PlzNavigate: fix issue preventing navigations to WebUIs

content/browser/frame_host/navigation_request.cc

 // Copyright 2014 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "content/browser/frame_host/navigation_request.h"
 
 #include <utility>
 
 #include "content/browser/devtools/render_frame_devtools_agent_host.h"
 #include "content/browser/frame_host/frame_tree.h"
 #include "content/browser/frame_host/frame_tree_node.h"
 #include "content/browser/frame_host/navigation_controller_impl.h"
 #include "content/browser/frame_host/navigation_handle_impl.h"
 #include "content/browser/frame_host/navigation_request_info.h"
 #include "content/browser/frame_host/navigator.h"
 #include "content/browser/frame_host/navigator_impl.h"
 #include "content/browser/loader/navigation_url_loader.h"
 #include "content/browser/service_worker/service_worker_context_wrapper.h"
 #include "content/browser/service_worker/service_worker_navigation_handle.h"
 #include "content/browser/site_instance_impl.h"
+#include "content/browser/webui/web_ui_impl.h"
 #include "content/common/resource_request_body.h"
 #include "content/public/browser/browser_context.h"
 #include "content/public/browser/navigation_controller.h"
 #include "content/public/browser/navigation_data.h"
 #include "content/public/browser/storage_partition.h"
 #include "content/public/browser/stream_handle.h"
 #include "content/public/common/content_client.h"
 #include "content/public/common/resource_response.h"
 #include "net/base/load_flags.h"
 #include "net/http/http_request_headers.h"
@@ skipping 195 matching lines @@
                    base::Unretained(this)));
     return;
   }
 
   // There is no need to make a network request for this navigation, so commit
   // it immediately.
   state_ = RESPONSE_STARTED;
 
   // Select an appropriate RenderFrameHost.
   RenderFrameHostImpl* render_frame_host =
-      frame_tree_node_->render_manager()->GetFrameHostForNavigation(*this);
+      frame_tree_node_->render_manager()->GetFrameHostForNavigation(this);
+
+  // Perform the appropriate checks for WebUIs.
   NavigatorImpl::CheckWebUIRendererDoesNotDisplayNormalURL(render_frame_host,
                                                            common_params_.url);
+  if (!WebUIImpl::RenderProcessAllowedForURL(render_frame_host->GetProcess(),
+                                             common_params_.url)) {
+    frame_tree_node_->ResetNavigationRequest(false);
+    return;
+  }
 
   // Inform the NavigationHandle that the navigation will commit.
   navigation_handle_->ReadyToCommitNavigation(render_frame_host);
 
   CommitNavigation();
 }
 
 void NavigationRequest::CreateNavigationHandle(int pending_nav_entry_id) {
   // TODO(nasko): Update the NavigationHandle creation to ensure that the
   // proper values are specified for is_synchronous and is_srcdoc.
   navigation_handle_ = NavigationHandleImpl::Create(
       common_params_.url, frame_tree_node_,
       !browser_initiated_,
       false,  // is_synchronous
       false,  // is_srcdoc
       common_params_.navigation_start, pending_nav_entry_id);
 }
 
 void NavigationRequest::TransferNavigationHandleOwnership(
     RenderFrameHostImpl* render_frame_host) {
   render_frame_host->SetNavigationHandle(std::move(navigation_handle_));
 }
 
+StoragePartition* NavigationRequest::GetStoragePartitionForNavigation() {

[Charlie Reis, 2016/05/25 21:38:02]

Is this needed anymore?  If it's just cleanup, we should do it in a separate CL,
since we would be able to revert the rest of this CL if we end up proving that
the StoragePartition check is unnecessary.

