Revert the merge of CrossSiteResourceHandler and NavigationResourceThrottle.

content/browser/frame_host/render_frame_host_manager.cc

 // Copyright 2013 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "content/browser/frame_host/render_frame_host_manager.h"
 
 #include <stddef.h>
 
 #include <algorithm>
 #include <utility>
 
 #include "base/command_line.h"
 #include "base/debug/crash_logging.h"
 #include "base/debug/dump_without_crashing.h"
 #include "base/logging.h"
 #include "base/memory/ptr_util.h"
 #include "base/stl_util.h"
 #include "base/trace_event/trace_event.h"
 #include "content/browser/child_process_security_policy_impl.h"
 #include "content/browser/devtools/render_frame_devtools_agent_host.h"
+#include "content/browser/frame_host/cross_site_transferring_request.h"
 #include "content/browser/frame_host/debug_urls.h"
 #include "content/browser/frame_host/frame_navigation_entry.h"
 #include "content/browser/frame_host/interstitial_page_impl.h"
 #include "content/browser/frame_host/navigation_controller_impl.h"
 #include "content/browser/frame_host/navigation_entry_impl.h"
 #include "content/browser/frame_host/navigation_handle_impl.h"
 #include "content/browser/frame_host/navigation_request.h"
 #include "content/browser/frame_host/navigator.h"
 #include "content/browser/frame_host/render_frame_host_factory.h"
 #include "content/browser/frame_host/render_frame_host_impl.h"
@@ skipping 241 matching lines @@
       // RenderFrameHostManager are completely initialized. This should be
       // removed once the process manager moves away from NotificationService.
       // See https://crbug.com/462682.
       delegate_->NotifyMainFrameSwappedFromRenderManager(
           nullptr, render_frame_host_->render_view_host());
     }
   }
 
   // If entry includes the request ID of a request that is being transferred,
   // the destination render frame will take ownership, so release ownership of
-  // the transferring NavigationHandle.
-  if (transfer_navigation_handle_.get() &&
-      transfer_navigation_handle_->request_id() ==
+  // the request.
+  if (cross_site_transferring_request_.get() &&
+      cross_site_transferring_request_->request_id() ==
           entry.transferred_global_request_id()) {
+    cross_site_transferring_request_->ReleaseRequest();
+
+    DCHECK(transfer_navigation_handle_);
+
+    // Update the pending NavigationEntry ID on the transferring handle.
+    // TODO(creis): Make this line unnecessary by avoiding having a pending
+    // entry for transfer navigations.  See https://crbug.com/495161.
+    transfer_navigation_handle_->update_entry_id_for_transfer(
+        entry.GetUniqueID());
+
     // The navigating RenderFrameHost should take ownership of the
     // NavigationHandle that came from the transferring RenderFrameHost.
     dest_render_frame_host->SetNavigationHandle(
         std::move(transfer_navigation_handle_));
-
-    dest_render_frame_host->navigation_handle()->set_render_frame_host(
-        dest_render_frame_host);
   }
+  DCHECK(!transfer_navigation_handle_);
 
   return dest_render_frame_host;
 }
 
 void RenderFrameHostManager::Stop() {
   render_frame_host_->Stop();
 
   // If a cross-process navigation is happening, the pending RenderFrameHost
   // should stop. This will lead to a DidFailProvisionalLoad, which will
   // properly destroy it.
@@ skipping 101 matching lines @@
 
