Avoid crash in ContentSettingsObserver::GetOriginOrURL with top remote frames.

chrome/renderer/content_settings_observer.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/renderer/content_settings_observer.h"
 
 #include "chrome/common/ssl_insecure_content.h"
 #include "components/content_settings/content/common/content_settings_messages.h"
 #include "content/public/common/url_constants.h"
 #include "content/public/renderer/document_state.h"
@@ skipping 31 matching lines @@
 using content::NavigationState;
 
 namespace {
 
 GURL GetOriginOrURL(const WebFrame* frame) {
   WebString top_origin = frame->top()->getSecurityOrigin().toString();
   // The |top_origin| is unique ("null") e.g., for file:// URLs. Use the
   // document URL as the primary URL in those cases.
   // TODO(alexmos): This is broken for --site-per-process, since top() can be a
   // WebRemoteFrame which does not have a document(), and the WebRemoteFrame's
-  // URL is not replicated.
-  if (top_origin == "null")
+  // URL is not replicated.  See https://crbug.com/628759.
+  if (top_origin == "null" && frame->top()->isWebLocalFrame())
     return frame->top()->document().url();
   return blink::WebStringToGURL(top_origin);
 }
 
 ContentSetting GetContentSettingFromRules(
     const ContentSettingsForOneType& rules,
     const WebFrame* frame,
     const GURL& secondary_url) {
   ContentSettingsForOneType::const_iterator it;
   // If there is only one rule, it's the default rule and we don't need to match
@@ skipping 477 matching lines @@
 
   // If the scheme is file:, an empty file name indicates a directory listing,
   // which requires JavaScript to function properly.
   if (base::EqualsASCII(protocol, url::kFileScheme)) {
     return document_url.SchemeIs(url::kFileScheme) &&
            document_url.ExtractFileName().empty();
   }
 
   return false;
 }