+  // Use the SiteInstance of the navigating RenderFrameHost to get access to
+  // the StoragePartition. Using the url of the navigation will result in a
+  // wrong StoragePartition being picked when a WebView is navigating.
+  DCHECK(associated_site_instance_type_ != AssociatedSiteInstanceType::NONE);
+  SiteInstance* navigation_site_instance =
+      associated_site_instance_type_ == AssociatedSiteInstanceType::CURRENT
+          ? frame_tree_node_->current_frame_host()->GetSiteInstance()
+          : frame_tree_node_->render_manager()
+                ->speculative_frame_host()
+                ->GetSiteInstance();
+  DCHECK(navigation_site_instance);
+
+  BrowserContext* browser_context =
+      frame_tree_node_->navigator()->GetController()->GetBrowserContext();
+  return BrowserContext::GetStoragePartition(browser_context,
+                                             navigation_site_instance);
+}
+
 void NavigationRequest::OnRequestRedirected(
     const net::RedirectInfo& redirect_info,
     const scoped_refptr<ResourceResponse>& response) {
   // If the navigation is no longer a POST, the POST data should be reset.
   if (redirect_info.new_method != "POST")
     post_data_ = nullptr;
 
   common_params_.url = redirect_info.new_url;
   common_params_.method = redirect_info.new_method;
   common_params_.referrer.url = GURL(redirect_info.new_referrer);
@@ skipping 39 matching lines @@
   }
 
   // Update the lofi state of the request.
   if (response->head.is_using_lofi)
     common_params_.lofi_state = LOFI_ON;
   else
     common_params_.lofi_state = LOFI_OFF;
 
   // Select an appropriate renderer to commit the navigation.
   RenderFrameHostImpl* render_frame_host =
-      frame_tree_node_->render_manager()->GetFrameHostForNavigation(*this);
+      frame_tree_node_->render_manager()->GetFrameHostForNavigation(this);
+
+  // Perform the appropriate checks for WebUIs.
   NavigatorImpl::CheckWebUIRendererDoesNotDisplayNormalURL(render_frame_host,
                                                            common_params_.url);
+  if (!WebUIImpl::RenderProcessAllowedForURL(render_frame_host->GetProcess(),
+                                             common_params_.url)) {
+    frame_tree_node_->ResetNavigationRequest(false);
+    return;
+  }
 
   // For renderer-initiated navigations that are set to commit in a different
   // renderer, allow the embedder to cancel the transfer.
   if (!browser_initiated_ &&
       render_frame_host != frame_tree_node_->current_frame_host() &&
       !frame_tree_node_->navigator()
            ->GetDelegate()
            ->ShouldTransferNavigation()) {
     frame_tree_node_->ResetNavigationRequest(false);
     return;
@@ skipping 112 matching lines @@
 
 void NavigationRequest::InitializeServiceWorkerHandleIfNeeded() {
   // Only initialize the ServiceWorkerNavigationHandle if it can be created for
   // this frame.
   bool can_create_service_worker =
       (frame_tree_node_->pending_sandbox_flags() &
        blink::WebSandboxFlags::Origin) != blink::WebSandboxFlags::Origin;
   if (!can_create_service_worker)
     return;
 
-  // Use the SiteInstance of the navigating RenderFrameHost to get access to
-  // the StoragePartition. Using the url of the navigation will result in a
-  // wrong StoragePartition being picked when a WebView is navigating.
-  RenderFrameHostImpl* navigating_frame_host =
-      frame_tree_node_->render_manager()->speculative_frame_host();
-  if (!navigating_frame_host)
-    navigating_frame_host = frame_tree_node_->current_frame_host();
-  DCHECK(navigating_frame_host);
-
-  BrowserContext* browser_context =
-      frame_tree_node_->navigator()->GetController()->GetBrowserContext();
-  StoragePartition* partition = BrowserContext::GetStoragePartition(
-      browser_context, navigating_frame_host->GetSiteInstance());
-  DCHECK(partition);
-
   ServiceWorkerContextWrapper* service_worker_context =
       static_cast<ServiceWorkerContextWrapper*>(
-          partition->GetServiceWorkerContext());
+          GetStoragePartitionForNavigation()->GetServiceWorkerContext());
   navigation_handle_->InitServiceWorkerHandle(service_worker_context);
 }
 
 }  // namespace content