Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(956)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: content/browser/site_per_process_browsertest.cc

Issue 2636193003: Fix cross-site subframe navigations that transfer back to original RFH. (Closed)
Patch Set: Try #3 Created 3 years, 11 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« content/browser/frame_host/render_frame_host_manager.cc ('K') | « content/browser/frame_host/render_frame_host_manager.cc ('k') | no next file » | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: content/browser/site_per_process_browsertest.cc
diff --git a/content/browser/site_per_process_browsertest.cc b/content/browser/site_per_process_browsertest.cc
index 6d46c964d69ff75e7f170472fe16f3bc39ec8c09..06f54e17da82607a9370f8aa5964c94558090746 100644
--- a/content/browser/site_per_process_browsertest.cc
+++ b/content/browser/site_per_process_browsertest.cc
@@ -9098,4 +9098,39 @@ IN_PROC_BROWSER_TEST_F(SitePerProcessBrowserTest,
FrameHostMsg_ContextMenu(rfh->GetRoutingID(), ContextMenuParams()));
}
+// Test that an OOPIF at b.com can navigate to a cross-site a.com URL that
+// transfers back to b.com. See https://crbug.com/681077#c10 and
+// https://crbug.com/660407.
+IN_PROC_BROWSER_TEST_F(SitePerProcessBrowserTest,
+ SubframeTransfersToCurrentRFH) {
+ GURL main_url(embedded_test_server()->GetURL(
+ "a.com", "/cross_site_iframe_factory.html?a(b)"));
+ ASSERT_TRUE(NavigateToURL(shell(), main_url));
+
+ FrameTreeNode* root = static_cast<WebContentsImpl*>(shell()->web_contents())
+ ->GetFrameTree()
+ ->root();
+ scoped_refptr<SiteInstanceImpl> b_site_instance =
+ root->child_at(0)->current_frame_host()->GetSiteInstance();
+
+ // Navigate subframe to a URL that will redirect from a.com back to b.com.
+ // This navigation shouldn't time out. Also ensure that the pending RFH
+ // that was created for a.com is destroyed.
+ GURL frame_url(
+ embedded_test_server()->GetURL("a.com", "/cross-site/b.com/title2.html"));
+ NavigateIframeToURL(shell()->web_contents(), "child-0", frame_url);
+ EXPECT_FALSE(root->child_at(0)->render_manager()->pending_frame_host());
+ GURL redirected_url(embedded_test_server()->GetURL("b.com", "/title2.html"));
+ EXPECT_EQ(root->child_at(0)->current_url(), redirected_url);
+ EXPECT_EQ(b_site_instance,
+ root->child_at(0)->current_frame_host()->GetSiteInstance());
+
+ // Try the same navigation, but use the browser-initiated path.
+ NavigateFrameToURL(root->child_at(0), frame_url);
+ EXPECT_FALSE(root->child_at(0)->render_manager()->pending_frame_host());
+ EXPECT_EQ(root->child_at(0)->current_url(), redirected_url);
+ EXPECT_EQ(b_site_instance,
+ root->child_at(0)->current_frame_host()->GetSiteInstance());
+}
+
} // namespace content
« content/browser/frame_host/render_frame_host_manager.cc ('K') | « content/browser/frame_host/render_frame_host_manager.cc ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698