blob: d398c2e6c154a024dbcabb968233d5c5c332a3ec [file] [log] [blame]
// Copyright 2013 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#include "content/browser/renderer_host/render_frame_host_impl.h"
#include <algorithm>
#include <memory>
#include <unordered_map>
#include <utility>
#include "base/bind.h"
#include "base/bind_helpers.h"
#include "base/command_line.h"
#include "base/compiler_specific.h"
#include "base/containers/queue.h"
#include "base/debug/alias.h"
#include "base/debug/crash_logging.h"
#include "base/debug/dump_without_crashing.h"
#include "base/i18n/character_encoding.h"
#include "base/lazy_instance.h"
#include "base/memory/ptr_util.h"
#include "base/memory/ref_counted.h"
#include "base/metrics/field_trial_params.h"
#include "base/metrics/histogram_functions.h"
#include "base/metrics/histogram_macros.h"
#include "base/metrics/metrics_hashes.h"
#include "base/metrics/user_metrics.h"
#include "base/no_destructor.h"
#include "base/numerics/safe_conversions.h"
#include "base/process/kill.h"
#include "base/stl_util.h"
#include "base/task/current_thread.h"
#include "base/task/post_task.h"
#include "base/threading/thread_task_runner_handle.h"
#include "base/time/time.h"
#include "base/trace_event/trace_conversion_helper.h"
#include "base/trace_event/traced_value.h"
#include "build/build_config.h"
#include "components/download/public/common/download_url_parameters.h"
#include "content/browser/about_url_loader_factory.h"
#include "content/browser/accessibility/browser_accessibility_manager.h"
#include "content/browser/accessibility/browser_accessibility_state_impl.h"
#include "content/browser/appcache/appcache_navigation_handle.h"
#include "content/browser/bad_message.h"
#include "content/browser/bluetooth/web_bluetooth_service_impl.h"
#include "content/browser/browser_main_loop.h"
#include "content/browser/child_process_security_policy_impl.h"
#include "content/browser/contacts/contacts_manager_impl.h"
#include "content/browser/data_url_loader_factory.h"
#include "content/browser/devtools/devtools_instrumentation.h"
#include "content/browser/devtools/protocol/audits.h"
#include "content/browser/dom_storage/dom_storage_context_wrapper.h"
#include "content/browser/download/data_url_blob_reader.h"
#include "content/browser/download/mhtml_generation_manager.h"
#include "content/browser/file_system/file_system_manager_impl.h"
#include "content/browser/file_system/file_system_url_loader_factory.h"
#include "content/browser/generic_sensor/sensor_provider_proxy_impl.h"
#include "content/browser/geolocation/geolocation_service_impl.h"
#include "content/browser/gpu/gpu_data_manager_impl.h"
#include "content/browser/idle/idle_manager_impl.h"
#include "content/browser/installedapp/installed_app_provider_impl.h"
#include "content/browser/loader/file_url_loader_factory.h"
#include "content/browser/loader/navigation_url_loader_impl.h"
#include "content/browser/loader/prefetch_url_loader_service.h"
#include "content/browser/log_console_message.h"
#include "content/browser/manifest/manifest_manager_host.h"
#include "content/browser/media/capture/audio_mirroring_manager.h"
#include "content/browser/media/media_interface_proxy.h"
#include "content/browser/media/webaudio/audio_context_manager_impl.h"
#include "content/browser/native_file_system/native_file_system_manager_impl.h"
#include "content/browser/navigation_subresource_loader_params.h"
#include "content/browser/net/cross_origin_embedder_policy_reporter.h"
#include "content/browser/net/cross_origin_opener_policy_reporter.h"
#include "content/browser/payments/payment_app_context_impl.h"
#include "content/browser/permissions/permission_controller_impl.h"
#include "content/browser/permissions/permission_service_context.h"
#include "content/browser/permissions/permission_service_impl.h"
#include "content/browser/portal/portal.h"
#include "content/browser/presentation/presentation_service_impl.h"
#include "content/browser/push_messaging/push_messaging_manager.h"
#include "content/browser/renderer_host/agent_scheduling_group_host.h"
#include "content/browser/renderer_host/back_forward_cache_impl.h"
#include "content/browser/renderer_host/cookie_utils.h"
#include "content/browser/renderer_host/cross_process_frame_connector.h"
#include "content/browser/renderer_host/debug_urls.h"
#include "content/browser/renderer_host/dip_util.h"
#include "content/browser/renderer_host/frame_tree.h"
#include "content/browser/renderer_host/frame_tree_node.h"
#include "content/browser/renderer_host/input/input_injector_impl.h"
#include "content/browser/renderer_host/input/input_router.h"
#include "content/browser/renderer_host/input/timeout_monitor.h"
#include "content/browser/renderer_host/ipc_utils.h"
#include "content/browser/renderer_host/keep_alive_handle_factory.h"
#include "content/browser/renderer_host/navigation_controller_impl.h"
#include "content/browser/renderer_host/navigation_entry_impl.h"
#include "content/browser/renderer_host/navigation_request.h"
#include "content/browser/renderer_host/navigator.h"
#include "content/browser/renderer_host/page_lifecycle_state_manager.h"
#include "content/browser/renderer_host/render_frame_host_delegate.h"
#include "content/browser/renderer_host/render_frame_proxy_host.h"
#include "content/browser/renderer_host/render_process_host_impl.h"
#include "content/browser/renderer_host/render_view_host_delegate.h"
#include "content/browser/renderer_host/render_view_host_delegate_view.h"
#include "content/browser/renderer_host/render_view_host_impl.h"
#include "content/browser/renderer_host/render_widget_host_factory.h"
#include "content/browser/renderer_host/render_widget_host_impl.h"
#include "content/browser/renderer_host/render_widget_host_view_base.h"
#include "content/browser/renderer_host/render_widget_host_view_child_frame.h"
#include "content/browser/scoped_active_url.h"
#include "content/browser/screen_enumeration/screen_enumeration_impl.h"
#include "content/browser/service_worker/service_worker_container_host.h"
#include "content/browser/service_worker/service_worker_context_wrapper.h"
#include "content/browser/service_worker/service_worker_object_host.h"
#include "content/browser/sms/sms_service.h"
#include "content/browser/speech/speech_synthesis_impl.h"
#include "content/browser/storage_partition_impl.h"
#include "content/browser/url_loader_factory_params_helper.h"
#include "content/browser/web_package/prefetched_signed_exchange_cache.h"
#include "content/browser/web_package/web_bundle_handle.h"
#include "content/browser/web_package/web_bundle_handle_tracker.h"
