Forwarding POST body into renderer after a cross-site transfer.

content/renderer/render_frame_impl.cc

 // Copyright 2013 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "content/renderer/render_frame_impl.h"
 
 #include <map>
 #include <string>
 #include <utility>
 #include <vector>
@@ skipping 132 matching lines @@
 #include "media/blink/webencryptedmediaclient_impl.h"
 #include "media/blink/webmediaplayer_impl.h"
 #include "media/renderers/gpu_video_accelerator_factories.h"
 #include "mojo/common/url_type_converters.h"
 #include "mojo/edk/js/core.h"
 #include "mojo/edk/js/support.h"
 #include "net/base/data_url.h"
 #include "net/base/net_errors.h"
 #include "net/base/registry_controlled_domains/registry_controlled_domain.h"
 #include "net/http/http_util.h"
+#include "storage/common/data_element.h"
 #include "third_party/WebKit/public/platform/URLConversion.h"
 #include "third_party/WebKit/public/platform/WebCachePolicy.h"
 #include "third_party/WebKit/public/platform/WebData.h"
 #include "third_party/WebKit/public/platform/WebMediaPlayer.h"
 #include "third_party/WebKit/public/platform/WebMediaPlayerSource.h"
 #include "third_party/WebKit/public/platform/WebSecurityOrigin.h"
 #include "third_party/WebKit/public/platform/WebStorageQuotaCallbacks.h"
 #include "third_party/WebKit/public/platform/WebString.h"
 #include "third_party/WebKit/public/platform/WebURL.h"
 #include "third_party/WebKit/public/platform/WebURLError.h"
@@ skipping 369 matching lines @@
   // passed back to the browser in the DidCommitProvisionalLoad and the
   // DocumentLoadComplete IPCs.
   base::TimeDelta ui_timestamp = common_params.ui_timestamp - base::TimeTicks();
   request.setUiStartTime(ui_timestamp.InSecondsF());
   request.setInputPerfMetricReportPolicy(
       static_cast<WebURLRequest::InputToLoadPerfMetricReportPolicy>(
           common_params.report_type));
   return request;
 }
 
+// Converts the HTTP body data stored in ResourceRequestBody format to a
+// WebHTTPBody, which is then added to the WebURLRequest.
+// PlzNavigate: used to add the POST data sent by the renderer at commit time
+// to the WebURLRequest used to commit the navigation. This ensures that the
+// POST data will be in the PageState sent to the browser on commit.
+void AddHTTPBodyToRequest(WebURLRequest* request,
+                          const scoped_refptr<ResourceRequestBody>& body) {

[Łukasz Anforowicz, 2016/05/17 23:52:56]

This function is more-or-less copy&pasted from
https://codereview.chromium.org/1907443006/patch/200001/210015 CL by clamy@.

I am not sure if it matters which CL lands first.  I am also not sure if this
routine needs more work (FWIW, my CR comments have been sufficiently addressed
in the other CL in https://codereview.chromium.org/1907443006/#msg17).

BTW: I've put together a quick (and for now very dirty) CL that gets rid of
ExplodedHttpBodyElement as a separate type (i.e. makes it a type alias for
ResourceRequestBody::Element).  This might allow us to avoid having to have
separate conversion code.  I am trying to run try jobs at
https://codereview.chromium.org/1987053002.

+  WebHTTPBody http_body;
+  http_body.initialize();
+  http_body.setIdentifier(body->identifier());
+  for (const ResourceRequestBody::Element& element : *(body->elements())) {
+    long long length = -1;
+    switch (element.type()) {
+      case storage::DataElement::TYPE_BYTES:
+        http_body.appendData(WebData(element.bytes(), element.length()));
+        break;
+      case storage::DataElement::TYPE_FILE:
+        if (element.length() != std::numeric_limits<uint64_t>::max())
+          length = element.length();
+        http_body.appendFileRange(
+            element.path().AsUTF16Unsafe(), element.offset(), length,
+            element.expected_modification_time().ToDoubleT());
+        break;
+      case storage::DataElement::TYPE_FILE_FILESYSTEM:
+        http_body.appendFileSystemURLRange(
+            element.filesystem_url(), element.offset(), element.length(),
+            element.expected_modification_time().ToDoubleT());
+        break;
+      case storage::DataElement::TYPE_BLOB:
+        http_body.appendBlob(WebString::fromUTF8(element.blob_uuid()));
+        break;
+      default:
+        // TYPE_BYTES_DESCRIPTION and TYPE_DISK_CACHE_ENTRY should not be
+        // encountered.
+        NOTREACHED();
+        break;
+    }
+  }
+  request->setHTTPBody(http_body);
+}
+
 // Sanitizes the navigation_start timestamp for browser-initiated navigations,
 // where the browser possibly has a better notion of start time than the
 // renderer. In the case of cross-process navigations, this carries over the
 // time of finishing the onbeforeunload handler of the previous page.
 // TimeTicks is sometimes not monotonic across processes, and because
 // |browser_navigation_start| is likely before this process existed,
 // InterProcessTimeTicksConverter won't help. The timestamp is sanitized by
 // clamping it to renderer_navigation_start, initialized earlier in the call
 // stack.
 base::TimeTicks SanitizeNavigationTiming(
@@ skipping 4820 matching lines @@
     if (!start_params.extra_headers.empty() && !browser_side_navigation) {
       for (net::HttpUtil::HeadersIterator i(start_params.extra_headers.begin(),
                                             start_params.extra_headers.end(),
                                             "\n");
            i.GetNext();) {
         request.addHTTPHeaderField(WebString::fromUTF8(i.name()),
                                    WebString::fromUTF8(i.values()));
       }
     }
 
-    if (common_params.method == "POST" && !browser_side_navigation) {
-      // Set post data.
-      WebHTTPBody http_body;
-      http_body.initialize();
-      const char* data = nullptr;
-      if (start_params.browser_initiated_post_data.size()) {
-        data = reinterpret_cast<const char*>(
-            &start_params.browser_initiated_post_data.front());
-      }
-      http_body.appendData(
-          WebData(data, start_params.browser_initiated_post_data.size()));
-      request.setHTTPBody(http_body);
+    if (common_params.method == "POST" && !browser_side_navigation &&
+        start_params.post_data) {
+      AddHTTPBodyToRequest(&request, start_params.post_data);
     }
 
     // A session history navigation should have been accompanied by state.
     CHECK_EQ(request_params.page_id, -1);
 
     should_load_request = true;
   }
 
   if (should_load_request) {
     // Sanitize navigation start now that we know the load_type.
@@ skipping 690 matching lines @@
   // event target. Potentially a Pepper plugin will receive the event.
   // In order to tell whether a plugin gets the last mouse event and which it
   // is, we set |pepper_last_mouse_event_target_| to null here. If a plugin gets
   // the event, it will notify us via DidReceiveMouseEvent() and set itself as
   // |pepper_last_mouse_event_target_|.
   pepper_last_mouse_event_target_ = nullptr;
 #endif
 }
 
 }  // namespace content