Allow targeted links to work on tabs that have swapped out processes.

content/renderer/render_view_impl.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "content/renderer/render_view_impl.h"
 
 #include <algorithm>
 #include <cmath>
 #include <string>
 #include <vector>
@@ skipping 2225 matching lines @@
                                      suggested_name));
   } else {
     OpenURL(frame, request.url(),
             Referrer(referrer, GetReferrerPolicyFromRequest(request)), policy);
   }
 }
 
 WebNavigationPolicy RenderViewImpl::decidePolicyForNavigation(
     WebFrame* frame, const WebURLRequest& request, WebNavigationType type,
     const WebNode&, WebNavigationPolicy default_policy, bool is_redirect) {
-  // TODO(creis): Remove this when we fix OnSwapOut to not need a navigation.
+  Referrer referrer(
+      GURL(request.httpHeaderField(WebString::fromUTF8("Referer"))),
+      GetReferrerPolicyFromRequest(request));
+
   if (is_swapped_out_) {
-    // It is possible for in-progress navigations to arrive here just after we
-    // are swapped out, including iframes.  We should cancel them.
-    if (request.url() != GURL(chrome::kSwappedOutURL))
+    if (request.url() != GURL(chrome::kSwappedOutURL)) {
+      // Targeted links may try to navigate a swapped out frame.  Allow the
+      // browser process to navigate the tab instead.  Note that it is also
+      // possible for non-targeted navigations (from this view) to arrive
+      // here just after we are swapped out.  It's ok to send them to the
+      // browser, as long as they're for the top level frame.
+      if (frame->parent() == NULL) {
+        OpenURL(frame, request.url(), referrer, default_policy);

[darin (slow to review), 2012/03/22 17:23:39]

so if this is a POST request, then it will become a GET request.  are we OK with
that?  i'm guessing we aren't.

[Charlie Reis, 2012/03/22 18:04:06]

That's a fair point.  It seems better to convert targeted form posts to GETs for
now than to drop them on the floor, but it's something we should be able to
support when we fix cross-process POST submissions.   I'll add a TODO pointing
to http://crbug.com/101395.

+        return WebKit::WebNavigationPolicyIgnore;  // Suppress the load here.
+      }
+
+      // We should otherwise ignore in-process iframe navigations, if they
+      // arrive just after we are swapped out.
       return WebKit::WebNavigationPolicyIgnore;
+    }
 
     // Allow chrome::kSwappedOutURL to complete.
     return default_policy;
   }
 
   // Webkit is asking whether to navigate to a new URL.
   // This is fine normally, except if we're showing UI from one security
   // context and they're trying to navigate to a different context.
   const GURL& url = request.url();
 
   // A content initiated navigation may have originated from a link-click,
   // script, drag-n-drop operation, etc.
   bool is_content_initiated =
       DocumentState::FromDataSource(frame->provisionalDataSource())->
           navigation_state()->is_content_initiated();
 
   // Experimental:
   // If --enable-strict-site-isolation is enabled, send all top-level
   // navigations to the browser to let it swap processes when crossing site
   // boundaries.  This is currently expected to break some script calls and
   // navigations, such as form submissions.
   const CommandLine& command_line = *CommandLine::ForCurrentProcess();
   if (command_line.HasSwitch(switches::kEnableStrictSiteIsolation) &&
       !frame->parent() && (is_content_initiated || is_redirect)) {
     WebString origin_str = frame->document().securityOrigin().toString();
     GURL frame_url(origin_str.utf8().data());
     // TODO(cevans): revisit whether this origin check is still necessary once
     // crbug.com/101395 is fixed.
     if (frame_url.GetOrigin() != url.GetOrigin()) {
-      Referrer referrer(
-          GURL(request.httpHeaderField(WebString::fromUTF8("Referer"))),
-          GetReferrerPolicyFromRequest(request));
       OpenURL(frame, url, referrer, default_policy);
       return WebKit::WebNavigationPolicyIgnore;
     }
   }
 
   // If the browser is interested, then give it a chance to look at top level
   // navigations.
   if (is_content_initiated) {
     bool browser_handles_top_level_requests =
         renderer_preferences_.browser_handles_top_level_requests &&
         IsNonLocalTopLevelNavigation(url, frame, type);
     if (browser_handles_top_level_requests ||
         renderer_preferences_.browser_handles_all_requests) {
-      Referrer referrer(
-          GURL(request.httpHeaderField(WebString::fromUTF8("Referer"))),
-          GetReferrerPolicyFromRequest(request));
       // Reset these counters as the RenderView could be reused for the next
       // navigation.
       page_id_ = -1;
       last_page_id_sent_to_browser_ = -1;
       OpenURL(frame, url, referrer, default_policy);
       return WebKit::WebNavigationPolicyIgnore;  // Suppress the load here.
     }
   }
 
   // Detect when we're crossing a permission-based boundary (e.g. into or out of
@@ skipping 33 matching lines @@
       // with hosted apps and extensions than WebUI pages.  We will remove this
       // check when cross-process POST submissions are supported.
       if (request.httpMethod() == "GET") {
         bool is_initial_navigation = page_id_ == -1;
         should_fork = content::GetContentClient()->renderer()->ShouldFork(
             frame, url, is_initial_navigation, &send_referrer);
       }
     }
 
     if (should_fork) {
-      Referrer referrer(
-          GURL(request.httpHeaderField(WebString::fromUTF8("Referer"))),
-          GetReferrerPolicyFromRequest(request));
       OpenURL(
           frame, url, send_referrer ? referrer : Referrer(), default_policy);
       return WebKit::WebNavigationPolicyIgnore;  // Suppress the load here.
     }
   }
 
   // Use the frame's original request's URL rather than the document's URL for
   // this check.  For a popup, the document's URL may become the opener window's
   // URL if the opener has called document.write.  See http://crbug.com/93517.
   GURL old_url(frame->dataSource()->request().url());
@@ skipping 2828 matching lines @@
 bool RenderViewImpl::WebWidgetHandlesCompositorScheduling() const {
   return !!RenderThreadImpl::current()->compositor_thread();
 }
 
 void RenderViewImpl::OnJavaBridgeInit() {
   DCHECK(!java_bridge_dispatcher_.get());
 #if defined(ENABLE_JAVA_BRIDGE)
   java_bridge_dispatcher_.reset(new JavaBridgeDispatcher(this));
 #endif
 }