#include "content/browser/web_package/web_bundle_navigation_info.h"
#include "content/browser/web_package/web_bundle_source.h"
#include "content/browser/webauth/authenticator_environment_impl.h"
#include "content/browser/webauth/authenticator_impl.h"
#include "content/browser/webauth/webauth_request_security_checker.h"
#include "content/browser/websockets/websocket_connector_impl.h"
#include "content/browser/webtransport/quic_transport_connector_impl.h"
#include "content/browser/webui/url_data_manager_backend.h"
#include "content/browser/webui/web_ui_controller_factory_registry.h"
#include "content/browser/webui/web_ui_url_loader_factory_internal.h"
#include "content/browser/worker_host/dedicated_worker_host_factory_impl.h"
#include "content/browser/worker_host/shared_worker_service_impl.h"
#include "content/common/associated_interfaces.mojom.h"
#include "content/common/content_constants_internal.h"
#include "content/common/content_navigation_policy.h"
#include "content/common/frame.mojom.h"
#include "content/common/frame_messages.h"
#include "content/common/inter_process_time_ticks_converter.h"
#include "content/common/navigation_params.h"
#include "content/common/navigation_params_mojom_traits.h"
#include "content/common/navigation_params_utils.h"
#include "content/common/render_message_filter.mojom.h"
#include "content/common/renderer.mojom.h"
#include "content/common/state_transitions.h"
#include "content/common/unfreezable_frame_messages.h"
#include "content/public/browser/ax_event_notification_details.h"
#include "content/public/browser/browser_accessibility_state.h"
#include "content/public/browser/browser_context.h"
#include "content/public/browser/browser_plugin_guest_manager.h"
#include "content/public/browser/browser_task_traits.h"
#include "content/public/browser/content_browser_client.h"
#include "content/public/browser/context_menu_params.h"
#include "content/public/browser/download_manager.h"
#include "content/public/browser/global_routing_id.h"
#include "content/public/browser/idle_manager.h"
#include "content/public/browser/media_player_watch_time.h"
#include "content/public/browser/network_service_instance.h"
#include "content/public/browser/permission_type.h"
#include "content/public/browser/render_process_host.h"
#include "content/public/browser/render_widget_host_view.h"
#include "content/public/browser/shared_cors_origin_access_list.h"
#include "content/public/browser/site_isolation_policy.h"
#include "content/public/browser/sms_fetcher.h"
#include "content/public/browser/storage_partition.h"
#include "content/public/common/bindings_policy.h"
#include "content/public/common/content_client.h"
#include "content/public/common/content_constants.h"
#include "content/public/common/content_features.h"
#include "content/public/common/content_switches.h"
#include "content/public/common/isolated_world_ids.h"
#include "content/public/common/navigation_policy.h"
#include "content/public/common/network_service_util.h"
#include "content/public/common/origin_util.h"
#include "content/public/common/page_visibility_state.h"
#include "content/public/common/referrer_type_converters.h"
#include "content/public/common/service_names.mojom.h"
#include "content/public/common/three_d_api_types.h"
#include "content/public/common/url_constants.h"
#include "content/public/common/url_utils.h"
#include "device/gamepad/gamepad_monitor.h"
#include "media/audio/audio_manager.h"
#include "media/base/media_switches.h"
#include "media/base/user_input_monitor.h"
#include "media/learning/common/value.h"
#include "media/media_buildflags.h"
#include "media/mojo/mojom/remoting.mojom.h"
#include "media/mojo/services/video_decode_perf_history.h"
#include "mojo/public/cpp/bindings/message.h"
#include "mojo/public/cpp/bindings/self_owned_receiver.h"
#include "mojo/public/cpp/system/data_pipe.h"
#include "net/base/registry_controlled_domains/registry_controlled_domain.h"
#include "net/cookies/cookie_constants.h"
#include "services/device/public/cpp/device_features.h"
#include "services/device/public/mojom/sensor_provider.mojom.h"
#include "services/device/public/mojom/wake_lock.mojom.h"
#include "services/device/public/mojom/wake_lock_context.mojom.h"
#include "services/metrics/public/cpp/ukm_source_id.h"
#include "services/network/public/cpp/features.h"
#include "services/network/public/cpp/is_potentially_trustworthy.h"
#include "services/network/public/cpp/trust_token_operation_authorization.h"
#include "services/network/public/cpp/web_sandbox_flags.h"
#include "services/network/public/cpp/wrapper_shared_url_loader_factory.h"
#include "services/network/public/mojom/cookie_access_observer.mojom.h"
#include "services/network/public/mojom/network_service.mojom.h"
#include "services/network/public/mojom/url_loader.mojom-shared.h"
#include "services/network/public/mojom/web_sandbox_flags.mojom-shared.h"
#include "services/service_manager/public/cpp/connector.h"
#include "services/service_manager/public/cpp/interface_provider.h"
#include "storage/browser/blob/blob_storage_context.h"
#include "third_party/blink/public/common/associated_interfaces/associated_interface_provider.h"
#include "third_party/blink/public/common/associated_interfaces/associated_interface_registry.h"
#include "third_party/blink/public/common/blob/blob_utils.h"
#include "third_party/blink/public/common/feature_policy/document_policy_features.h"
#include "third_party/blink/public/common/feature_policy/feature_policy.h"
#include "third_party/blink/public/common/features.h"
#include "third_party/blink/public/common/frame/frame_policy.h"
#include "third_party/blink/public/common/loader/resource_type_util.h"
#include "third_party/blink/public/common/messaging/transferable_message.h"
#include "third_party/blink/public/mojom/appcache/appcache.mojom.h"
#include "third_party/blink/public/mojom/bluetooth/web_bluetooth.mojom.h"
#include "third_party/blink/public/mojom/cache_storage/cache_storage.mojom.h"
#include "third_party/blink/public/mojom/choosers/file_chooser.mojom.h"
#include "third_party/blink/public/mojom/choosers/popup_menu.mojom.h"
#include "third_party/blink/public/mojom/frame/frame.mojom.h"
#include "third_party/blink/public/mojom/frame/frame_owner_properties.mojom.h"
#include "third_party/blink/public/mojom/frame/fullscreen.mojom.h"
#include "third_party/blink/public/mojom/frame/media_player_action.mojom.h"
#include "third_party/blink/public/mojom/frame/user_activation_update_types.mojom.h"
#include "third_party/blink/public/mojom/geolocation/geolocation_service.mojom.h"
