Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(47)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: content/browser/frame_host/render_frame_host_manager.cc

Issue 2845223002: Fix transfers for data URLs with plugin mime types. (Closed)
Patch Set: Created 3 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « no previous file | third_party/WebKit/LayoutTests/FlagExpectations/site-per-process » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: content/browser/frame_host/render_frame_host_manager.cc
diff --git a/content/browser/frame_host/render_frame_host_manager.cc b/content/browser/frame_host/render_frame_host_manager.cc
index 120595fdc6b3502fbafe42db51e4a9b992e8c1f9..1bbf60fac4e17546ff7a3d4a888a3c22bd468fc4 100644
--- a/content/browser/frame_host/render_frame_host_manager.cc
+++ b/content/browser/frame_host/render_frame_host_manager.cc
@@ -2327,6 +2327,13 @@ RenderFrameHostImpl* RenderFrameHostManager::UpdateStateForNavigate(
dest_url, source_instance, dest_instance, nullptr, transition,
dest_is_restore, dest_is_view_source_mode, was_server_redirect);
+ // Note: Do not add code here to determine whether the subframe should swap
+ // or not. Add it to CanSubframeSwapProcess instead.
+ bool allowed_to_swap_process =
+ frame_tree_node_->IsMainFrame() ||
+ CanSubframeSwapProcess(dest_url, source_instance, dest_instance,
+ was_server_redirect);
+
// Inform the transferring NavigationHandle of a transfer to a different
// SiteInstance. It is important do so now, in order to mark the request as
// transferring on the IO thread before attempting to destroy the pending RFH.
@@ -2334,11 +2341,22 @@ RenderFrameHostImpl* RenderFrameHostManager::UpdateStateForNavigate(
// RFH but will persist until it is picked up by the new RFH.
if (transfer_navigation_handle_.get() &&
transfer_navigation_handle_->GetGlobalRequestID() ==
- transferred_request_id &&
- new_instance.get() !=
- transfer_navigation_handle_->GetRenderFrameHost()
- ->GetSiteInstance()) {
- transfer_navigation_handle_->Transfer();
+ transferred_request_id) {
+ // The transfer is needed when switching to a new SiteInstance. One
+ // exception is if the process swap is not allowed and the transfer started
+ // in the current RFH, the navigation will stay in the current RFH (even
+ // when there is a new SiteInstance), so avoid calling Transfer() on it.
+ // This matters for some renderer-initiated data URLs navigations, see
+ // https://crbug.com/697513.
+ RenderFrameHostImpl* transferring_rfh =
+ transfer_navigation_handle_->GetRenderFrameHost();
+ bool transfer_started_from_current_rfh =
+ transferring_rfh == render_frame_host_.get();
+ bool should_transfer =
+ new_instance.get() != transferring_rfh->GetSiteInstance() &&
+ (!transfer_started_from_current_rfh || allowed_to_swap_process);
+ if (should_transfer)
+ transfer_navigation_handle_->Transfer();
}
// If we are currently navigating cross-process to a pending RFH for a
@@ -2355,13 +2373,6 @@ RenderFrameHostImpl* RenderFrameHostManager::UpdateStateForNavigate(
}
}
- // Note: Do not add code here to determine whether the subframe should swap
- // or not. Add it to CanSubframeSwapProcess instead.
- bool allowed_to_swap_process =
- frame_tree_node_->IsMainFrame() ||
- CanSubframeSwapProcess(dest_url, source_instance, dest_instance,
- was_server_redirect);
-
if (new_instance.get() != current_instance && allowed_to_swap_process) {
TRACE_EVENT_INSTANT2(
"navigation",
« no previous file with comments | « no previous file | third_party/WebKit/LayoutTests/FlagExpectations/site-per-process » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698