host/render_frame_host_manager.cc
index 24f963687a3d53dc423bc7574791d2fec90f38f0..9dced25e7b6d2e48f85ea13fdd9c0528fc9d625d 100644
--- a/content/browser/frame_host/render_frame_host_manager.cc
+++ b/content/browser/frame_host/render_frame_host_manager.cc
@@ -1291,9 +1291,12 @@ RenderFrameHostManager::DetermineSiteInstanceForURL(
     // See http://crbug.com/386542.
     if (dest_is_restore &&
         GetContentClient()->browser()->ShouldAssignSiteForURL(dest_url)) {
+      // TODO(nick): What needs to happen so that TDI works with session
+      // restore?
       current_instance_impl->SetSite(dest_url);
     }
 
+    // TODO(nick): Hopefully this whole block is not relevant for TDI mode?
     return SiteInstanceDescriptor(current_instance_impl);
   }
 
@@ -1348,7 +1351,17 @@ RenderFrameHostManager::DetermineSiteInstanceForURL(
   // SiteInstance to a RenderViewHost (if it is different than our current
   // SiteInstance), so that it is ref counted.  This will happen in
   // CreateRenderView.
-  return SiteInstanceDescriptor(browser_context, dest_url, true);
+  SiteInstanceDescriptor result(browser_context, dest_url, true);
+
+  if (!current_instance_impl->HasRelatedSiteInstance(dest_url) &&
+      !frame_tree_node_->IsMainFrame() &&
+      SiteIsolationPolicy::UseDedicatedProcessForTopDocument() &&
+      !SiteInstanceImpl::DoesSiteRequireDedicatedProcess(browser_context,
+                                                         dest_url)) {
+    result.is_for_third_party_subframes = true;
+  }
+
+  return result;
 }
 
 bool RenderFrameHostManager::IsRendererTransferNeededForNavigation(
@@ -1380,20 +1393,37 @@ bool RenderFrameHostManager::IsRendererTransferNeededForNavigation(
   if (SiteInstance::IsSameWebSite(rfh->GetSiteInstance()->GetBrowserContext(),
                                   rfh->GetSiteInstance()->GetSiteURL(),
                                   dest_url)) {
-    return false;  // The same site, no transition needed.
+    // The same site, no transition needed for security purposes, and we must
+    // keep the same SiteInstance for correctness of synchronous scripting.
+    return false;
   }
 
   // The sites differ. If either one requires a dedicated process,
   // then a transfer is needed.
-  return rfh->GetSiteInstance()->RequiresDedicatedProcess() ||
-         SiteInstanceImpl::DoesSiteRequireDedicatedProcess(context,
-                                                           effective_url);
+  if (rfh->GetSiteInstance()->RequiresDedicatedProcess() ||
+      SiteInstanceImpl::DoesSiteRequireDedicatedProcess(context,
+                                                        effective_url)) {
+    return true;
+  }
+
+  // If this site already exists in the browsing instance, we should transfer to
+  // the existing process for that site.
+  // TODO(nick):
+  //   - Should we only switch back if the existing site instance has the
+  //     dedicated bit set?
+  if (rfh->GetSiteInstance()->HasRelatedSiteInstance(effective_url)) {

[Charlie Reis, 2016/03/18 21:15:13]

Note: this affects --isolate-extensions as well.  Repro steps:
1) Page A opens a new window.
2) Navigate new window to B (new process, same BrowsingInstance).
3) Page A adds a subframe to B.

We create an OOPIF for it in --isolate-extensions, even though there's no
extensions involved.  We should avoid that.

+    if (rfh->GetSiteInstance()->GetRelatedSiteInstance(effective_url) !=
+        rfh->GetSiteInstance()) {
+      return true;
+    }
+  }
+  return false;
 }
 
 SiteInstance* RenderFrameHostManager::ConvertToSiteInstance(
     const SiteInstanceDescriptor& descriptor,
     SiteInstance* candidate_instance) {
-  SiteInstance* current_instance = render_frame_host_->GetSiteInstance();
+  SiteInstanceImpl* current_instance = render_frame_host_->GetSiteInstance();
 
   // Note: If the |candidate_instance| matches the descriptor, it will already
   // be set to |descriptor.existing_site_instance|.
@@ -1402,8 +1432,13 @@ SiteInstance* RenderFrameHostManager::ConvertToSiteInstance(
 
   // Note: If the |candidate_instance| matches the descriptor,
   // GetRelatedSiteInstance will return it.
-  if (descriptor.new_is_related_to_current)
-    return current_instance->GetRelatedSiteInstance(descriptor.new_site_url);
+  if (descriptor.new_is_related_to_current) {
+    if (descriptor.is_for_third_party_subframes)
+      return current_instance->GetRelatedSiteInstanceForThirdPartySubframes(
+          descriptor.new_site_url);
+    else
+      return current_instance->GetRelatedSiteInstance(descriptor.new_site_url);
+  }
 
   // At this point we know an unrelated site instance must be returned. First
   // check if the candidate matches.