Perform navigation policy check on UI thread for --site-per-process.

content/browser/loader/cross_site_resource_handler.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "content/browser/loader/cross_site_resource_handler.h"
 
 #include <string>
 
 #include "base/bind.h"
 #include "base/command_line.h"
@@ skipping 66 matching lines @@
         params.global_request_id, cross_site_transferring_request.Pass(),
         params.transfer_url_chain, params.referrer,
         params.page_transition, params.should_replace_current_entry);
   } else if (leak_requests_for_testing_ && cross_site_transferring_request) {
     // Some unit tests expect requests to be leaked in this case, so they can
     // pass them along manually.
     cross_site_transferring_request->ReleaseRequest();
   }
 }
 
+bool CheckNavigationPolicyOnUI(GURL url, int process_id, int render_frame_id) {
+  RenderFrameHostImpl* rfh =
+      RenderFrameHostImpl::FromID(process_id, render_frame_id);
+  if (!rfh)
+    return false;
+
+  // TODO(nasko): This check is very simplistic and is used temporarily only
+  // for --site-per-process. It should be updated to match the check performed
+  // by RenderFrameHostManager::UpdateRendererStateForNavigate.
+  return !SiteInstance::IsSameWebSite(
+      rfh->GetSiteInstance()->GetBrowserContext(),
+      rfh->GetSiteInstance()->GetSiteURL(), url);
+}
+
 }  // namespace
 
 CrossSiteResourceHandler::CrossSiteResourceHandler(
     scoped_ptr<ResourceHandler> next_handler,
     net::URLRequest* request)
     : LayeredResourceHandler(request, next_handler.Pass()),
       has_started_response_(false),
       in_cross_site_transition_(false),
       completed_during_transition_(false),
-      did_defer_(false) {
+      did_defer_(false),
+      weak_ptr_factory_(this) {
 }
 
 CrossSiteResourceHandler::~CrossSiteResourceHandler() {
   // Cleanup back-pointer stored on the request info.
   GetRequestInfo()->set_cross_site_handler(NULL);
 }
 
 bool CrossSiteResourceHandler::OnRequestRedirected(
     int request_id,
     const GURL& new_url,
@@ skipping 20 matching lines @@
 
   // We will need to swap processes if either (1) a redirect that requires a
   // transfer occurred before we got here, or (2) a pending cross-site request
   // was already in progress.  Note that a swap may no longer be needed if we
   // transferred back into the original process due to a redirect.
   bool should_transfer =
       GetContentClient()->browser()->ShouldSwapProcessesForRedirect(
           info->GetContext(), request()->original_url(), request()->url());
 
   // When the --site-per-process flag is passed, we transfer processes for
-  // cross-site subframe navigations.
-  if (CommandLine::ForCurrentProcess()->HasSwitch(switches::kSitePerProcess)) {
-    GURL referrer(request()->referrer());
-    // We skip this for WebUI processes for now, since pages like the NTP host
-    // cross-site WebUI iframes but don't have referrers.
-    bool is_webui_process = ChildProcessSecurityPolicyImpl::GetInstance()->
-        HasWebUIBindings(info->GetChildID());
-
-    // TODO(creis): This shouldn't rely on the referrer to determine the parent
-    // frame's URL.  This also doesn't work for hosted apps, due to passing NULL
-    // to IsSameWebSite.  It should be possible to always send the navigation to
-    // the UI thread to make a policy decision, which could let us eliminate the
-    // renderer-side check in RenderViewImpl::decidePolicyForNavigation as well.
-    if (info->GetResourceType() == ResourceType::SUB_FRAME &&
-        !is_webui_process &&
-        !SiteInstance::IsSameWebSite(NULL, request()->url(), referrer)) {
-      should_transfer = true;
-    }
+  // cross-site navigations. This is skipped if a transfer is already required
+  // or for WebUI processes for now, since pages like the NTP host multiple
+  // cross-site WebUI iframes.
+  if (!should_transfer &&
+      CommandLine::ForCurrentProcess()->HasSwitch(switches::kSitePerProcess) &&
+      !ChildProcessSecurityPolicyImpl::GetInstance()->HasWebUIBindings(
+          info->GetChildID())) {
+    return DeferForNavigationPolicyCheck(info, response, defer);
   }
 
   bool swap_needed = should_transfer ||
       CrossSiteRequestManager::GetInstance()->
           HasPendingCrossSiteRequest(info->GetChildID(), info->GetRouteID());
 