#include "third_party/blink/public/mojom/loader/pause_subresource_loading_handle.mojom.h"
#include "third_party/blink/public/mojom/loader/resource_load_info.mojom.h"
#include "third_party/blink/public/mojom/loader/url_loader_factory_bundle.mojom.h"
#include "third_party/blink/public/mojom/security_context/insecure_request_policy.mojom.h"
#include "third_party/blink/public/mojom/service_worker/service_worker_object.mojom.h"
#include "third_party/blink/public/mojom/sms/sms_receiver.mojom.h"
#include "third_party/blink/public/mojom/timing/resource_timing.mojom.h"
#include "third_party/blink/public/mojom/usb/web_usb_service.mojom.h"
#include "third_party/blink/public/mojom/webauthn/virtual_authenticator.mojom.h"
#include "ui/accessibility/ax_tree.h"
#include "ui/accessibility/ax_tree_id_registry.h"
#include "ui/accessibility/ax_tree_update.h"
#include "ui/events/event_constants.h"
#include "ui/gfx/geometry/quad_f.h"
#include "url/gurl.h"
#include "url/origin.h"
#include "url/url_constants.h"
#if defined(OS_ANDROID)
#include "content/browser/android/content_url_loader_factory.h"
#include "content/browser/android/java_interfaces_impl.h"
#include "content/browser/renderer_host/render_frame_host_android.h"
#include "content/public/browser/android/java_interfaces.h"
#else
#include "content/browser/hid/hid_service.h"
#include "content/browser/host_zoom_map_impl.h"
#include "content/browser/serial/serial_service.h"
#endif
#if defined(OS_MAC)
#include "content/browser/renderer_host/popup_menu_helper_mac.h"
#endif
using base::TimeDelta;
namespace content {
struct RenderFrameHostOrProxy {
RenderFrameHostImpl* const frame;
RenderFrameProxyHost* const proxy;
RenderFrameHostOrProxy(RenderFrameHostImpl* frame,
RenderFrameProxyHost* proxy)
: frame(frame), proxy(proxy) {
DCHECK(!frame || !proxy)
<< "Both frame and proxy can't be non-null at the same time";
}
explicit operator bool() { return frame || proxy; }
FrameTreeNode* GetFrameTreeNode() {
if (frame)
return frame->frame_tree_node();
if (proxy)
return proxy->frame_tree_node();
return nullptr;
}
};
namespace {
#if defined(OS_ANDROID)
const void* const kRenderFrameHostAndroidKey = &kRenderFrameHostAndroidKey;
#endif // OS_ANDROID
// The next value to use for the accessibility reset token.
int g_next_accessibility_reset_token = 1;
// Whether to allow injecting javascript into any kind of frame, for Android
// WebView, WebLayer, Fuchsia web.ContextProvider and CastOS content shell.
bool g_allow_injecting_javascript = false;
typedef std::unordered_map<GlobalFrameRoutingId,
RenderFrameHostImpl*,
GlobalFrameRoutingIdHasher>
RoutingIDFrameMap;
base::LazyInstance<RoutingIDFrameMap>::DestructorAtExit g_routing_id_frame_map =
LAZY_INSTANCE_INITIALIZER;
using TokenFrameMap = std::unordered_map<base::UnguessableToken,
RenderFrameHostImpl*,
base::UnguessableTokenHash>;
base::LazyInstance<TokenFrameMap>::Leaky g_token_frame_map =
LAZY_INSTANCE_INITIALIZER;
// Returns true if |validated_params| represents a WebView loadDataWithBaseUrl
// navigation.
bool IsLoadDataWithBaseURL(
const FrameHostMsg_DidCommitProvisionalLoad_Params& validated_params) {
return NavigationRequest::IsLoadDataWithBaseURL(validated_params.url,
validated_params.base_url);
}
// Ensure that we reset nav_entry_id_ in DidCommitProvisionalLoad if any of
// the validations fail and lead to an early return. Call disable() once we
// know the commit will be successful. Resetting nav_entry_id_ avoids acting on
// any UpdateState or UpdateTitle messages after an ignored commit.
class ScopedCommitStateResetter {
public:
explicit ScopedCommitStateResetter(RenderFrameHostImpl* render_frame_host)
: render_frame_host_(render_frame_host), disabled_(false) {}
~ScopedCommitStateResetter() {
if (!disabled_) {
render_frame_host_->set_nav_entry_id(0);
}
}
void disable() { disabled_ = true; }
private:
RenderFrameHostImpl* render_frame_host_;
bool disabled_;
};
class ActiveURLMessageFilter : public mojo::MessageFilter {
public:
explicit ActiveURLMessageFilter(RenderFrameHostImpl* render_frame_host)
: render_frame_host_(render_frame_host) {}
~ActiveURLMessageFilter() override {
if (debug_url_set_) {
GetContentClient()->SetActiveURL(GURL(), "");
}
}
// mojo::MessageFilter overrides.
bool WillDispatch(mojo::Message* message) override {
debug_url_set_ = true;
auto* frame_tree_node = render_frame_host_->frame_tree_node();
GetContentClient()->SetActiveURL(frame_tree_node->current_url(),
frame_tree_node->frame_tree()
->root()
->current_origin()
.GetDebugString());
return true;
}
void DidDispatchOrReject(mojo::Message* message, bool accepted) override {
GetContentClient()->SetActiveURL(GURL(), "");
debug_url_set_ = false;
}
private:
RenderFrameHostImpl* render_frame_host_;
bool debug_url_set_ = false;
};
// This class can be added as a MessageFilter to a mojo receiver to detect
// messages received while the the associated frame is in the Back-Forward
// Cache. Documents that are in the bfcache should not be sending mojo messages
// back to the browser.
class BackForwardCacheMessageFilter : public mojo::MessageFilter {
public:
explicit BackForwardCacheMessageFilter(
RenderFrameHostImpl* render_frame_host,
const char* interface_name,
BackForwardCacheImpl::MessageHandlingPolicyWhenCached policy)
: render_frame_host_(render_frame_host),
interface_name_(interface_name),
policy_(policy) {}
~BackForwardCacheMessageFilter() override = default;
private:
// mojo::MessageFilter overrides.
bool WillDispatch(mojo::Message* message) override {
if (!IsFrameInBackForwardCache() || ProcessHoldsNonCachedPages() ||
policy_ == BackForwardCacheImpl::kMessagePolicyNone) {
return true;
}
DLOG(ERROR) << "Received message " << message->name() << " on interface "
<< interface_name_ << " from frame in bfcache.";
TRACE_EVENT2(
"content", "BackForwardCacheMessageFilter::WillDispatch bad_message",
"interface_name", interface_name_, "message_name", message->name());
base::UmaHistogramSparse(
"BackForwardCache.UnexpectedRendererToBrowserMessage.InterfaceName",
static_cast<int32_t>(base::HashMetricName(interface_name_)));
switch (policy_) {
case BackForwardCacheImpl::kMessagePolicyNone:
case BackForwardCacheImpl::kMessagePolicyLog:
return true;
case BackForwardCacheImpl::kMessagePolicyDump:
base::debug::DumpWithoutCrashing();
return true;
}
}
void DidDispatchOrReject(mojo::Message* message, bool accepted) override {}
// Returns true if both the renderer and the browser think the frame is in the
// bfcache. That is the PageLifecycleState is in sync with regards to bfcache.
