Revert of Block redirects to renderer-debug urls.

content/browser/frame_host/navigation_request.cc

Index: content/browser/frame_host/navigation_request.cc
diff --git a/content/browser/frame_host/navigation_request.cc b/content/browser/frame_host/navigation_request.cc
index 3f90b96a9bfa2540ce09c2d590b72af8599adbea..ba72304cea3d0d934f5d8ff0de3e8b4413035f01 100644
--- a/content/browser/frame_host/navigation_request.cc
+++ b/content/browser/frame_host/navigation_request.cc
@@ -37,7 +37,6 @@
 #include "content/public/browser/storage_partition.h"
 #include "content/public/browser/stream_handle.h"
 #include "content/public/common/appcache_info.h"
-#include "content/public/common/child_process_host.h"
 #include "content/public/common/content_client.h"
 #include "content/public/common/origin_util.h"
 #include "content/public/common/request_context_type.h"
@@ -501,31 +500,6 @@
 void NavigationRequest::OnRequestRedirected(
     const net::RedirectInfo& redirect_info,
     const scoped_refptr<ResourceResponse>& response) {
-  if (!ChildProcessSecurityPolicyImpl::GetInstance()->CanRedirectToURL(
-          redirect_info.new_url)) {
-    DVLOG(1) << "Denied redirect for "
-             << redirect_info.new_url.possibly_invalid_spec();
-    // TODO(arthursonzogni): Consider switching to net::ERR_UNSAFE_REDIRECT
-    // when PlzNavigate is launched.
-    navigation_handle_->set_net_error_code(net::ERR_ABORTED);
-    frame_tree_node_->ResetNavigationRequest(false, true);
-    return;
-  }
-
-  // For renderer-initiated navigations we need to check if the source has
-  // access to the URL. Browser-initiated navigations only rely on the
-  // |CanRedirectToURL| test above.
-  if (!browser_initiated_ && source_site_instance() &&
-      !ChildProcessSecurityPolicyImpl::GetInstance()->CanRequestURL(
-          source_site_instance()->GetProcess()->GetID(),
-          redirect_info.new_url)) {
-    DVLOG(1) << "Denied unauthorized redirect for "
-             << redirect_info.new_url.possibly_invalid_spec();
-    navigation_handle_->set_net_error_code(net::ERR_ABORTED);
-    frame_tree_node_->ResetNavigationRequest(false, true);
-    return;
-  }
-
   // If a redirect occurs, the original site instance we thought is the
   // destination could change.
   dest_site_instance_ = nullptr;
@@ -562,6 +536,21 @@
     // DO NOT ADD CODE after this. The previous call to OnRequestFailed has
     // destroyed the NavigationRequest.
     return;
+  }
+
+  // For non browser initiated navigations we need to check if the source has
+  // access to the URL. We always allow browser initiated requests.
+  // TODO(clamy): Kill the renderer if FilterURL fails?
+  GURL url = common_params_.url;
+  if (!browser_initiated_ && source_site_instance()) {
+    source_site_instance()->GetProcess()->FilterURL(false, &url);
+    // FilterURL sets the URL to about:blank if the CSP checks prevent the
+    // renderer from accessing it.
+    if ((url == url::kAboutBlankURL) && (url != common_params_.url)) {
+      navigation_handle_->set_net_error_code(net::ERR_ABORTED);
+      frame_tree_node_->ResetNavigationRequest(false, true);
+      return;
+    }
   }
 
   // Compute the SiteInstance to use for the redirect and pass its