Forwarding POST body into renderer after a cross-site transfer.

content/browser/loader/cross_site_resource_handler.cc

Index: content/browser/loader/cross_site_resource_handler.cc
diff --git a/content/browser/loader/cross_site_resource_handler.cc b/content/browser/loader/cross_site_resource_handler.cc
index 67d364a0ec0c40fabbbaf2e63e7c8cc1f9033eb1..92262af23dcee59c4a499492e50ae00cb7e45bf4 100644
--- a/content/browser/loader/cross_site_resource_handler.cc
+++ b/content/browser/loader/cross_site_resource_handler.cc
@@ -18,6 +18,7 @@
 #include "content/browser/loader/resource_request_info_impl.h"
 #include "content/browser/site_instance_impl.h"
 #include "content/browser/web_contents/web_contents_impl.h"
+#include "content/common/resource_request_body.h"
 #include "content/common/site_isolation_policy.h"
 #include "content/public/browser/browser_thread.h"
 #include "content/public/browser/content_browser_client.h"
@@ -45,14 +46,15 @@ struct CrossSiteResponseParams {
       const std::vector<GURL>& transfer_url_chain,
       const Referrer& referrer,
       ui::PageTransition page_transition,
-      bool should_replace_current_entry)
+      bool should_replace_current_entry,
+      const scoped_refptr<ResourceRequestBody> resource_request_body)
       : render_frame_id(render_frame_id),
         global_request_id(global_request_id),
         transfer_url_chain(transfer_url_chain),
         referrer(referrer),
         page_transition(page_transition),
-        should_replace_current_entry(should_replace_current_entry) {
-  }
+        should_replace_current_entry(should_replace_current_entry),
+        resource_request_body(resource_request_body) {}
 
   int render_frame_id;
   GlobalRequestID global_request_id;
@@ -60,6 +62,7 @@ struct CrossSiteResponseParams {
   Referrer referrer;
   ui::PageTransition page_transition;
   bool should_replace_current_entry;
+  scoped_refptr<ResourceRequestBody> resource_request_body;
 };
 
 void OnCrossSiteResponseHelper(const CrossSiteResponseParams& params) {
@@ -76,10 +79,15 @@ void OnCrossSiteResponseHelper(const CrossSiteResponseParams& params) {
       // default Chrome.
       CHECK(SiteIsolationPolicy::AreCrossProcessFramesPossible());
     }
+
+    // TODO(lukasza): DO NOT SUBMIT: Double-check that post body is cleared
+    // upon redirect - otherwise we would leak post body to a cross-site
+    // renderer (violating site isolation goals).
+
     rfh->OnCrossSiteResponse(
         params.global_request_id, std::move(cross_site_transferring_request),
         params.transfer_url_chain, params.referrer, params.page_transition,
-        params.should_replace_current_entry);
+        params.should_replace_current_entry, params.resource_request_body);
   } else if (leak_requests_for_testing_) {
     // Some unit tests expect requests to be leaked in this case, so they can
     // pass them along manually.
@@ -331,16 +339,12 @@ void CrossSiteResourceHandler::StartCrossSiteTransition(
                                                                  response_);
 
   BrowserThread::PostTask(
-      BrowserThread::UI,
-      FROM_HERE,
-      base::Bind(
-          &OnCrossSiteResponseHelper,
-          CrossSiteResponseParams(render_frame_id,
-                                  global_id,
-                                  transfer_url_chain,
-                                  referrer,
-                                  info->GetPageTransition(),
-                                  info->should_replace_current_entry())));
+      BrowserThread::UI, FROM_HERE,
+      base::Bind(&OnCrossSiteResponseHelper,
+                 CrossSiteResponseParams(
+                     render_frame_id, global_id, transfer_url_chain, referrer,
+                     info->GetPageTransition(),
+                     info->should_replace_current_entry(), info->body())));
 }
 
 bool CrossSiteResourceHandler::DeferForNavigationPolicyCheck(