// In the intermediate states (no ACK received yet) messages must be allowed.
bool IsFrameInBackForwardCache() {
PageLifecycleStateManager* mgr =
render_frame_host_->render_view_host()->GetPageLifecycleStateManager();
return mgr->last_acknowledged_state().is_in_back_forward_cache &&
mgr->last_state_sent_to_renderer().is_in_back_forward_cache;
}
// TODO(https://crbug.com/1125996): Remove once a well-behaved frozen
// RenderFrame never send IPCs messages, even if there are active pages in the
// process.
bool ProcessHoldsNonCachedPages() {
return RenderViewHostImpl::HasNonBackForwardCachedInstancesForProcess(
render_frame_host_->GetProcess());
}
RenderFrameHostImpl* const render_frame_host_;
const char* const interface_name_;
const BackForwardCacheImpl::MessageHandlingPolicyWhenCached policy_;
};
// This class is used to chain multiple mojo::MessageFilter. Messages will be
// processed by the filters in the same order as the filters are added with the
// Add() method. WillDispatch() might not be called for all filters or might see
// a modified message if a filter earlier in the chain discards or modifies it.
// Similarly a given filter instance might not receive a DidDispatchOrReject()
// call even if WillDispatch() was called if a filter further down the chain
// discarded it. Long story short, the order in which filters are added is
// important!
class MessageFilterChain : public mojo::MessageFilter {
public:
MessageFilterChain() = default;
~MessageFilterChain() final = default;
bool WillDispatch(mojo::Message* message) override {
for (auto& filter : filters_) {
if (!filter->WillDispatch(message))
return false;
}
return true;
}
void DidDispatchOrReject(mojo::Message* message, bool accepted) override {
for (auto& filter : filters_) {
filter->DidDispatchOrReject(message, accepted);
}
}
// Adds a filter to the end of the chain. See class description for ordering
// implications.
void Add(std::unique_ptr<mojo::MessageFilter> filter) {
filters_.push_back(std::move(filter));
}
private:
std::vector<std::unique_ptr<mojo::MessageFilter>> filters_;
};
std::unique_ptr<mojo::MessageFilter>
CreateMessageFilterForAssociatedReceiverImpl(
RenderFrameHostImpl* render_frame_host,
const char* interface_name,
BackForwardCacheImpl::MessageHandlingPolicyWhenCached policy) {
auto filter_chain = std::make_unique<MessageFilterChain>();
filter_chain->Add(std::make_unique<BackForwardCacheMessageFilter>(
render_frame_host, interface_name, policy));
// BackForwardCacheMessageFilter might drop messages so add
// ActiveURLMessageFilter at the end of the chain as we need to make sure that
// the debug url is reset, that is, DidDispatchOrReject() is called if
// WillDispatch().
filter_chain->Add(
std::make_unique<ActiveURLMessageFilter>(render_frame_host));
return filter_chain;
}
void GrantFileAccess(int child_id,
const std::vector<base::FilePath>& file_paths) {
ChildProcessSecurityPolicyImpl* policy =
ChildProcessSecurityPolicyImpl::GetInstance();
for (const auto& file : file_paths) {
if (!policy->CanReadFile(child_id, file))
policy->GrantReadFile(child_id, file);
}
}
#if BUILDFLAG(ENABLE_MEDIA_REMOTING)
// RemoterFactory that delegates Create() calls to the ContentBrowserClient.
//
// Since Create() could be called at any time, perhaps by a stray task being run
// after a RenderFrameHost has been destroyed, the RemoterFactoryImpl uses the
// process/routing IDs as a weak reference to the RenderFrameHostImpl.
class RemoterFactoryImpl final : public media::mojom::RemoterFactory {
public:
RemoterFactoryImpl(int process_id, int routing_id)
: process_id_(process_id), routing_id_(routing_id) {}
private:
void Create(mojo::PendingRemote<media::mojom::RemotingSource> source,
mojo::PendingReceiver<media::mojom::Remoter> receiver) final {
if (auto* host = RenderFrameHostImpl::FromID(process_id_, routing_id_)) {
GetContentClient()->browser()->CreateMediaRemoter(host, std::move(source),
std::move(receiver));
}
}
const int process_id_;
const int routing_id_;
DISALLOW_COPY_AND_ASSIGN(RemoterFactoryImpl);
};
#endif // BUILDFLAG(ENABLE_MEDIA_REMOTING)
using FrameCallback = base::RepeatingCallback<void(RenderFrameHostImpl*)>;
void ForEachFrame(RenderFrameHostImpl* root_frame_host,
const FrameCallback& frame_callback) {
DCHECK_CURRENTLY_ON(BrowserThread::UI);
FrameTree* frame_tree = root_frame_host->frame_tree();
DCHECK_EQ(root_frame_host, frame_tree->GetMainFrame());
for (FrameTreeNode* node : frame_tree->Nodes()) {
RenderFrameHostImpl* frame_host = node->current_frame_host();
RenderFrameHostImpl* pending_frame_host =
node->render_manager()->speculative_frame_host();
if (frame_host)
frame_callback.Run(frame_host);
if (pending_frame_host)
frame_callback.Run(pending_frame_host);
}
}
RenderFrameHostOrProxy LookupRenderFrameHostOrProxy(int process_id,
int routing_id) {
RenderFrameHostImpl* rfh =
RenderFrameHostImpl::FromID(process_id, routing_id);
RenderFrameProxyHost* proxy = nullptr;
if (!rfh)
proxy = RenderFrameProxyHost::FromID(process_id, routing_id);
return RenderFrameHostOrProxy(rfh, proxy);
}
RenderFrameHostOrProxy LookupRenderFrameHostOrProxy(
int process_id,
const base::UnguessableToken& frame_token) {
auto it = g_token_frame_map.Get().find(frame_token);
RenderFrameHostImpl* rfh = nullptr;
RenderFrameProxyHost* proxy = nullptr;
if (it != g_token_frame_map.Get().end()) {
// The check against |process_id| isn't strictly necessary, but represents
// an extra level of protection against a renderer trying to force a frame
// token.
