With --isolate-extensions, forking (via OpenURL) for extensions is not needed.

chrome/renderer/extensions/chrome_extensions_renderer_client.cc

 // Copyright 2014 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/renderer/extensions/chrome_extensions_renderer_client.h"
 
 #include <memory>
 #include <utility>
 
 #include "base/command_line.h"
 #include "base/lazy_instance.h"
 #include "chrome/common/chrome_isolated_world_ids.h"
 #include "chrome/common/chrome_switches.h"
 #include "chrome/common/extensions/extension_constants.h"
 #include "chrome/common/extensions/extension_metrics.h"
-#include "chrome/common/extensions/extension_process_policy.h"
 #include "chrome/common/url_constants.h"
 #include "chrome/renderer/chrome_render_thread_observer.h"
 #include "chrome/renderer/extensions/chrome_extensions_dispatcher_delegate.h"
 #include "chrome/renderer/extensions/renderer_permissions_policy_delegate.h"
 #include "chrome/renderer/extensions/resource_request_policy.h"
 #include "chrome/renderer/media/cast_ipc_dispatcher.h"
 #include "content/public/common/content_constants.h"
 #include "content/public/common/content_switches.h"
 #include "content/public/renderer/render_thread.h"
 #include "extensions/common/constants.h"
 #include "extensions/common/extension.h"
 #include "extensions/common/extension_set.h"
+#include "extensions/common/manifest_handlers/app_isolation_info.h"
 #include "extensions/common/switches.h"
 #include "extensions/renderer/dispatcher.h"
 #include "extensions/renderer/extension_frame_helper.h"
 #include "extensions/renderer/extension_helper.h"
 #include "extensions/renderer/extensions_render_frame_observer.h"
 #include "extensions/renderer/guest_view/extensions_guest_view_container.h"
 #include "extensions/renderer/guest_view/extensions_guest_view_container_dispatcher.h"
 #include "extensions/renderer/guest_view/mime_handler_view/mime_handler_view_container.h"
 #include "extensions/renderer/script_context.h"
 #include "third_party/WebKit/public/platform/WebURL.h"
 #include "third_party/WebKit/public/web/WebDocument.h"
 #include "third_party/WebKit/public/web/WebLocalFrame.h"
 #include "third_party/WebKit/public/web/WebPluginParams.h"
+#include "url/gurl.h"
 
 using extensions::Extension;
 
 namespace {
 
 bool IsStandaloneExtensionProcess() {
   return base::CommandLine::ForCurrentProcess()->HasSwitch(
       extensions::switches::kExtensionProcess);
 }
 
 void IsGuestViewApiAvailableToScriptContext(
     bool* api_is_available,
     extensions::ScriptContext* context) {
   if (context->GetAvailability("guestViewInternal").is_available()) {
     *api_is_available = true;
   }
 }
 
+// Returns the extension for the given URL.  Excludes extension objects for
+// bookmark apps, which do not use the app process model.
+const Extension* GetNonBookmarkAppExtension(
+    const extensions::ExtensionSet& extensions,
+    const GURL& url) {
+  // Exclude bookmark apps, which do not use the app process model.
+  const Extension* extension = extensions.GetExtensionOrAppByURL(url);
+  if (extension && extension->from_bookmark())
+    extension = NULL;
+  return extension;
+}
+
+bool IsHostedApp(const extensions::ExtensionSet& extensions, const GURL& url) {
+  const extensions::Extension* extension =
+      GetNonBookmarkAppExtension(extensions, url);
+  return extension && extension->is_app();
+}
+
+// Check if navigating a toplevel page from |old_url| to |new_url| would cross
+// an extension process boundary (e.g. navigating from a web URL into an
+// extension URL).
+// We temporarily consider a workaround where we will keep non-app URLs in
+// an app process, but only if |should_consider_workaround| is true.  See
+// http://crbug.com/59285.
+bool CrossesExtensionProcessBoundary(const extensions::ExtensionSet& extensions,
+                                     const GURL& old_url,
+                                     const GURL& new_url,
+                                     bool should_consider_workaround) {
+  const extensions::Extension* old_url_extension =
+      GetNonBookmarkAppExtension(extensions, old_url);
+  const extensions::Extension* new_url_extension =
+      GetNonBookmarkAppExtension(extensions, new_url);
+
+  // TODO(creis): Temporary workaround for crbug.com/59285: Do not swap process
+  // to navigate from a hosted app to a normal page or another hosted app
+  // (unless either is the web store).  This is because some OAuth providers
+  // use non-app popups that communicate with non-app iframes inside the app
+  // (e.g., Facebook).  This would require out-of-process iframes to support.
+  // See http://crbug.com/99379.
+  // Note that we skip this exception for isolated apps, which require strict
+  // process separation from non-app pages.
+  if (should_consider_workaround) {
+    bool old_url_is_hosted_app =
+        old_url_extension && !old_url_extension->web_extent().is_empty() &&
+        !extensions::AppIsolationInfo::HasIsolatedStorage(old_url_extension);
+    bool new_url_is_normal_or_hosted =
+        !new_url_extension ||
+        (!new_url_extension->web_extent().is_empty() &&
+         !extensions::AppIsolationInfo::HasIsolatedStorage(new_url_extension));
+    bool either_is_web_store =
+        (old_url_extension &&
+         old_url_extension->id() == extensions::kWebStoreAppId) ||
+        (new_url_extension &&
+         new_url_extension->id() == extensions::kWebStoreAppId);
+    if (old_url_is_hosted_app && new_url_is_normal_or_hosted &&
+        !either_is_web_store)
+      return false;
+  }
+
+  return old_url_extension != new_url_extension;
+}
+
 // Returns true if the frame is navigating to an URL either into or out of an
 // extension app's extent.
-bool CrossesExtensionExtents(blink::WebLocalFrame* frame,
+bool CrossesHostedAppExtents(blink::WebLocalFrame* frame,
                              const GURL& new_url,
                              bool is_extension_url,
                              bool is_initial_navigation) {
   DCHECK(!frame->Parent());
   GURL old_url(frame->GetDocument().Url());
 
