Browser tests for starting a drag-and-drop out of an OOPIF.

content/browser/site_per_process_browsertest.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "content/browser/site_per_process_browsertest.h"
 
 #include <stddef.h>
 #include <stdint.h>
 
 #include <algorithm>
@@ skipping 33 matching lines @@
 #include "content/public/browser/navigation_handle.h"
 #include "content/public/browser/notification_observer.h"
 #include "content/public/browser/notification_service.h"
 #include "content/public/browser/notification_types.h"
 #include "content/public/browser/resource_dispatcher_host.h"
 #include "content/public/common/browser_side_navigation_policy.h"
 #include "content/public/common/content_switches.h"
 #include "content/public/common/url_constants.h"
 #include "content/public/test/browser_test_utils.h"
 #include "content/public/test/content_browser_test_utils.h"
+#include "content/public/test/test_frame_navigation_observer.h"
 #include "content/public/test/test_navigation_observer.h"
 #include "content/public/test/test_utils.h"
 #include "content/test/content_browser_test_utils_internal.h"
-#include "content/test/test_frame_navigation_observer.h"
 #include "ipc/ipc.mojom.h"
 #include "ipc/ipc_security_test_util.h"
 #include "net/dns/mock_host_resolver.h"
 #include "net/test/embedded_test_server/embedded_test_server.h"
 #include "testing/gtest/include/gtest/gtest.h"
 #include "third_party/WebKit/public/platform/WebInsecureRequestPolicy.h"
 #include "third_party/WebKit/public/web/WebInputEvent.h"
 #include "third_party/WebKit/public/web/WebSandboxFlags.h"
 #include "ui/display/display_switches.h"
 #include "ui/display/screen.h"
@@ skipping 1849 matching lines @@
       "Where A = http://a.com/\n"
       "      D = http://f00.com/",
       DepictFrameTree(root));
 
   // Navigate the iframe itself to about:blank using a script executing in its
   // own context. It should stay in the same SiteInstance as before, not the
   // parent one.
   std::string script(
       "window.domAutomationController.send("
       "window.location.href = 'about:blank');");
-  TestFrameNavigationObserver frame_observer(child);
+  TestFrameNavigationObserver frame_observer(child->current_frame_host());
   EXPECT_TRUE(ExecuteScript(child, script));
   frame_observer.Wait();
   EXPECT_EQ(about_blank_url, child->current_url());
 
   // Ensure that we have navigated using the top level process.
   EXPECT_EQ(
       " Site A ------------ proxies for D\n"
       "   |--Site D ------- proxies for A\n"
       "   +--Site A ------- proxies for D\n"
       "        +--Site A -- proxies for D\n"
@@ skipping 949 matching lines @@
   // proxies to have been created in the frame tree, but children of the
   // navigating frame to still be present. The reason is that we don't run the
   // message loop, so no IPCs that alter the frame tree can be processed.
   FrameTreeNode* child = root->child_at(1);
   SiteInstance* site = NULL;
   bool browser_side_navigation = IsBrowserSideNavigationEnabled();
   std::string cross_site_rfh_type =
       browser_side_navigation ? "speculative" : "pending";
   {
     TestNavigationObserver observer(shell()->web_contents());
-    TestFrameNavigationObserver navigation_observer(child);
+    TestFrameNavigationObserver navigation_observer(
+        child->current_frame_host());
     NavigationController::LoadURLParams params(cross_site_url);
     params.transition_type = PageTransitionFromInt(ui::PAGE_TRANSITION_LINK);
     params.frame_tree_node_id = child->frame_tree_node_id();
     child->navigator()->GetController()->LoadURLWithParams(params);
 
     if (browser_side_navigation) {
       site = child->render_manager()
                  ->speculative_frame_host()
                  ->GetSiteInstance();
     } else {
@@ skipping 32 matching lines @@
   // Load another cross-site page into the same iframe.
   cross_site_url = embedded_test_server()->GetURL("bar.com", "/title3.html");
   {
     // Perform the same checks as the first cross-site navigation, since
     // there have been issues in subsequent cross-site navigations. Also ensure
     // that the SiteInstance has properly changed.
     // TODO(nasko): Once we have proper cleanup of resources, add code to
     // verify that the intermediate SiteInstance/RenderFrameHost have been
     // properly cleaned up.
     TestNavigationObserver observer(shell()->web_contents());
-    TestFrameNavigationObserver navigation_observer(child);
+    TestFrameNavigationObserver navigation_observer(
+        child->current_frame_host());
     NavigationController::LoadURLParams params(cross_site_url);
     params.transition_type = PageTransitionFromInt(ui::PAGE_TRANSITION_LINK);
     params.frame_tree_node_id = child->frame_tree_node_id();
     child->navigator()->GetController()->LoadURLWithParams(params);
 
