Merge CrossSiteResourceHandler and NavigationResourceThrottle

content/browser/frame_host/render_frame_host_manager.cc

 // Copyright 2013 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "content/browser/frame_host/render_frame_host_manager.h"
 
 #include <stddef.h>
 
 #include <algorithm>
 #include <utility>
 
 #include "base/command_line.h"
 #include "base/debug/crash_logging.h"
 #include "base/debug/dump_without_crashing.h"
 #include "base/logging.h"
 #include "base/memory/ptr_util.h"
 #include "base/stl_util.h"
 #include "base/trace_event/trace_event.h"
 #include "content/browser/child_process_security_policy_impl.h"
 #include "content/browser/devtools/render_frame_devtools_agent_host.h"
-#include "content/browser/frame_host/cross_site_transferring_request.h"
 #include "content/browser/frame_host/debug_urls.h"
 #include "content/browser/frame_host/frame_navigation_entry.h"
 #include "content/browser/frame_host/interstitial_page_impl.h"
 #include "content/browser/frame_host/navigation_controller_impl.h"
 #include "content/browser/frame_host/navigation_entry_impl.h"
 #include "content/browser/frame_host/navigation_handle_impl.h"
 #include "content/browser/frame_host/navigation_request.h"
 #include "content/browser/frame_host/navigator.h"
 #include "content/browser/frame_host/render_frame_host_factory.h"
 #include "content/browser/frame_host/render_frame_host_impl.h"
@@ skipping 242 matching lines @@
       // RenderFrameHostManager are completely initialized. This should be
       // removed once the process manager moves away from NotificationService.
       // See https://crbug.com/462682.
       delegate_->NotifyMainFrameSwappedFromRenderManager(
           nullptr, render_frame_host_->render_view_host());
     }
   }
 
   // If entry includes the request ID of a request that is being transferred,
   // the destination render frame will take ownership, so release ownership of
-  // the request.
-  if (cross_site_transferring_request_.get() &&
-      cross_site_transferring_request_->request_id() ==
+  // the transferring NavigationHandle.
+  if (transfer_navigation_handle_.get() &&
+      transfer_navigation_handle_->request_id() ==
           entry.transferred_global_request_id()) {
-    cross_site_transferring_request_->ReleaseRequest();
-
-    DCHECK(transfer_navigation_handle_);
-
-    // Update the pending NavigationEntry ID on the transferring handle.
-    // TODO(creis): Make this line unnecessary by avoiding having a pending
-    // entry for transfer navigations.  See https://crbug.com/495161.
-    transfer_navigation_handle_->update_entry_id_for_transfer(
-        entry.GetUniqueID());
-
     // The navigating RenderFrameHost should take ownership of the
     // NavigationHandle that came from the transferring RenderFrameHost.
     dest_render_frame_host->SetNavigationHandle(
         std::move(transfer_navigation_handle_));
+
+    dest_render_frame_host->navigation_handle()->TransferToRenderFrameHost(
+        dest_render_frame_host);
   }
-  DCHECK(!transfer_navigation_handle_);
 
   return dest_render_frame_host;
 }
 
 void RenderFrameHostManager::Stop() {
   render_frame_host_->Stop();
 
   // If a cross-process navigation is happening, the pending RenderFrameHost
   // should stop. This will lead to a DidFailProvisionalLoad, which will
   // properly destroy it.
@@ skipping 101 matching lines @@
 
       // This is not a cross-process navigation; the tab is being closed.
       render_frame_host_->render_view_host()->ClosePage();
     }
   }
 }
 
 void RenderFrameHostManager::OnCrossSiteResponse(
     RenderFrameHostImpl* transferring_render_frame_host,
     const GlobalRequestID& global_request_id,
-    std::unique_ptr<CrossSiteTransferringRequest>
-        cross_site_transferring_request,
     const std::vector<GURL>& transfer_url_chain,
     const Referrer& referrer,
     ui::PageTransition page_transition,
     bool should_replace_current_entry) {
-  // We should only get here for transfer navigations.  Most cross-process
-  // navigations can just continue and wait to run the unload handler (by
-  // swapping out) when the new navigation commits.
-  CHECK(cross_site_transferring_request);
-
   // A transfer should only have come from our pending or current RFH.  If it
   // started as a cross-process navigation via OpenURL, this is the pending
   // one.  If it wasn't cross-process until the transfer, this is the current
   // one.
   //
   // Note that having a pending RFH does not imply that it was the one that
   // made the request.  Suppose that during a pending cross-site navigation,
   // the frame performs a different same-site navigation which redirects
   // cross-site.  In this case, there will be a pending RFH, but this request
   // is made by the current RFH. Later, this will create a new pending RFH and
   // clean up the old one.
   //
   // TODO(creis): We need to handle the case that the pending RFH has changed
   // in the mean time, while this was being posted from the IO thread.  We
   // should probably cancel the request in that case.
   DCHECK(transferring_render_frame_host == pending_render_frame_host_.get() ||
          transferring_render_frame_host == render_frame_host_.get());
 
   // Check if the FrameTreeNode is loading. This will be used later to notify
   // the FrameTreeNode that the load stop if the transfer fails.
   bool frame_tree_node_was_loading = frame_tree_node_->IsLoading();
 
   // Store the NavigationHandle to give it to the appropriate RenderFrameHost
   // after it started navigating.
   transfer_navigation_handle_ =
       transferring_render_frame_host->PassNavigationHandleOwnership();
-
-  // If something caused the cancellation of this navigation on the UI thread
-  // (possibly for security reasons) the navigation should not be allowed to
-  // proceed.
-  if (!transfer_navigation_handle_)

[Charlie Reis, 2016/09/16 21:19:26]

Why isn't this possible anymore?  The comment indicates there may be security
checks that might have cleared the handle before we get here.