       // This is not a cross-process navigation; the tab is being closed.
       render_frame_host_->render_view_host()->ClosePage();
     }
   }
 }
 
 void RenderFrameHostManager::OnCrossSiteResponse(
     RenderFrameHostImpl* transferring_render_frame_host,
     const GlobalRequestID& global_request_id,
+    std::unique_ptr<CrossSiteTransferringRequest>
+        cross_site_transferring_request,
     const std::vector<GURL>& transfer_url_chain,
     const Referrer& referrer,
     ui::PageTransition page_transition,
     bool should_replace_current_entry) {
+  // We should only get here for transfer navigations.  Most cross-process
+  // navigations can just continue and wait to run the unload handler (by
+  // swapping out) when the new navigation commits.
+  CHECK(cross_site_transferring_request);
+
   // A transfer should only have come from our pending or current RFH.  If it
   // started as a cross-process navigation via OpenURL, this is the pending
   // one.  If it wasn't cross-process until the transfer, this is the current
   // one.
   //
   // Note that having a pending RFH does not imply that it was the one that
   // made the request.  Suppose that during a pending cross-site navigation,
   // the frame performs a different same-site navigation which redirects
   // cross-site.  In this case, there will be a pending RFH, but this request
   // is made by the current RFH. Later, this will create a new pending RFH and
   // clean up the old one.
   //
   // TODO(creis): We need to handle the case that the pending RFH has changed
   // in the mean time, while this was being posted from the IO thread.  We
   // should probably cancel the request in that case.
   DCHECK(transferring_render_frame_host == pending_render_frame_host_.get() ||
          transferring_render_frame_host == render_frame_host_.get());
 
   // Check if the FrameTreeNode is loading. This will be used later to notify
   // the FrameTreeNode that the load stop if the transfer fails.
   bool frame_tree_node_was_loading = frame_tree_node_->IsLoading();
 
   // Store the NavigationHandle to give it to the appropriate RenderFrameHost
   // after it started navigating.
   transfer_navigation_handle_ =
       transferring_render_frame_host->PassNavigationHandleOwnership();
-  CHECK(transfer_navigation_handle_);
+
+  // If something caused the cancellation of this navigation on the UI thread
+  // (possibly for security reasons) the navigation should not be allowed to
+  // proceed.
+  if (!transfer_navigation_handle_)
+    return;
+
+  // Store the transferring request so that we can release it if the transfer
+  // navigation matches.
+  cross_site_transferring_request_ = std::move(cross_site_transferring_request);
 
   // Set the transferring RenderFrameHost as not loading, so that it does not
   // emit a DidStopLoading notification if it is destroyed when creating the
   // new navigating RenderFrameHost.
   transferring_render_frame_host->set_is_loading(false);
 
   // Treat the last URL in the chain as the destination and the remainder as
   // the redirect chain.
   CHECK(transfer_url_chain.size());
   GURL transfer_url = transfer_url_chain.back();
   std::vector<GURL> rest_of_chain = transfer_url_chain;
   rest_of_chain.pop_back();
 
   transferring_render_frame_host->frame_tree_node()
       ->navigator()
       ->RequestTransferURL(
           transferring_render_frame_host, transfer_url, nullptr, rest_of_chain,
           referrer, page_transition, global_request_id,
           should_replace_current_entry,
           transfer_navigation_handle_->IsPost() ? "POST" : "GET",
           transfer_navigation_handle_->resource_request_body());
 
+  // The transferring request was only needed during the RequestTransferURL
+  // call, so it is safe to clear at this point.
+  cross_site_transferring_request_.reset();
+
   // If the navigation continued, the NavigationHandle should have been
   // transfered to a RenderFrameHost. In the other cases, it should be cleared.
-  // If the NavigationHandle wasn't claimed, this will lead to the cancelation
-  // of the request in the network stack.
   transfer_navigation_handle_.reset();
 
   // If the navigation in the new renderer did not start, inform the
   // FrameTreeNode that it stopped loading.
   if (!frame_tree_node_->IsLoading() && frame_tree_node_was_loading)
     frame_tree_node_->DidStopLoading();
 }
 
 void RenderFrameHostManager::DidNavigateFrame(
     RenderFrameHostImpl* render_frame_host,
@@ skipping 143 matching lines @@
     return;
 
   // Create a replacement proxy for the old RenderFrameHost. (There should not
   // be one yet.)  This is done even if there are no active frames besides this
   // one to simplify cleanup logic on the renderer side (see
   // https://crbug.com/568836 for motivation).
   RenderFrameProxyHost* proxy =
       CreateRenderFrameProxyHost(old_render_frame_host->GetSiteInstance(),
                                  old_render_frame_host->render_view_host());
 