     SiteInstance* site2;
     if (browser_side_navigation) {
       site2 = child->render_manager()
                   ->speculative_frame_host()
                   ->GetSiteInstance();
@@ skipping 653 matching lines @@
   // per blink::parseSandboxPolicy().
   blink::WebSandboxFlags expected_flags =
       blink::WebSandboxFlags::All & ~blink::WebSandboxFlags::Scripts &
       ~blink::WebSandboxFlags::AutomaticFeatures;
   EXPECT_EQ(expected_flags, root->child_at(0)->pending_sandbox_flags());
   EXPECT_EQ(blink::WebSandboxFlags::None,
             root->child_at(0)->effective_sandbox_flags());
 
   // Perform a renderer-initiated same-site navigation in the first frame. The
   // new sandbox flags should take effect.
-  TestFrameNavigationObserver frame_observer(root->child_at(0));
+  TestFrameNavigationObserver frame_observer(
+      root->child_at(0)->current_frame_host());
   ASSERT_TRUE(
       ExecuteScript(root->child_at(0), "window.location.href='/title2.html'"));
   frame_observer.Wait();
   EXPECT_EQ(embedded_test_server()->GetURL("baz.com", "/title2.html"),
             root->child_at(0)->current_url());
 
   // Confirm that the browser process has updated the frame's current sandbox
   // flags.
   EXPECT_EQ(expected_flags, root->child_at(0)->pending_sandbox_flags());
   EXPECT_EQ(expected_flags, root->child_at(0)->effective_sandbox_flags());
@@ skipping 46 matching lines @@
   // the new sandboxed local frame, its child (while it's still local), and a
   // pending RFH when starting the cross-site navigation to baz.com.
   RenderFrameHostCreatedObserver frame_observer(shell()->web_contents(), 3);
   EXPECT_TRUE(ExecuteScript(root,
                             "addFrame('/frame_tree/page_with_one_frame.html',"
                             "         'allow-scripts allow-same-origin'))"));
   frame_observer.Wait();
 
   // Wait for the cross-site navigation to baz.com in the grandchild to finish.
   FrameTreeNode* bottom_child = root->child_at(1)->child_at(0);
-  TestFrameNavigationObserver navigation_observer(bottom_child);
+  TestFrameNavigationObserver navigation_observer(
+      bottom_child->current_frame_host());
   navigation_observer.Wait();
 
   EXPECT_EQ(
       " Site A ------------ proxies for B\n"
       "   |--Site B ------- proxies for A\n"
       "   +--Site A ------- proxies for B\n"
       "        +--Site B -- proxies for A\n"
       "Where A = http://127.0.0.1/\n"
       "      B = http://baz.com/",
       DepictFrameTree(root));
@@ skipping 102 matching lines @@
                                   "    frames['updated-name'] == frames[0]);",
                                   &success));
   EXPECT_TRUE(success);
 
   // Issue a renderer-initiated navigation from the root frame to the child
   // frame using the frame's name. Make sure correct frame is navigated.
   //
   // TODO(alexmos): When blink::createWindow is refactored to handle
   // RemoteFrames, this should also be tested via window.open(url, frame_name)
   // and a more complicated frame hierarchy (https://crbug.com/463742)
-  TestFrameNavigationObserver frame_observer(root->child_at(0));
+  TestFrameNavigationObserver frame_observer(
+      root->child_at(0)->current_frame_host());
   GURL foo_url(embedded_test_server()->GetURL("foo.com", "/title1.html"));
   EXPECT_TRUE(ExecuteScript(
       shell(),
       base::StringPrintf("frames['updated-name'].location.href = '%s';",
                          foo_url.spec().c_str())));
   frame_observer.Wait();
   EXPECT_EQ(foo_url, root->child_at(0)->current_url());
 }
 