[clamy, 2016/09/20 15:57:22]

We now only call OnCrossSiteResponse from the NavigationHandle, so it has to be
here. This is meant to replace the CHECK(cross_site_transferring_request).

[Charlie Reis, 2016/09/21 03:31:47]

Acknowledged.

-    return;
-
-  // Store the transferring request so that we can release it if the transfer
-  // navigation matches.
-  cross_site_transferring_request_ = std::move(cross_site_transferring_request);
+  CHECK(transfer_navigation_handle_);
 
   // Set the transferring RenderFrameHost as not loading, so that it does not
   // emit a DidStopLoading notification if it is destroyed when creating the
   // new navigating RenderFrameHost.
   transferring_render_frame_host->set_is_loading(false);
 
   // Treat the last URL in the chain as the destination and the remainder as
   // the redirect chain.
   CHECK(transfer_url_chain.size());
   GURL transfer_url = transfer_url_chain.back();
   std::vector<GURL> rest_of_chain = transfer_url_chain;
   rest_of_chain.pop_back();
 
   transferring_render_frame_host->frame_tree_node()
       ->navigator()
       ->RequestTransferURL(
           transferring_render_frame_host, transfer_url, nullptr, rest_of_chain,
           referrer, page_transition, global_request_id,
           should_replace_current_entry,
           transfer_navigation_handle_->IsPost() ? "POST" : "GET",
           transfer_navigation_handle_->resource_request_body());
 
-  // The transferring request was only needed during the RequestTransferURL
-  // call, so it is safe to clear at this point.
-  cross_site_transferring_request_.reset();
-
   // If the navigation continued, the NavigationHandle should have been
   // transfered to a RenderFrameHost. In the other cases, it should be cleared.
+  // If the NavigationHandle wasn't claimed, this will lead to the cancelation
+  // of the request in the network stack.
   transfer_navigation_handle_.reset();
 
   // If the navigation in the new renderer did not start, inform the
   // FrameTreeNode that it stopped loading.
   if (!frame_tree_node_->IsLoading() && frame_tree_node_was_loading)
     frame_tree_node_->DidStopLoading();
 }
 
 void RenderFrameHostManager::DidNavigateFrame(
     RenderFrameHostImpl* render_frame_host,
@@ skipping 1720 matching lines @@
     // Note: Do not add code here to determine whether the subframe should swap
     // or not. Add it to CanSubframeSwapProcess instead.
     return render_frame_host_.get();
   }
 
   SiteInstance* current_instance = render_frame_host_->GetSiteInstance();
   scoped_refptr<SiteInstance> new_instance = GetSiteInstanceForNavigation(
       dest_url, source_instance, dest_instance, nullptr, transition,
       dest_is_restore, dest_is_view_source_mode);
 
+  // In case this is a transfer navigation, inform the Navigationhandle of which

[Charlie Reis, 2016/09/16 21:19:26]

nit: NavigationHandle

[clamy, 2016/09/20 15:57:22]

Done.

+  // SiteInstance will be used. It is important do so now, in order to mark the
+  // request as transferring on the IO thread before attempting to destroy the
+  // pending RFH.

[Charlie Reis, 2016/09/16 21:19:26]

Why does the IO thread care about the destruction of the pending RFH?  (We
should clarify in the comment.)

[clamy, 2016/09/20 15:57:22]

Done.

+  if (transfer_navigation_handle_.get() &&
+      transfer_navigation_handle_->request_id() == transferred_request_id) {
+    transfer_navigation_handle_->TransferToSiteInstance(new_instance.get());
+  }
+
   // If we are currently navigating cross-process to a pending RFH for a
   // different SiteInstance, we want to get back to normal and then navigate as
   // usual.  We will reuse the pending RFH below if it matches the destination
   // SiteInstance.
   if (pending_render_frame_host_) {
     if (pending_render_frame_host_->GetSiteInstance() != new_instance) {
       CancelPending();
     } else {
       // When a pending RFH is reused, it should always be live, since it is
       // cleared whenever a process dies.
@@ skipping 39 matching lines @@
       // RFH isn't live.)
       CommitPending();
       return render_frame_host_.get();
     }
     // Otherwise, it's safe to treat this as a pending cross-process transition.
 
     bool is_transfer = transferred_request_id != GlobalRequestID();
     if (is_transfer) {
       // We don't need to stop the old renderer or run beforeunload/unload
       // handlers, because those have already been done.
-      DCHECK(cross_site_transferring_request_->request_id() ==
-             transferred_request_id);
+      DCHECK(transfer_navigation_handle_ &&
+             transfer_navigation_handle_->request_id() ==
+                 transferred_request_id);
     } else if (!pending_render_frame_host_->are_navigations_suspended()) {
       // If the pending RFH hasn't already been suspended from a previous
       // attempt to navigate it, then we need to wait for the beforeunload
       // handler to run.  Suspend navigations in the pending RFH until we hear
       // back from the old RFH's beforeunload handler (via OnBeforeUnloadACK or
       // a timeout).  If the handler returns false, we'll have to cancel the
       // request.
       //
       // Also make sure the old RenderFrame stops, in case a load is in
       // progress.  (We don't want to do this for transfers, since it will
@@ skipping 364 matching lines @@
                                              resolved_url)) {
     DCHECK(!dest_instance ||
            dest_instance == render_frame_host_->GetSiteInstance());
     return false;
   }
 
   return true;
 }
 
 }  // namespace content