   // If this is a download, just pass the response through without doing a
   // cross-site check.  The renderer will see it is a download and abort the
   // request.
   //
@@ skipping 18 matching lines @@
   // pause to let the UI thread run the unload handler of the previous page
   // and set up a transfer if needed.
   StartCrossSiteTransition(request_id, response, should_transfer);
 
   // Defer loading until after the onunload event handler has run.
   *defer = true;
   OnDidDefer();
   return true;
 }
 
+void CrossSiteResourceHandler::ResumeOrTransfer(bool is_transfer) {
+  if (is_transfer) {
+    ResourceRequestInfoImpl* info = GetRequestInfo();
+    StartCrossSiteTransition(info->GetRequestID(), response_, is_transfer);
+  } else {
+    ResumeResponse();
+  }
+}
+
 bool CrossSiteResourceHandler::OnReadCompleted(int request_id,
                                                int bytes_read,
                                                bool* defer) {
   CHECK(!in_cross_site_transition_);
   return next_handler_->OnReadCompleted(request_id, bytes_read, defer);
 }
 
 void CrossSiteResourceHandler::OnResponseCompleted(
     int request_id,
     const net::URLRequestStatus& status,
@@ skipping 28 matching lines @@
   // Defer to tell RDH not to notify the world or clean up the pending request.
   // We will do so in ResumeResponse.
   *defer = true;
   OnDidDefer();
 }
 
 // We can now send the response to the new renderer, which will cause
 // WebContentsImpl to swap in the new renderer and destroy the old one.
 void CrossSiteResourceHandler::ResumeResponse() {
   DCHECK(request());
-  DCHECK(in_cross_site_transition_);
   in_cross_site_transition_ = false;
   ResourceRequestInfoImpl* info = GetRequestInfo();
 
   if (has_started_response_) {
     // Send OnResponseStarted to the new renderer.
     DCHECK(response_);
     bool defer = false;
     if (!next_handler_->OnResponseStarted(info->GetRequestID(), response_.get(),
                                           &defer)) {
       controller()->Cancel();
@@ skipping 67 matching lines @@
           &OnCrossSiteResponseHelper,
           CrossSiteResponseParams(render_frame_id,
                                   global_id,
                                   should_transfer,
                                   transfer_url_chain,
                                   referrer,
                                   info->GetPageTransition(),
                                   info->should_replace_current_entry())));
 }
 
+bool CrossSiteResourceHandler::DeferForNavigationPolicyCheck(
+    ResourceRequestInfoImpl* info,
+    ResourceResponse* response,
+    bool* defer) {
+  // Store the response_ object internally, since the navigation is deferred
+  // regardless of whether it will be a transfer or not.
+  response_ = response;
+
+  // Always defer the navigation to the UI thread to make a policy decision.
+  // It will send the result back to the IO thread to either resume or
+  // transfer it to a new renderer.
+  // TODO(nasko): If the UI thread result is that transfer is required, the
+  // IO thread will defer to the UI thread again through
+  // StartCrossSiteTransition. This is unnecessary and the policy check on the
+  // UI thread should be refactored to avoid the extra hop.
+  BrowserThread::PostTaskAndReplyWithResult(
+      BrowserThread::UI,
+      FROM_HERE,
+      base::Bind(&CheckNavigationPolicyOnUI,
+                 request()->url(),
+                 info->GetChildID(),
+                 info->GetRenderFrameID()),
+      base::Bind(&CrossSiteResourceHandler::ResumeOrTransfer,
+                 weak_ptr_factory_.GetWeakPtr()));
+
+  // Defer loading until it is known whether the navigation will transfer
+  // to a new process or continue in the existing one.
+  *defer = true;
+  OnDidDefer();
+  return true;
+}
+
 void CrossSiteResourceHandler::ResumeIfDeferred() {
   if (did_defer_) {
     request()->LogUnblocked();
     did_defer_ = false;
     controller()->Resume();
   }
 }
 
 void CrossSiteResourceHandler::OnDidDefer() {
   did_defer_ = true;
   request()->LogBlockedBy("CrossSiteResourceHandler");
 }
 
 }  // namespace content