   extensions::RendererExtensionRegistry* extension_registry =
       extensions::RendererExtensionRegistry::Get();
+  const extensions::ExtensionSet& main_thread_extensions =
+      *extension_registry->GetMainThreadExtensionSet();
 
   // If old_url is still empty and this is an initial navigation, then this is
   // a window.open operation.  We should look at the opener URL.  Note that the
   // opener is a local frame in this case.
   if (is_initial_navigation && old_url.is_empty() && frame->Opener()) {
     blink::WebLocalFrame* opener_frame = frame->Opener()->ToWebLocalFrame();
 
     // We want to compare against the URL that determines the type of
     // process.  Use the URL of the opener's local frame root, which will
     // correctly handle any site isolation modes (e.g. --site-per-process).
@@ skipping 13 matching lines @@
         extension_registry->GetExtensionOrAppByURL(old_url);
     bool opener_is_web_store =
         opener_top_extension &&
         opener_top_extension->id() == extensions::kWebStoreAppId;
     if (!is_extension_url && !opener_is_extension_url && !opener_is_web_store &&
         IsStandaloneExtensionProcess() &&
         opener_origin.CanRequest(blink::WebURL(new_url)))
       return false;
   }
 
+  // With --isolate-extensions, forking is no longer needed to isolate
+  // extensions into separate renderer processes (i.e. isolation should
+  // be enforced by the transfer logic).
+  bool old_or_new_is_hosted_app =
+      IsHostedApp(main_thread_extensions, old_url) ||
+      IsHostedApp(main_thread_extensions, new_url);
+  if (!old_or_new_is_hosted_app)
+    return false;
+
   // Only consider keeping non-app URLs in an app process if this window
   // has an opener (in which case it might be an OAuth popup that tries to
   // script an iframe within the app).
   bool should_consider_workaround = !!frame->Opener();
 
-  return extensions::CrossesExtensionProcessBoundary(
-      *extension_registry->GetMainThreadExtensionSet(), old_url, new_url,
-      should_consider_workaround);
+  return CrossesExtensionProcessBoundary(main_thread_extensions, old_url,
+                                         new_url, should_consider_workaround);
 }
 
 }  // namespace
 
 ChromeExtensionsRendererClient::ChromeExtensionsRendererClient() {}
 
 ChromeExtensionsRendererClient::~ChromeExtensionsRendererClient() {}
 
 // static
 ChromeExtensionsRendererClient* ChromeExtensionsRendererClient::GetInstance() {
@@ skipping 117 matching lines @@
 // static
 bool ChromeExtensionsRendererClient::ShouldFork(blink::WebLocalFrame* frame,
                                                 const GURL& url,
                                                 bool is_initial_navigation,
                                                 bool is_server_redirect,
                                                 bool* send_referrer) {
   const extensions::RendererExtensionRegistry* extension_registry =
       extensions::RendererExtensionRegistry::Get();
 
   // Determine if the new URL is an extension (excluding bookmark apps).
-  const Extension* new_url_extension = extensions::GetNonBookmarkAppExtension(
+  const Extension* new_url_extension = GetNonBookmarkAppExtension(
       *extension_registry->GetMainThreadExtensionSet(), url);
   bool is_extension_url = !!new_url_extension;
 
   // If the navigation would cross an app extent boundary, we also need
   // to defer to the browser to ensure process isolation.  This is not necessary
   // for server redirects, which will be transferred to a new process by the
   // browser process when they are ready to commit.  It is necessary for client
   // redirects, which won't be transferred in the same way.
   if (!is_server_redirect &&
-      CrossesExtensionExtents(frame, url, is_extension_url,
+      CrossesHostedAppExtents(frame, url, is_extension_url,
                               is_initial_navigation)) {
     // Include the referrer in this case since we're going from a hosted web
     // page. (the packaged case is handled previously by the extension
     // navigation test)
     *send_referrer = true;
 
     const Extension* extension =
         extension_registry->GetExtensionOrAppByURL(url);
     if (extension && extension->is_app()) {
       extensions::RecordAppLaunchType(
@@ skipping 35 matching lines @@
 
 void ChromeExtensionsRendererClient::RunScriptsAtDocumentEnd(
     content::RenderFrame* render_frame) {
   extension_dispatcher_->RunScriptsAtDocumentEnd(render_frame);
 }
 
 void ChromeExtensionsRendererClient::RunScriptsAtDocumentIdle(
     content::RenderFrame* render_frame) {
   extension_dispatcher_->RunScriptsAtDocumentIdle(render_frame);
 }