Skip self-referential frame checks for POST requests (Merge to M58).

Skip self-referential frame checks for POST requests (Merge to M58).

The improved self-referential frame blocking in r450728 broke sites
that rely on constructing frame hierarchies where frames are loaded
via POSTs with the same URLs.  To fix this, skip POST requests in
self-referential URL checks.

Note that this only checks whether the current request is a POST, not
whether the ancestor frames were also loaded via POSTs.  The only case
where the latter would matter is if we've got two ancestors frames at
a same URL, with one or both of them loaded via POST, and the current
frame is loading that same URL via GET, which seems very unlikely to
happen in practice.

BUG=710008
CQ_INCLUDE_TRYBOTS=master.tryserver.chromium.linux:linux_site_isolation

Review-Url: https://codereview.chromium.org/2814413003
Cr-Commit-Position: refs/heads/master@{#464556}
(cherry picked from commit e49d7dfd68361fcdd6b83bb696fc475276afae8f)

Review-Url: https://codereview.chromium.org/2815423003 .
Cr-Commit-Position: refs/branch-heads/3029@{#720}
Cr-Branched-From: 939b32ee5ba05c396eef3fd992822fcca9a2e262-refs/heads/master@{#454471}
Committed: https://chromium.googlesource.com/chromium/src/+/9302f10628d14eba1e0e8cf953813330b35f50c8

[alexmos, 2017-04-14 22:06:39]

Description was changed from

==========
Skip self-referential frame checks for POST requests (Merge to M58).

The improved self-referential frame blocking in r450728 broke sites
that rely on constructing frame hierarchies where frames are loaded
via POSTs with the same URLs.  To fix this, skip POST requests in
self-referential URL checks.

Note that this only checks whether the current request is a POST, not
whether the ancestor frames were also loaded via POSTs.  The only case
where the latter would matter is if we've got two ancestors frames at
a same URL, with one or both of them loaded via POST, and the current
frame is loading that same URL via GET, which seems very unlikely to
happen in practice.

BUG=710008
CQ_INCLUDE_TRYBOTS=master.tryserver.chromium.linux:linux_site_isolation

Review-Url: https://codereview.chromium.org/2814413003
Cr-Commit-Position: refs/heads/master@{#464556}
(cherry picked from commit e49d7dfd68361fcdd6b83bb696fc475276afae8f)
==========

to

==========
Skip self-referential frame checks for POST requests (Merge to M58).

The improved self-referential frame blocking in r450728 broke sites
that rely on constructing frame hierarchies where frames are loaded
via POSTs with the same URLs.  To fix this, skip POST requests in
self-referential URL checks.

Note that this only checks whether the current request is a POST, not
whether the ancestor frames were also loaded via POSTs.  The only case
where the latter would matter is if we've got two ancestors frames at
a same URL, with one or both of them loaded via POST, and the current
frame is loading that same URL via GET, which seems very unlikely to
happen in practice.

BUG=710008
CQ_INCLUDE_TRYBOTS=master.tryserver.chromium.linux:linux_site_isolation

Review-Url: https://codereview.chromium.org/2814413003
Cr-Commit-Position: refs/heads/master@{#464556}
(cherry picked from commit e49d7dfd68361fcdd6b83bb696fc475276afae8f)

Review-Url: https://codereview.chromium.org/2815423003 .
Cr-Commit-Position: refs/branch-heads/3029@{#720}
Cr-Branched-From:
939b32ee5ba05c396eef3fd992822fcca9a2e262-refs/heads/master@{#454471}
Committed:
https://chromium.googlesource.com/chromium/src/+/9302f10628d14eba1e0e8cf95381...
==========

[alexmos, 2017-04-14 22:06:40]

Committed patchset #1 (id:1) manually as
9302f10628d14eba1e0e8cf953813330b35f50c8.