 // Verify that when a frame is navigated to a new origin, the origin update
@@ skipping 997 matching lines @@
   // Install a BrowserMessageFilter to drop SwapOut ACK messages in A's
   // process.
   scoped_refptr<SwapoutACKMessageFilter> filter = new SwapoutACKMessageFilter();
   rfh->GetProcess()->AddFilter(filter.get());
   rfh->DisableSwapOutTimerForTesting();
 
   // Navigate to B.  This must wait for DidCommitProvisionalLoad and not
   // DidStopLoading, so that the SwapOut timer doesn't call OnSwappedOut and
   // destroy |rfh| and |rvh| before they are checked in the test.
   GURL b_url(embedded_test_server()->GetURL("b.com", "/title2.html"));
-  TestFrameNavigationObserver commit_observer(root);
+  TestFrameNavigationObserver commit_observer(root->current_frame_host());
   shell()->LoadURL(b_url);
   commit_observer.WaitForCommit();
   EXPECT_FALSE(deleted_observer.deleted());
 
   // Since the SwapOut ACK for A->B is dropped, the first page's
   // RenderFrameHost should be pending deletion after the last navigation.
   EXPECT_FALSE(rfh->is_active());
 
   // Wait for process A to exit so we can reinitialize it cleanly for the next
   // navigation.  Since process A doesn't have any active views, it will
@@ skipping 1598 matching lines @@
   EXPECT_EQ(blink::WebSandboxFlags::None, child->effective_sandbox_flags());
 
   // Add a new grandchild frame and navigate it cross-site.
   RenderFrameHostCreatedObserver frame_observer(shell()->web_contents(), 1);
   EXPECT_TRUE(ExecuteScript(
       child, "document.body.appendChild(document.createElement('iframe'));"));
   frame_observer.Wait();
 
   FrameTreeNode* grandchild = child->child_at(0);
   GURL frame_url(embedded_test_server()->GetURL("b.com", "/title1.html"));
-  TestFrameNavigationObserver navigation_observer(grandchild);
+  TestFrameNavigationObserver navigation_observer(
+      grandchild->current_frame_host());
   NavigateFrameToURL(grandchild, frame_url);
   navigation_observer.Wait();
 
   // Since the update flags haven't yet taken effect in its parent, this
   // grandchild frame should not be sandboxed.
   EXPECT_EQ(blink::WebSandboxFlags::None, grandchild->pending_sandbox_flags());
   EXPECT_EQ(blink::WebSandboxFlags::None,
             grandchild->effective_sandbox_flags());
 
   // Check that the grandchild frame isn't sandboxed on the renderer side.  If
@@ skipping 22 matching lines @@
   // WebSandboxFlags::Scripts and WebSandboxFlags::AutomaticFeatures bits per
   // blink::parseSandboxPolicy().
   blink::WebSandboxFlags expected_flags =
       blink::WebSandboxFlags::All & ~blink::WebSandboxFlags::Scripts &
       ~blink::WebSandboxFlags::AutomaticFeatures &
       ~blink::WebSandboxFlags::Popups;
   EXPECT_EQ(expected_flags, root->child_at(0)->pending_sandbox_flags());
 
   // Navigate child frame cross-site.  The sandbox flags should take effect.
   GURL frame_url(embedded_test_server()->GetURL("b.com", "/title1.html"));
-  TestFrameNavigationObserver frame_observer(root->child_at(0));
+  TestFrameNavigationObserver frame_observer(
+      root->child_at(0)->current_frame_host());
   NavigateFrameToURL(root->child_at(0), frame_url);
   frame_observer.Wait();
   EXPECT_EQ(expected_flags, root->child_at(0)->effective_sandbox_flags());
 
   // Verify that they've also taken effect on the renderer side.  The sandboxed
   // frame's origin should be unique.
   EXPECT_EQ("null", GetDocumentOrigin(root->child_at(0)));
 
   // Open a popup named "foo" from the sandboxed child frame.
   Shell* foo_shell =
       OpenPopup(root->child_at(0), GURL(url::kAboutBlankURL), "foo");
   EXPECT_TRUE(foo_shell);
 
   FrameTreeNode* foo_root =
       static_cast<WebContentsImpl*>(foo_shell->web_contents())
           ->GetFrameTree()
           ->root();
 