rfh =
process_id == it->second->GetProcess()->GetID() ? it->second : nullptr;
} else {
proxy = RenderFrameProxyHost::FromFrameToken(process_id, frame_token);
}
return RenderFrameHostOrProxy(rfh, proxy);
}
// Takes the lower 31 bits of the metric-name-hash of a Mojo interface |name|.
base::Histogram::Sample HashInterfaceNameToHistogramSample(
base::StringPiece name) {
return base::strict_cast<base::Histogram::Sample>(
static_cast<int32_t>(base::HashMetricName(name) & 0x7fffffffull));
}
// Set crash keys that will help understand the circumstances of a renderer
// kill. Note that the commit URL is already reported in a crash key, and
// additional keys are logged in RenderProcessHostImpl::ShutdownForBadMessage.
void LogRendererKillCrashKeys(const SiteInfo& site_info) {
static auto* site_info_key = base::debug::AllocateCrashKeyString(
"current_site_info", base::debug::CrashKeySize::Size256);
base::debug::SetCrashKeyString(site_info_key, site_info.GetDebugString());
}
void LogCanCommitOriginAndUrlFailureReason(const std::string& failure_reason) {
static auto* failure_reason_key = base::debug::AllocateCrashKeyString(
"rfhi_can_commit_failure_reason", base::debug::CrashKeySize::Size64);
base::debug::SetCrashKeyString(failure_reason_key, failure_reason);
}
std::unique_ptr<blink::PendingURLLoaderFactoryBundle> CloneFactoryBundle(
scoped_refptr<blink::URLLoaderFactoryBundle> bundle) {
return base::WrapUnique(static_cast<blink::PendingURLLoaderFactoryBundle*>(
bundle->Clone().release()));
}
// Helper method to download a URL on UI thread.
void StartDownload(
std::unique_ptr<download::DownloadUrlParameters> parameters,
scoped_refptr<network::SharedURLLoaderFactory> blob_url_loader_factory) {
DCHECK_CURRENTLY_ON(BrowserThread::UI);
RenderProcessHost* render_process_host =
RenderProcessHost::FromID(parameters->render_process_host_id());
if (!render_process_host)
return;
BrowserContext* browser_context = render_process_host->GetBrowserContext();
DownloadManager* download_manager =
BrowserContext::GetDownloadManager(browser_context);
parameters->set_download_source(download::DownloadSource::FROM_RENDERER);
download_manager->DownloadUrl(std::move(parameters),
std::move(blob_url_loader_factory));
}
// Called on the UI thread when the data URL in the BlobDataHandle
// is read.
void OnDataURLRetrieved(
std::unique_ptr<download::DownloadUrlParameters> parameters,
GURL data_url) {
DCHECK_CURRENTLY_ON(BrowserThread::UI);
if (!data_url.is_valid())
return;
parameters->set_url(std::move(data_url));
StartDownload(std::move(parameters), nullptr);
}
void RecordCrossOriginIsolationMetrics(RenderFrameHostImpl* rfh) {
ContentBrowserClient* client = GetContentClient()->browser();
if (rfh->cross_origin_opener_policy().value ==
network::mojom::CrossOriginOpenerPolicyValue::kSameOrigin) {
client->LogWebFeatureForCurrentPage(
rfh, blink::mojom::WebFeature::kCrossOriginOpenerPolicySameOrigin);
}
if (rfh->cross_origin_opener_policy().value ==
network::mojom::CrossOriginOpenerPolicyValue::kSameOriginAllowPopups) {
client->LogWebFeatureForCurrentPage(
rfh, blink::mojom::WebFeature::
kCrossOriginOpenerPolicySameOriginAllowPopups);
}
if (rfh->cross_origin_embedder_policy().value ==
network::mojom::CrossOriginEmbedderPolicyValue::kRequireCorp) {
client->LogWebFeatureForCurrentPage(
rfh, blink::mojom::WebFeature::kCrossOriginEmbedderPolicyRequireCorp);
}
if (rfh->cross_origin_opener_policy().value ==
network::mojom::CrossOriginOpenerPolicyValue::kSameOriginPlusCoep) {
client->LogWebFeatureForCurrentPage(
rfh, blink::mojom::WebFeature::kCoopAndCoepIsolated);
}
if (rfh->coop_reporter()) {
client->LogWebFeatureForCurrentPage(
rfh, blink::mojom::WebFeature::kCrossOriginOpenerPolicyReporting);
}
}
// Subframe navigations can optionally have associated Trust Tokens operations
// (https://github.com/wicg/trust-token-api). If the operation's type is
// "redemption" or "signing" (as opposed to "issuance"), the parent's frame
// needs to have the trust-token-redemption Feature Policy feature enabled.
bool ParentNeedsTrustTokenFeaturePolicy(
const mojom::BeginNavigationParams& begin_params) {
if (!begin_params.trust_token_params)
return false;
return network::DoesTrustTokenOperationRequireFeaturePolicy(
begin_params.trust_token_params->type);
}
// Analyzes trusted sources of a frame's trust-token-redemption Feature Policy
// feature to see if the feature is definitely disabled or potentially enabled.
//
// This information will be bound to a URLLoaderFactory; if the answer is
// "definitely disabled," the network service will report a bad message if it
// receives a request from the renderer to execute a Trust Tokens redemption or
// signing operation in the frame.
//
// A return value of kForbid denotes that the feature is disabled for the
// frame. A return value of kPotentiallyPermit means that all trusted
// information sources say that the policy is enabled.
network::mojom::TrustTokenRedemptionPolicy
DetermineWhetherToForbidTrustTokenRedemption(
const RenderFrameHostImpl* parent,
const mojom::CommitNavigationParams& commit_params,
const url::Origin& subframe_origin) {
// For main frame loads, the frame's feature policy is determined entirely by
// response headers, which are provided by the renderer.
if (!parent || !commit_params.frame_policy)
return network::mojom::TrustTokenRedemptionPolicy::kPotentiallyPermit;
const blink::FeaturePolicy* parent_policy = parent->feature_policy();
blink::ParsedFeaturePolicy container_policy =
commit_params.frame_policy->container_policy;
auto subframe_policy = blink::FeaturePolicy::CreateFromParentPolicy(
parent_policy, container_policy, subframe_origin);
if (subframe_policy->IsFeatureEnabled(
blink::mojom::FeaturePolicyFeature::kTrustTokenRedemption)) {
return network::mojom::TrustTokenRedemptionPolicy::kPotentiallyPermit;
}
return network::mojom::TrustTokenRedemptionPolicy::kForbid;
}
// When a frame creates its initial subresource loaders, it needs to know
// whether the trust-token-redemption Feature Policy feature will be enabled
// after the commit finishes, which is a little involved (see
// DetermineWhetherToForbidTrustTokenRedemption). In contrast, if it needs to
// make this decision once the frame has committted---for instance, to create
// more loaders after the network service crashes---it can directly consult the
// current Feature Policy state to determine whether the feature is enabled.
