Add flag to specify if explicitly requested download is from web.

chrome/browser/renderer_host/chrome_resource_dispatcher_host_delegate.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/renderer_host/chrome_resource_dispatcher_host_delegate.h"
 
 #include "base/logging.h"
 #include "chrome/browser/browser_process.h"
 #include "chrome/browser/content_settings/host_content_settings_map.h"
 #include "chrome/browser/download/download_request_limiter.h"
@@ skipping 159 matching lines @@
                                   resource_type,
                                   throttles);
 }
 
 void ChromeResourceDispatcherHostDelegate::DownloadStarting(
     net::URLRequest* request,
     content::ResourceContext* resource_context,
     int child_id,
     int route_id,
     int request_id,
-    bool is_new_request,
+    bool from_web,
     ScopedVector<content::ResourceThrottle>* throttles) {
   BrowserThread::PostTask(
       BrowserThread::UI, FROM_HERE,
       base::Bind(&NotifyDownloadInitiatedOnUI, child_id, route_id));
 
+  // If it's from the web, we don't trust it, so we push the throttle on.
+  if (from_web) {

[darin (slow to review), 2012/05/12 18:23:08]

elsewhere, we use "content-initiated" versus "browser-initiated" for things like
this.  maybe is_content_initiated would be better here?

[Randy Smith (Not in Mondays), 2012/05/12 19:56:37]

Done.

+    throttles->push_back(new DownloadResourceThrottle(
+        download_request_limiter_, child_id, route_id, request_id,
+        request->method()));
+  }
+
   // If this isn't a new request, we've seen this before and added the safe

[darin (slow to review), 2012/05/12 18:23:08]

nit: this comment should be changed to say "and added the [standard resource
throttles] already..."

[Randy Smith (Not in Mondays), 2012/05/12 19:56:37]

Done.

-  // browsing resource throttle already so no need to add it again. This code
-  // path is only hit for requests initiated through the browser, and not the
-  // web, so no need to add the download throttle.
-  if (is_new_request) {
+  // browsing resource throttle already so no need to add it again.
+  if (!request->is_pending()) {

[darin (slow to review), 2012/05/12 18:23:08]

Definitely OK to make this change.  I had this on my list of changes to make
too.  (I actually foresee a lot more cleanup to the
ResourceDispatcherHostDelegate methods.)

[Randy Smith (Not in Mondays), 2012/05/12 19:56:37]

Done.

     AppendStandardResourceThrottles(request,
                                     resource_context,
                                     child_id,
                                     route_id,
                                     ResourceType::MAIN_FRAME,
                                     throttles);
-  } else {
-    throttles->push_back(new DownloadResourceThrottle(
-        download_request_limiter_, child_id, route_id, request_id,
-        request->method()));
   }
 }
 
 bool ChromeResourceDispatcherHostDelegate::AcceptSSLClientCertificateRequest(
     net::URLRequest* request, net::SSLCertRequestInfo* cert_request_info) {
   if (request->load_flags() & net::LOAD_PREFETCH)
     return false;
 
   ChromeURLRequestUserData* user_data = ChromeURLRequestUserData::Get(request);
   if (user_data && user_data->is_prerender()) {
@@ skipping 126 matching lines @@
 #if defined(ENABLE_ONE_CLICK_SIGNIN)
   const ResourceRequestInfo* info = ResourceRequestInfo::ForRequest(request);
 
   // See if the response contains the Google-Accounts-SignIn header.  If so,
   // then the user has just finished signing in, and the server is allowing the
   // browser to suggest connecting the user's profile to the account.
   OneClickSigninHelper::ShowInfoBarIfPossible(request, info->GetChildID(),
                                               info->GetRouteID());
 #endif
 }