   // Check that the sandbox flags for new popup are correct in the browser
   // process.
   EXPECT_EQ(expected_flags, foo_root->effective_sandbox_flags());
 
   // The popup's origin should be unique, since it's sandboxed.
   EXPECT_EQ("null", GetDocumentOrigin(foo_root));
 
   // Navigate the popup cross-site.  This should keep the unique origin and the
   // inherited sandbox flags.
   GURL c_url(embedded_test_server()->GetURL("c.com", "/title1.html"));
-  TestFrameNavigationObserver popup_observer(foo_root);
+  TestFrameNavigationObserver popup_observer(foo_root->current_frame_host());
   EXPECT_TRUE(
       ExecuteScript(foo_root, "location.href = '" + c_url.spec() + "';"));
   popup_observer.Wait();
   EXPECT_EQ(c_url, foo_shell->web_contents()->GetLastCommittedURL());
 
   // Confirm that the popup is still sandboxed, both on browser and renderer
   // sides.
   EXPECT_EQ(expected_flags, foo_root->effective_sandbox_flags());
   EXPECT_EQ("null", GetDocumentOrigin(foo_root));
 }
@@ skipping 22 matching lines @@
   // per blink::parseSandboxPolicy().
   blink::WebSandboxFlags expected_flags =
       blink::WebSandboxFlags::All & ~blink::WebSandboxFlags::Scripts &
       ~blink::WebSandboxFlags::AutomaticFeatures &
       ~blink::WebSandboxFlags::Popups &
       ~blink::WebSandboxFlags::PropagatesToAuxiliaryBrowsingContexts;
   EXPECT_EQ(expected_flags, root->child_at(0)->pending_sandbox_flags());
 
   // Navigate child frame cross-site.  The sandbox flags should take effect.
   GURL frame_url(embedded_test_server()->GetURL("b.com", "/title1.html"));
-  TestFrameNavigationObserver frame_observer(root->child_at(0));
+  TestFrameNavigationObserver frame_observer(
+      root->child_at(0)->current_frame_host());
   NavigateFrameToURL(root->child_at(0), frame_url);
   frame_observer.Wait();
   EXPECT_EQ(expected_flags, root->child_at(0)->effective_sandbox_flags());
 
   // Open a cross-site popup named "foo" from the child frame.
   GURL b_url(embedded_test_server()->GetURL("c.com", "/title1.html"));
   Shell* foo_shell = OpenPopup(root->child_at(0), b_url, "foo");
   EXPECT_TRUE(foo_shell);
 
   FrameTreeNode* foo_root =
@@ skipping 559 matching lines @@
   GURL b_url(embedded_test_server()->GetURL("b.com", "/title1.html"));
   std::string script = base::StringPrintf(
       "window.domAutomationController.send("
       "parent.location = '%s');",
       b_url.spec().c_str());
 
   // Ensure the child has received a user gesture, so that it has permission
   // to framebust.
   SimulateMouseClick(
       root->child_at(0)->current_frame_host()->GetRenderWidgetHost(), 1, 1);
-  TestFrameNavigationObserver frame_observer(root);
+  TestFrameNavigationObserver frame_observer(root->current_frame_host());
   EXPECT_TRUE(ExecuteScript(root->child_at(0), script));
   frame_observer.Wait();
   EXPECT_EQ(b_url, root->current_url());
 
   // Verify that the same RenderViewHost is preserved and that it is no longer
   // in swapped out state.
   EXPECT_EQ(rvh, contents->GetFrameTree()->GetRenderViewHost(
                      root->current_frame_host()->GetSiteInstance()));
   EXPECT_FALSE(rvh->is_swapped_out_);
 }
@@ skipping 146 matching lines @@
   GURL cross_site_url(embedded_test_server()->GetURL("c.com", "/title1.html"));
   NavigateFrameToURL(child, cross_site_url);
   EXPECT_TRUE(observer.last_navigation_succeeded());
   EXPECT_EQ(cross_site_url, observer.last_navigation_url());
   EXPECT_EQ(3, web_contents()->GetController().GetEntryCount());
   EXPECT_NE(orig_site_instance, child->current_frame_host()->GetSiteInstance());
 