network::mojom::TrustTokenRedemptionPolicy
DetermineAfterCommitWhetherToForbidTrustTokenRedemption(
RenderFrameHostImpl* impl) {
return impl->IsFeatureEnabled(
blink::mojom::FeaturePolicyFeature::kTrustTokenRedemption)
? network::mojom::TrustTokenRedemptionPolicy::kPotentiallyPermit
: network::mojom::TrustTokenRedemptionPolicy::kForbid;
}
// Returns the string corresponding to LifecycleState, used for logging crash
// keys.
const char* LifecycleStateToString(RenderFrameHostImpl::LifecycleState state) {
using LifecycleState = RenderFrameHostImpl::LifecycleState;
switch (state) {
case LifecycleState::kSpeculative:
return "Speculative";
case LifecycleState::kActive:
return "Active";
case LifecycleState::kInBackForwardCache:
return "InBackForwardCache";
case LifecycleState::kRunningUnloadHandlers:
return "RunningUnloadHandlers";
case LifecycleState::kReadyToBeDeleted:
return "ReadyToDeleted";
}
}
} // namespace
bool ShouldCreateNewHostForCrashedFrame() {
return GetRenderDocumentLevel() >= RenderDocumentLevel::kCrashedFrame;
}
class RenderFrameHostImpl::DroppedInterfaceRequestLogger
: public blink::mojom::BrowserInterfaceBroker {
public:
explicit DroppedInterfaceRequestLogger(
mojo::PendingReceiver<blink::mojom::BrowserInterfaceBroker> receiver) {
receiver_.Bind(std::move(receiver));
}
~DroppedInterfaceRequestLogger() override {
UMA_HISTOGRAM_EXACT_LINEAR("RenderFrameHostImpl.DroppedInterfaceRequests",
num_dropped_requests_, 20);
}
protected:
// blink::mojom::BrowserInterfaceBroker
void GetInterface(mojo::GenericPendingReceiver receiver) override {
++num_dropped_requests_;
auto interface_name = receiver.interface_name().value_or("");
base::UmaHistogramSparse(
"RenderFrameHostImpl.DroppedInterfaceRequestName",
HashInterfaceNameToHistogramSample(interface_name));
DLOG(WARNING)
<< "InterfaceRequest was dropped, the document is no longer active: "
<< interface_name;
}
private:
mojo::Receiver<blink::mojom::BrowserInterfaceBroker> receiver_{this};
int num_dropped_requests_ = 0;
DISALLOW_COPY_AND_ASSIGN(DroppedInterfaceRequestLogger);
};
struct PendingNavigation {
mojom::CommonNavigationParamsPtr common_params;
mojom::BeginNavigationParamsPtr begin_navigation_params;
scoped_refptr<network::SharedURLLoaderFactory> blob_url_loader_factory;
mojo::PendingAssociatedRemote<mojom::NavigationClient> navigation_client;
mojo::PendingRemote<blink::mojom::NavigationInitiator> navigation_initiator;
PendingNavigation(
mojom::CommonNavigationParamsPtr common_params,
mojom::BeginNavigationParamsPtr begin_navigation_params,
scoped_refptr<network::SharedURLLoaderFactory> blob_url_loader_factory,
mojo::PendingAssociatedRemote<mojom::NavigationClient> navigation_client,
mojo::PendingRemote<blink::mojom::NavigationInitiator>
navigation_initiator);
};
PendingNavigation::PendingNavigation(
mojom::CommonNavigationParamsPtr common_params,
mojom::BeginNavigationParamsPtr begin_navigation_params,
scoped_refptr<network::SharedURLLoaderFactory> blob_url_loader_factory,
mojo::PendingAssociatedRemote<mojom::NavigationClient> navigation_client,
mojo::PendingRemote<blink::mojom::NavigationInitiator> navigation_initiator)
: common_params(std::move(common_params)),
begin_navigation_params(std::move(begin_navigation_params)),
blob_url_loader_factory(std::move(blob_url_loader_factory)),
navigation_client(std::move(navigation_client)),
navigation_initiator(std::move(navigation_initiator)) {}
// static
RenderFrameHost* RenderFrameHost::FromID(GlobalFrameRoutingId id) {
return RenderFrameHostImpl::FromID(id);
}
// static
RenderFrameHost* RenderFrameHost::FromID(int render_process_id,
int render_frame_id) {
return RenderFrameHostImpl::FromID(
GlobalFrameRoutingId(render_process_id, render_frame_id));
}
// static
void RenderFrameHost::AllowInjectingJavaScript() {
g_allow_injecting_javascript = true;
}
// static
RenderFrameHostImpl* RenderFrameHostImpl::FromID(GlobalFrameRoutingId id) {
DCHECK_CURRENTLY_ON(BrowserThread::UI);
RoutingIDFrameMap* frames = g_routing_id_frame_map.Pointer();
auto it = frames->find(id);
return it == frames->end() ? nullptr : it->second;
}
// static
RenderFrameHostImpl* RenderFrameHostImpl::FromID(int render_process_id,
int render_frame_id) {
return RenderFrameHostImpl::FromID(
GlobalFrameRoutingId(render_process_id, render_frame_id));
}
// static
RenderFrameHostImpl* RenderFrameHostImpl::FromFrameToken(
int process_id,
const base::UnguessableToken& frame_token) {
DCHECK_CURRENTLY_ON(BrowserThread::UI);
auto it = g_token_frame_map.Get().find(frame_token);
if (it == g_token_frame_map.Get().end())
return nullptr;
// TODO(tonikitoo): Consider killing the renderer when this happens
if (it->second->GetProcess()->GetID() != process_id)
return nullptr;
return it->second;
}
// static
RenderFrameHost* RenderFrameHost::FromAXTreeID(ui::AXTreeID ax_tree_id) {
return RenderFrameHostImpl::FromAXTreeID(ax_tree_id);
}
// static
RenderFrameHostImpl* RenderFrameHostImpl::FromAXTreeID(
ui::AXTreeID ax_tree_id) {
DCHECK_CURRENTLY_ON(BrowserThread::UI);
ui::AXTreeIDRegistry::FrameID frame_id =
ui::AXTreeIDRegistry::GetInstance()->GetFrameID(ax_tree_id);
return RenderFrameHostImpl::FromID(frame_id.first, frame_id.second);
}
// static
RenderFrameHostImpl* RenderFrameHostImpl::FromOverlayRoutingToken(
const base::UnguessableToken& token) {
