OOPIFs: Fixing submitting forms targeting a remote frame.

third_party/WebKit/Source/core/html/HTMLFormElement.cpp

Index: third_party/WebKit/Source/core/html/HTMLFormElement.cpp
diff --git a/third_party/WebKit/Source/core/html/HTMLFormElement.cpp b/third_party/WebKit/Source/core/html/HTMLFormElement.cpp
index 026dcf70376d21047671b710d42602102d488f97..362f9d94353f66221936ce37c43970f4aa2d1c6b 100644
--- a/third_party/WebKit/Source/core/html/HTMLFormElement.cpp
+++ b/third_party/WebKit/Source/core/html/HTMLFormElement.cpp
@@ -36,6 +36,8 @@
 #include "core/events/ScopedEventQueue.h"
 #include "core/frame/LocalDOMWindow.h"
 #include "core/frame/LocalFrame.h"
+#include "core/frame/RemoteFrame.h"
+#include "core/frame/RemoteFrameClient.h"
 #include "core/frame/UseCounter.h"
 #include "core/frame/csp/ContentSecurityPolicy.h"
 #include "core/html/HTMLCollection.h"
@@ -47,11 +49,14 @@
 #include "core/html/RadioNodeList.h"
 #include "core/html/forms/FormController.h"
 #include "core/inspector/ConsoleMessage.h"
+#include "core/loader/FormSubmission.h"
 #include "core/loader/FrameLoader.h"
 #include "core/loader/FrameLoaderClient.h"
 #include "core/loader/MixedContentChecker.h"
 #include "core/loader/NavigationScheduler.h"
 #include "platform/UserGestureIndicator.h"
+#include "platform/network/ResourceRequest.h"
+#include "platform/weborigin/SecurityPolicy.h"
 #include "wtf/text/AtomicString.h"
 #include <limits>
 
@@ -416,9 +421,15 @@ void HTMLFormElement::scheduleFormSubmission(FormSubmission* submission)
     if (MixedContentChecker::isMixedFormAction(document().frame(), submission->action()))
         UseCounter::count(document().frame(), UseCounter::MixedContentFormsSubmitted);
 
-    // FIXME: Plumb form submission for remote frames.
-    if (targetFrame->isLocalFrame())
+    if (targetFrame->isLocalFrame()) {
         toLocalFrame(targetFrame)->navigationScheduler().scheduleFormSubmission(&document(), submission);
+    } else {
+        ResourceRequest resourceRequest;
+        submission->populateResourceRequest(resourceRequest);
+        resourceRequest.setHTTPReferrer(SecurityPolicy::generateReferrer(
+            document().getReferrerPolicy(), resourceRequest.url(), document().outgoingReferrer()));
+        toRemoteFrame(targetFrame)->client()->navigate(resourceRequest, false);
+    }
 }
 
 void HTMLFormElement::reset()