PlzNavigate: Fixes ChromeOS navigation to google drive files.

content/browser/frame_host/render_frame_host_impl.cc

Index: content/browser/frame_host/render_frame_host_impl.cc
diff --git a/content/browser/frame_host/render_frame_host_impl.cc b/content/browser/frame_host/render_frame_host_impl.cc
index cd3a864d50d0e1a705539d3bfec517dfd39ce22b..600bc3290107a7b6f145e5c38eedfe3331a7f7a6 100644
--- a/content/browser/frame_host/render_frame_host_impl.cc
+++ b/content/browser/frame_host/render_frame_host_impl.cc
@@ -3590,6 +3590,14 @@ void RenderFrameHostImpl::UpdatePermissionsForNavigation(
   if (!GetProcess()->IsForGuestsOnly()) {
     ChildProcessSecurityPolicyImpl::GetInstance()->GrantRequestURL(
         GetProcess()->GetID(), common_params.url);
+    // PlzNavigate: The browser have already navigated and some redirects may
+    // have occurred. Since https://crrev.com/2653953005, the navigation to the
+    // original url and all the redirects will be replayed in the renderer.
+    // That's why the access to the full chain of redirects must be granted.
+    // To be careful, only the access to the original one is granted for the
+    // moment as it solves https://crbug.com/717644.
+    ChildProcessSecurityPolicyImpl::GetInstance()->GrantRequestURL(
+        GetProcess()->GetID(), request_params.original_url);

[Charlie Reis, 2017/05/24 22:58:01]

Nick and I have some concerns about this.  The original_url is the URL before
all the redirects.  In the case of cross-site redirects that end up in a
different process than the original URL would have used, we should not be
granting access to the original URL to the new process.

(This may also be a way for a compromised renderer to sneak things into
GrantRequestURL if we don't have as many security checks on original_url as we
do on url.)

     if (common_params.url.SchemeIs(url::kDataScheme) &&
         !common_params.base_url_for_data_url.is_empty()) {
       // When there's a base URL specified for the data URL, we also need to