Don't commit the blocked URL when a frame is blocked by XFrameOptions.

Don't commit the blocked URL when a frame is blocked by XFrameOptions.

Previously, when a load was blocked by XFO or frame-ancestors, we
committed a blank page and left the original URL as the committed URL.
In some cases, this led to the browser process thinking that the
renderer actually committed a real load for the blocked URL and
killing the renderer if that load was disallowed (e.g., for loading
Chrome Web Store in a frame).

mkwst@ is working on a CL
(https://codereview.chromium.org/1617043002/) that will ultimately fix
this by moving XFO enforcement to the browser process and committing
an error page when a load is blocked.  Until then, this is a
short-term fix to change the committed URL for the blocked (blank)
page to urlWithUniqueSecurityOrigin (data:,).

BUG=622385
Review-Url: https://codereview.chromium.org/2096453002
Cr-Commit-Position: refs/heads/master@{#401664}
(cherry picked from commit 30535f7116c9073705a155c7cf4b0146a28f7293)

Committed: https://chromium.googlesource.com/chromium/src/+/d4a487bdca9a78e5fd9c6c149faf45a49c83d6b6

[alexmos, 2016-06-28 20:04:57]

Description was changed from

==========
Don't commit the blocked URL when a frame is blocked by XFrameOptions.

Previously, when a load was blocked by XFO or frame-ancestors, we
committed a blank page and left the original URL as the committed URL.
In some cases, this led to the browser process thinking that the
renderer actually committed a real load for the blocked URL and
killing the renderer if that load was disallowed (e.g., for loading
Chrome Web Store in a frame).

mkwst@ is working on a CL
(https://codereview.chromium.org/1617043002/) that will ultimately fix
this by moving XFO enforcement to the browser process and committing
an error page when a load is blocked.  Until then, this is a
short-term fix to change the committed URL for the blocked (blank)
page to urlWithUniqueSecurityOrigin (data:,).

BUG=622385

Review-Url: https://codereview.chromium.org/2096453002
Cr-Commit-Position: refs/heads/master@{#401664}
(cherry picked from commit 30535f7116c9073705a155c7cf4b0146a28f7293)
==========

to

==========
Don't commit the blocked URL when a frame is blocked by XFrameOptions.

Previously, when a load was blocked by XFO or frame-ancestors, we
committed a blank page and left the original URL as the committed URL.
In some cases, this led to the browser process thinking that the
renderer actually committed a real load for the blocked URL and
killing the renderer if that load was disallowed (e.g., for loading
Chrome Web Store in a frame).

mkwst@ is working on a CL
(https://codereview.chromium.org/1617043002/) that will ultimately fix
this by moving XFO enforcement to the browser process and committing
an error page when a load is blocked.  Until then, this is a
short-term fix to change the committed URL for the blocked (blank)
page to urlWithUniqueSecurityOrigin (data:,).

BUG=622385

Review-Url: https://codereview.chromium.org/2096453002
Cr-Commit-Position: refs/heads/master@{#401664}
(cherry picked from commit 30535f7116c9073705a155c7cf4b0146a28f7293)

Committed:
https://chromium.googlesource.com/chromium/src/+/d4a487bdca9a78e5fd9c6c149faf...
==========

[alexmos, 2016-06-28 20:04:59]

Committed patchset #1 (id:1) manually as
d4a487bdca9a78e5fd9c6c149faf45a49c83d6b6 (tree was closed).