Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(738)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: content/browser/frame_host/render_frame_host_manager.cc

Issue 2619123002: Fix remote-to-local navigations in crashed subframes. (Closed)
Patch Set: Charlie's comments Created 3 years, 11 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « no previous file | content/browser/site_per_process_browsertest.cc » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: content/browser/frame_host/render_frame_host_manager.cc
diff --git a/content/browser/frame_host/render_frame_host_manager.cc b/content/browser/frame_host/render_frame_host_manager.cc
index 6c55b6225e957b368f6288a9b47062fa286de7a0..bf211e5ff4d0ee39346657ac2190d729148be576 100644
--- a/content/browser/frame_host/render_frame_host_manager.cc
+++ b/content/browser/frame_host/render_frame_host_manager.cc
@@ -873,6 +873,18 @@ RenderFrameHostImpl* RenderFrameHostManager::GetFrameHostForNavigation(
// complete. Just switch to the speculative RFH now and go back to normal.
// (Note that we don't care about on{before}unload handlers if the current
// RFH isn't live.)
+ //
+ // If the corresponding RenderFrame is currently associated with a proxy,
+ // send a SwapIn message to ensure that the RenderFrame swaps into the
+ // frame tree and replaces that proxy on the renderer side. Normally
+ // this happens at navigation commit time, but in this case this must be
+ // done earlier to keep browser and renderer state in sync. This is
+ // important to do before CommitPending(), which destroys the
+ // corresponding proxy. See https://crbug.com/487872.
+ if (GetRenderFrameProxyHost(dest_site_instance.get())) {
+ navigation_rfh->Send(
+ new FrameMsg_SwapIn(navigation_rfh->GetRoutingID()));
+ }
CommitPending();
// Notify the WebUI about the new RenderFrame if needed (the newly
@@ -2362,6 +2374,18 @@ RenderFrameHostImpl* RenderFrameHostManager::UpdateStateForNavigate(
// navigate. Just switch to the pending RFH now and go back to normal.
// (Note that we don't care about on{before}unload handlers if the current
// RFH isn't live.)
+ //
+ // If the corresponding RenderFrame is currently associated with a proxy,
+ // send a SwapIn message to ensure that the RenderFrame swaps into the
+ // frame tree and replaces that proxy on the renderer side. Normally
+ // this happens at navigation commit time, but in this case this must be
+ // done earlier to keep browser and renderer state in sync. This is
+ // important to do before CommitPending(), which destroys the
+ // corresponding proxy. See https://crbug.com/487872.
+ if (GetRenderFrameProxyHost(new_instance.get())) {
+ pending_render_frame_host_->Send(
+ new FrameMsg_SwapIn(pending_render_frame_host_->GetRoutingID()));
+ }
CommitPending();
return render_frame_host_.get();
}
« no previous file with comments | « no previous file | content/browser/site_per_process_browsertest.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698