Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(204)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: content/browser/site_per_process_browsertest.cc

Issue 2636193003: Fix cross-site subframe navigations that transfer back to original RFH. (Closed)
Patch Set: Rebase Created 3 years, 10 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « content/browser/frame_host/render_frame_host_manager.cc ('k') | no next file » | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: content/browser/site_per_process_browsertest.cc
diff --git a/content/browser/site_per_process_browsertest.cc b/content/browser/site_per_process_browsertest.cc
index 2d497d51efd8ed557a2ea1fe36f9d511e8d52f15..2a89fe80209232bc83a4006d07f4be81294b499e 100644
--- a/content/browser/site_per_process_browsertest.cc
+++ b/content/browser/site_per_process_browsertest.cc
@@ -9549,4 +9549,39 @@ IN_PROC_BROWSER_TEST_F(SitePerProcessAndroidImeTest,
}
#endif // OS_ANDROID
+// Test that an OOPIF at b.com can navigate to a cross-site a.com URL that
+// transfers back to b.com. See https://crbug.com/681077#c10 and
+// https://crbug.com/660407.
+IN_PROC_BROWSER_TEST_F(SitePerProcessBrowserTest,
+ SubframeTransfersToCurrentRFH) {
+ GURL main_url(embedded_test_server()->GetURL(
+ "a.com", "/cross_site_iframe_factory.html?a(b)"));
+ ASSERT_TRUE(NavigateToURL(shell(), main_url));
+
+ FrameTreeNode* root = static_cast<WebContentsImpl*>(shell()->web_contents())
+ ->GetFrameTree()
+ ->root();
+ scoped_refptr<SiteInstanceImpl> b_site_instance =
+ root->child_at(0)->current_frame_host()->GetSiteInstance();
+
+ // Navigate subframe to a URL that will redirect from a.com back to b.com.
+ // This navigation shouldn't time out. Also ensure that the pending RFH
+ // that was created for a.com is destroyed.
+ GURL frame_url(
+ embedded_test_server()->GetURL("a.com", "/cross-site/b.com/title2.html"));
+ NavigateIframeToURL(shell()->web_contents(), "child-0", frame_url);
+ EXPECT_FALSE(root->child_at(0)->render_manager()->pending_frame_host());
+ GURL redirected_url(embedded_test_server()->GetURL("b.com", "/title2.html"));
+ EXPECT_EQ(root->child_at(0)->current_url(), redirected_url);
+ EXPECT_EQ(b_site_instance,
+ root->child_at(0)->current_frame_host()->GetSiteInstance());
+
+ // Try the same navigation, but use the browser-initiated path.
+ NavigateFrameToURL(root->child_at(0), frame_url);
+ EXPECT_FALSE(root->child_at(0)->render_manager()->pending_frame_host());
+ EXPECT_EQ(root->child_at(0)->current_url(), redirected_url);
+ EXPECT_EQ(b_site_instance,
+ root->child_at(0)->current_frame_host()->GetSiteInstance());
+}
+
} // namespace content
« no previous file with comments | « content/browser/frame_host/render_frame_host_manager.cc ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698