Avoid crash in ContentSettingsObserver::GetOriginOrURL with top remote frames.

Avoid crash in ContentSettingsObserver::GetOriginOrURL with top remote frames.

The intent of the fallback to top()->document().url() in
GetOriginOrURL() is to support file path matching for content setting
exceptions in pages loaded from a file: scheme.  This fallback can
cause crashes in OOPIF modes when the top frame is remote, even in
cases that have nothing to do with file: exceptions, such as a
sandboxed main frame (which has a "null" origin) embedding an
OOPIF.

Longer-term, local and remote frames should be treated the same way
for content settings exceptions for the file: scheme; and content
settings will be refactored to be based on origins rather than GURLs
in issue 621724.  In the short term though, avoid the crash by falling
back to document->url() only for local top frames.  This shouldn't
actually affect file exceptions, as --isolate-extensions, which is the
only OOPIF mode currently enabled by default on trunk, won't put
subframes inside file: pages into a separate process.

BUG=628759, 466297
Review-Url: https://codereview.chromium.org/2354083002
Cr-Commit-Position: refs/heads/master@{#419899}
(cherry picked from commit 78aed40a1509c6cab064f9684e9653b37daff826)

Committed: https://chromium.googlesource.com/chromium/src/+/47261887fbe5c3826a830500a3623fc396d4ec73

[alexmos, 2016-09-22 00:01:43]

Description was changed from

==========
Avoid crash in ContentSettingsObserver::GetOriginOrURL with top remote frames.

The intent of the fallback to top()->document().url() in
GetOriginOrURL() is to support file path matching for content setting
exceptions in pages loaded from a file: scheme.  This fallback can
cause crashes in OOPIF modes when the top frame is remote, even in
cases that have nothing to do with file: exceptions, such as a
sandboxed main frame (which has a "null" origin) embedding an
OOPIF.

Longer-term, local and remote frames should be treated the same way
for content settings exceptions for the file: scheme; and content
settings will be refactored to be based on origins rather than GURLs
in issue 621724.  In the short term though, avoid the crash by falling
back to document->url() only for local top frames.  This shouldn't
actually affect file exceptions, as --isolate-extensions, which is the
only OOPIF mode currently enabled by default on trunk, won't put
subframes inside file: pages into a separate process.

BUG=628759, 466297

Review-Url: https://codereview.chromium.org/2354083002
Cr-Commit-Position: refs/heads/master@{#419899}
(cherry picked from commit 78aed40a1509c6cab064f9684e9653b37daff826)
==========

to

==========
Avoid crash in ContentSettingsObserver::GetOriginOrURL with top remote frames.

The intent of the fallback to top()->document().url() in
GetOriginOrURL() is to support file path matching for content setting
exceptions in pages loaded from a file: scheme.  This fallback can
cause crashes in OOPIF modes when the top frame is remote, even in
cases that have nothing to do with file: exceptions, such as a
sandboxed main frame (which has a "null" origin) embedding an
OOPIF.

Longer-term, local and remote frames should be treated the same way
for content settings exceptions for the file: scheme; and content
settings will be refactored to be based on origins rather than GURLs
in issue 621724.  In the short term though, avoid the crash by falling
back to document->url() only for local top frames.  This shouldn't
actually affect file exceptions, as --isolate-extensions, which is the
only OOPIF mode currently enabled by default on trunk, won't put
subframes inside file: pages into a separate process.

BUG=628759, 466297

Review-Url: https://codereview.chromium.org/2354083002
Cr-Commit-Position: refs/heads/master@{#419899}
(cherry picked from commit 78aed40a1509c6cab064f9684e9653b37daff826)

Committed:
https://chromium.googlesource.com/chromium/src/+/47261887fbe5c3826a830500a362...
==========

[alexmos, 2016-09-22 00:01:44]

Committed patchset #1 (id:1) manually as
47261887fbe5c3826a830500a3623fc396d4ec73.