   // Go back and ensure the data: URL committed in the same SiteInstance as the
   // original navigation.
   EXPECT_TRUE(web_contents()->GetController().CanGoBack());
-  TestFrameNavigationObserver frame_observer(child);
+  TestFrameNavigationObserver frame_observer(child->current_frame_host());
   web_contents()->GetController().GoBack();
   frame_observer.WaitForCommit();
   EXPECT_EQ(orig_site_instance, child->current_frame_host()->GetSiteInstance());
 }
 
 // Ensures that navigating to about:blank URLs present in session history will
 // correctly commit the navigation in the same process as the one used for
 // the original navigation.
 IN_PROC_BROWSER_TEST_F(SitePerProcessBrowserTest,
                        NavigateSubframeToAboutBlankInSessionHistory) {
@@ skipping 27 matching lines @@
   GURL cross_site_url(embedded_test_server()->GetURL("c.com", "/title1.html"));
   NavigateFrameToURL(child, cross_site_url);
   EXPECT_TRUE(observer.last_navigation_succeeded());
   EXPECT_EQ(cross_site_url, observer.last_navigation_url());
   EXPECT_EQ(3, web_contents()->GetController().GetEntryCount());
   EXPECT_NE(orig_site_instance, child->current_frame_host()->GetSiteInstance());
 
   // Go back and ensure the about:blank URL committed in the same SiteInstance
   // as the original navigation.
   EXPECT_TRUE(web_contents()->GetController().CanGoBack());
-  TestFrameNavigationObserver frame_observer(child);
+  TestFrameNavigationObserver frame_observer(child->current_frame_host());
   web_contents()->GetController().GoBack();
   frame_observer.WaitForCommit();
   EXPECT_EQ(orig_site_instance, child->current_frame_host()->GetSiteInstance());
 }
 
 // Tests that there are no crashes if a subframe is detached in its unload
 // handler. See https://crbug.com/590054.
 IN_PROC_BROWSER_TEST_F(SitePerProcessBrowserTest, DetachInUnloadHandler) {
   GURL main_url(embedded_test_server()->GetURL(
       "a.com", "/cross_site_iframe_factory.html?a(b(b))"));
@@ skipping 865 matching lines @@
   // Install a filter to drop DispatchLoad messages from b.com.
   scoped_refptr<DispatchLoadMessageFilter> filter =
       new DispatchLoadMessageFilter();
   RenderProcessHost* b_process =
       popup_shell->web_contents()->GetMainFrame()->GetProcess();
   b_process->AddFilter(filter.get());
 
   // Navigate subframe to b.com.  Wait for commit but not full load.
   GURL b_url(embedded_test_server()->GetURL("b.com", "/title2.html"));
   {
-    TestFrameNavigationObserver commit_observer(child);
+    TestFrameNavigationObserver commit_observer(child->current_frame_host());
     EXPECT_TRUE(
         ExecuteScript(child, "location.href = '" + b_url.spec() + "';"));
     commit_observer.WaitForCommit();
   }
   RenderFrameHostImpl* child_rfh = child->current_frame_host();
   child_rfh->DisableSwapOutTimerForTesting();
 
   // At this point, the subframe should have a proxy in its parent's
   // SiteInstance, a.com.
   EXPECT_TRUE(child->render_manager()->GetProxyToParent());
 
   // Now, go back to a.com in the subframe and wait for commit.
   {
-    TestFrameNavigationObserver commit_observer(child);
+    TestFrameNavigationObserver commit_observer(child->current_frame_host());
     web_contents()->GetController().GoBack();
     commit_observer.WaitForCommit();
   }
 
   // At this point, the subframe's old RFH for b.com should be pending
   // deletion, and the subframe's proxy in a.com should've been cleared.
   EXPECT_FALSE(child_rfh->is_active());
   EXPECT_FALSE(child->render_manager()->GetProxyToParent());
 
   // Simulate that the load event is dispatched from |child_rfh| just after
@@ skipping 276 matching lines @@
   EXPECT_TRUE(NavigateToURL(shell(), b_url));
 
   base::string16 expected_title(base::UTF8ToUTF16("foo"));
   TitleWatcher title_watcher(popup2->web_contents(), expected_title);
   EXPECT_TRUE(ExecuteScript(
       shell(), "window.open('','popup2').postMessage('foo', '*');"));
   EXPECT_EQ(expected_title, title_watcher.WaitAndGetTitle());
 }
 
 }  // namespace content