-  // Reset any NavigationHandle in the RenderFrameHost. This will prevent any
-  // ongoing navigation from attempting to transfer.
-  old_render_frame_host->SetNavigationHandle(nullptr);
-
   // Tell the old RenderFrameHost to swap out and be replaced by the proxy.
   old_render_frame_host->SwapOut(proxy, true);
 
   // SwapOut creates a RenderFrameProxy, so set the proxy to be initialized.
   proxy->set_render_frame_proxy_created(true);
 
   // |old_render_frame_host| will be deleted when its SwapOut ACK is received,
   // or when the timer times out, or when the RFHM itself is deleted (whichever
   // comes first).
   pending_delete_hosts_.push_back(std::move(old_render_frame_host));
@@ skipping 1564 matching lines @@
     // Note: Do not add code here to determine whether the subframe should swap
     // or not. Add it to CanSubframeSwapProcess instead.
     return render_frame_host_.get();
   }
 
   SiteInstance* current_instance = render_frame_host_->GetSiteInstance();
   scoped_refptr<SiteInstance> new_instance = GetSiteInstanceForNavigation(
       dest_url, source_instance, dest_instance, nullptr, transition,
       dest_is_restore, dest_is_view_source_mode);
 
-  // Inform the transferring NavigationHandle of a transfer to a different
-  // SiteInstance.  It is important do so now, in order to mark the request as
-  // transferring on the IO thread before attempting to destroy the pending RFH.
-  // This ensures the network request will not be destroyed along the pending
-  // RFH but will persist until it is picked up by the new RFH.
-  if (transfer_navigation_handle_.get() &&
-      transfer_navigation_handle_->request_id() == transferred_request_id &&
-      new_instance.get() !=
-          transfer_navigation_handle_->GetRenderFrameHost()
-              ->GetSiteInstance()) {
-    transfer_navigation_handle_->Transfer();
-  }
-
   // If we are currently navigating cross-process to a pending RFH for a
   // different SiteInstance, we want to get back to normal and then navigate as
   // usual.  We will reuse the pending RFH below if it matches the destination
   // SiteInstance.
   if (pending_render_frame_host_) {
     if (pending_render_frame_host_->GetSiteInstance() != new_instance) {
       CancelPending();
     } else {
       // When a pending RFH is reused, it should always be live, since it is
       // cleared whenever a process dies.
@@ skipping 39 matching lines @@
       // RFH isn't live.)
       CommitPending();
       return render_frame_host_.get();
     }
     // Otherwise, it's safe to treat this as a pending cross-process transition.
 
     bool is_transfer = transferred_request_id != GlobalRequestID();
     if (is_transfer) {
       // We don't need to stop the old renderer or run beforeunload/unload
       // handlers, because those have already been done.
-      DCHECK(transfer_navigation_handle_ &&
-             transfer_navigation_handle_->request_id() ==
-                 transferred_request_id);
+      DCHECK(cross_site_transferring_request_->request_id() ==
+             transferred_request_id);
     } else if (!pending_render_frame_host_->are_navigations_suspended()) {
       // If the pending RFH hasn't already been suspended from a previous
       // attempt to navigate it, then we need to wait for the beforeunload
       // handler to run.  Suspend navigations in the pending RFH until we hear
       // back from the old RFH's beforeunload handler (via OnBeforeUnloadACK or
       // a timeout).  If the handler returns false, we'll have to cancel the
       // request.
       //
       // Also make sure the old RenderFrame stops, in case a load is in
       // progress.  (We don't want to do this for transfers, since it will
@@ skipping 364 matching lines @@
                                              resolved_url)) {
     DCHECK(!dest_instance ||
            dest_instance == render_frame_host_->GetSiteInstance());
     return false;
   }
 
   return true;
 }
 
 }  // namespace content