DCHECK_CURRENTLY_ON(BrowserThread::UI);
auto it = g_token_frame_map.Get().find(token);
return it == g_token_frame_map.Get().end() ? nullptr : it->second;
}
// static
void RenderFrameHostImpl::ClearAllPrefetchedSignedExchangeCache() {
DCHECK_CURRENTLY_ON(BrowserThread::UI);
RoutingIDFrameMap* frames = g_routing_id_frame_map.Pointer();
for (auto it : *frames)
it.second->ClearPrefetchedSignedExchangeCache();
}
RenderFrameHostImpl::RenderFrameHostImpl(
SiteInstance* site_instance,
scoped_refptr<RenderViewHostImpl> render_view_host,
RenderFrameHostDelegate* delegate,
FrameTree* frame_tree,
FrameTreeNode* frame_tree_node,
int32_t routing_id,
const base::UnguessableToken& frame_token,
bool renderer_initiated_creation,
LifecycleState lifecycle_state)
: render_view_host_(std::move(render_view_host)),
delegate_(delegate),
site_instance_(static_cast<SiteInstanceImpl*>(site_instance)),
agent_scheduling_group_(site_instance_->GetAgentSchedulingGroup()),
frame_tree_(frame_tree),
frame_tree_node_(frame_tree_node),
parent_(frame_tree_node_->parent()),
routing_id_(routing_id),
is_waiting_for_unload_ack_(false),
render_frame_created_(false),
is_waiting_for_beforeunload_completion_(false),
beforeunload_dialog_request_cancels_unload_(false),
unload_ack_is_for_navigation_(false),
beforeunload_timeout_delay_(base::TimeDelta::FromMilliseconds(
RenderViewHostImpl::kUnloadTimeoutMS)),
was_discarded_(false),
is_loading_(false),
nav_entry_id_(0),
accessibility_reset_token_(0),
accessibility_reset_count_(0),
browser_plugin_embedder_ax_tree_id_(ui::AXTreeIDUnknown()),
no_create_browser_accessibility_manager_for_testing_(false),
web_ui_type_(WebUI::kNoWebUI),
has_selection_(false),
is_audible_(false),
should_virtual_keyboard_overlay_content_(false),
last_navigation_previews_state_(
blink::PreviewsTypes::PREVIEWS_UNSPECIFIED),
waiting_for_init_(renderer_initiated_creation),
has_focused_editable_element_(false),
push_messaging_manager_(
nullptr,
base::OnTaskRunnerDeleter(base::CreateSequencedTaskRunner(
{ServiceWorkerContext::GetCoreThreadId()}))),
active_sandbox_flags_(network::mojom::WebSandboxFlags::kNone),
frame_token_(frame_token),
keep_alive_timeout_(base::TimeDelta::FromSeconds(30)),
subframe_unload_timeout_(base::TimeDelta::FromMilliseconds(
RenderViewHostImpl::kUnloadTimeoutMS)),
commit_callback_interceptor_(nullptr),
media_device_id_salt_base_(
BrowserContext::CreateRandomMediaDeviceIDSalt()),
lifecycle_state_(lifecycle_state) {
DCHECK(delegate_);
DCHECK(lifecycle_state_ == LifecycleState::kSpeculative ||
lifecycle_state_ == LifecycleState::kActive);
agent_scheduling_group().AddRoute(routing_id_, this);
g_routing_id_frame_map.Get().emplace(
GlobalFrameRoutingId(GetProcess()->GetID(), routing_id_), this);
g_token_frame_map.Get().insert(std::make_pair(frame_token_, this));
site_instance_->AddObserver(this);
GetProcess()->AddObserver(this);
GetSiteInstance()->IncrementActiveFrameCount();
if (parent_) {
cross_origin_embedder_policy_ = parent_->cross_origin_embedder_policy();
// New child frames should inherit the nav_entry_id of their parent.
set_nav_entry_id(parent_->nav_entry_id());
}
SetUpMojoIfNeeded();
unload_event_monitor_timeout_ =
std::make_unique<TimeoutMonitor>(base::BindRepeating(
&RenderFrameHostImpl::OnUnloaded, weak_ptr_factory_.GetWeakPtr()));
beforeunload_timeout_ = std::make_unique<TimeoutMonitor>(
base::BindRepeating(&RenderFrameHostImpl::BeforeUnloadTimeout,
weak_ptr_factory_.GetWeakPtr()));
// Local roots are:
// - main frames; or
// - subframes in a different SiteInstance from their parent.
//
// Local roots require a RenderWidget for input/layout/painting.
if (!parent_ || IsCrossProcessSubframe()) {
if (!parent_) {
// For main frames, the RenderWidgetHost is owned by the RenderViewHost.
// TODO(https://crbug.com/545684): Once RenderViewHostImpl has-a
// RenderWidgetHostImpl, the main render frame should probably start
// owning the RenderWidgetHostImpl itself.
DCHECK(GetLocalRenderWidgetHost());
DCHECK(!GetLocalRenderWidgetHost()->owned_by_render_frame_host());
} else {
// For local child roots, the RenderFrameHost directly creates and owns
// its RenderWidgetHost.
int32_t widget_routing_id =
site_instance->GetProcess()->GetNextRoutingID();
DCHECK_EQ(nullptr, GetLocalRenderWidgetHost());
owned_render_widget_host_ = RenderWidgetHostFactory::Create(
frame_tree_->render_widget_delegate(), agent_scheduling_group_,
widget_routing_id, /*hidden=*/true);
owned_render_widget_host_->set_owned_by_render_frame_host(true);
#if defined(OS_ANDROID)
owned_render_widget_host_->SetForceEnableZoom(
delegate_->GetOrCreateWebPreferences().force_enable_zoom);
#endif // defined(OS_ANDROID)
}
if (is_main_frame())
GetLocalRenderWidgetHost()->SetIntersectsViewport(true);
GetLocalRenderWidgetHost()->SetFrameDepth(frame_tree_node_->depth());
GetLocalRenderWidgetHost()->input_router()->SetFrameTreeNodeId(
frame_tree_node_->frame_tree_node_id());
}
ResetFeaturePolicy();
// Content-Security-Policy: The CSP source 'self' is usually the origin of the
// current document, set by SetLastCommittedOrigin(). However, before a new
// frame commits its first navigation, 'self' should correspond to the origin
// of the parent (in case of a new iframe) or the opener (in case of a new
// window). This is necessary to correctly enforce CSP during the initial
// navigation.
FrameTreeNode* frame_owner =
frame_tree_node_->parent() ? frame_tree_node_->parent()->frame_tree_node()
: frame_tree_node_->opener();
if (frame_owner)
CSPContext::SetSelf(frame_owner->current_origin());
// New RenderFrameHostImpl are put in their own virtual browsing context
// group. Then, they can inherit from:
// 1) Their opener in RenderFrameHostImpl::CreateNewWindow().
// 2) Their navigation in RenderFrameHostImpl::DidCommitNavigationInternal().
virtual_browsing_context_group_ =
CrossOriginOpenerPolicyReporter::NextVirtualBrowsingContextGroup();
// IdleManager should be unique per RenderFrame to provide proper isolation
// of overrides.
idle_manager_ =
std::make_unique<IdleManagerImpl>(GetProcess()->GetBrowserContext());
}
RenderFrameHostImpl::~RenderFrameHostImpl() {
// When a RenderFrameHostImpl is deleted, it may still contain children. This
// can happen with the unload timer. It causes a RenderFrameHost to delete
// itself even if it is still waiting for its children to complete their
// unload handlers.
//
// Observers expect children to be deleted first. Do it now before notifying
// them.
ResetChildren();
// Destroying |navigation_request_| may call into delegates/observers,
// so we do it early while |this| object is still in a sane state.
ResetNavigationRequests();
// Release the WebUI instances before all else as the WebUI may accesses the
// RenderFrameHost during cleanup.
ClearWebUI();
SetLastCommittedSiteInfo(GURL());
if (last_committed_document_priority_) {
GetProcess()->UpdateFrameWithPriority(last_committed_document_priority_,
base::nullopt);
}
g_token_frame_map.Get().erase(frame_token_);
site_instance_->RemoveObserver(this);
GetProcess()->RemoveObserver(this);
const bool was_created = render_frame_created_;
render_frame_created_ = false;
if (was_created)
delegate_->RenderFrameDeleted(this);
// Ensure that the render process host has been notified that all audio
// streams from this frame have terminated. This is required to ensure the
// process host has the correct media stream count, which affects its
// background priority.
if (is_audible_)
OnAudibleStateChanged(false);
// If this was the last active frame in the SiteInstance, the
// DecrementActiveFrameCount call will trigger the deletion of the
// SiteInstance's proxies.
GetSiteInstance()->DecrementActiveFrameCount();
// Once a RenderFrame is created in the renderer, there are three possible
// clean-up paths:
// 1. The RenderFrame can be the main frame. In this case, closing the
// associated RenderView will clean up the resources associated with the
// main RenderFrame.
// 2. The RenderFrame can be unloaded. In this case, the browser sends a
// UnfreezableFrameMsg_Unload for the RenderFrame to replace itself with a
// RenderFrameProxy and release its associated resources.
// |lifecycle_state_| is advanced to LifeCycleState::kRunningUnloadHandlers
// to track that this IPC is in flight.
// 3. The RenderFrame can be detached, as part of removing a subtree (due to
// navigation, unload, or DOM mutation). In this case, the browser sends
// a UnfreezableFrameMsg_Delete for the RenderFrame to detach itself and
// release its associated resources. If the subframe contains an unload
// handler, |lifecycle_state_| is advanced to
// LifeCycleState::kRunningUnloadHandlers to track that the detach is in
// progress; otherwise, it is advanced directly to
// LifeCycleState::kReadyToBeDeleted.
//
// The browser side gives the renderer a small timeout to finish processing
// unload / detach messages. When the timeout expires, the RFH will be
// removed regardless of whether or not the renderer acknowledged that it
// completed the work, to avoid indefinitely leaking browser-side state. To
// avoid leaks, ~RenderFrameHostImpl still validates that the appropriate
// cleanup IPC was sent to the renderer, by checking IsPendingDeletion().
//
// TODO(dcheng): Due to how frame detach is signalled today, there are some
// bugs in this area. In particular, subtree detach is reported from the
// bottom up, so the replicated UnfreezableFrameMsg_Delete messages actually
// operate on a node-by-node basis rather than detaching an entire subtree at
// once...
//
// Note that this logic is fairly subtle. It needs to include all subframes
// and all speculative frames, but it should exclude case #1 (a main
// RenderFrame owned by the RenderView). It can't simply:
// - check |frame_tree_node_->render_manager()->speculative_frame_host()| for
// equality against |this|. The speculative frame host is unset before the
// speculative frame host is destroyed, so this condition would never be
// matched for a speculative RFH that needs to be destroyed.
// - check |IsCurrent()|, because the RenderFrames in an InterstitialPageImpl
// are never considered current.
//
// Directly comparing against |RenderViewHostImpl::GetMainFrame()| still has
// one additional subtlety though: |GetMainFrame()| can sometimes return a
// speculative RFH! For subframes, this obviously does not matter: a subframe
// will always pass the condition |render_view_host_->GetMainFrame() != this|.
// However, it turns out that a speculative main frame being deleted will
// *always* pass this condition as well: a speculative RFH being deleted will
// *always* first be unassociated from its corresponding RFHM. Thus, it
// follows that |GetMainFrame()| will never return the speculative main frame
// being deleted, since it must have already been unset.
if (was_created && render_view_host_->GetMainFrame() != this)
CHECK(IsPendingDeletion() || IsInBackForwardCache());
agent_scheduling_group().RemoveRoute(routing_id_);
g_routing_id_frame_map.Get().erase(
GlobalFrameRoutingId(GetProcess()->GetID(), routing_id_));
// Null out the unload timer; in crash dumps this member will be null only if
// the dtor has run. (It may also be null in tests.)
unload_event_monitor_timeout_.reset();
// Delete this before destroying the widget, to guard against reentrancy
// by in-process screen readers such as JAWS.
browser_accessibility_manager_.reset();
// Note: The RenderWidgetHost of the main frame is owned by the RenderViewHost
// instead. In this case the RenderViewHost is responsible for shutting down
// its RenderViewHost.
if (owned_render_widget_host_)
owned_render_widget_host_->ShutdownAndDestroyWidget(false);
render_view_host_.reset();
// If another frame is waiting for a beforeunload completion callback from
// this frame, simulate it now.
RenderFrameHostImpl* beforeunload_initiator = GetBeforeUnloadInitiator();
if (beforeunload_initiator && beforeunload_initiator != this) {
base::TimeTicks approx_renderer_start_time = send_before_unload_start_time_;
beforeunload_initiator->ProcessBeforeUnloadCompletedFromFrame(
true /* proceed */, false /* treat_as_final_completion_callback */,
this, true /* is_frame_being_destroyed */, approx_renderer_start_time,
base::TimeTicks::Now());
}
if (prefetched_signed_exchange_cache_)
prefetched_signed_exchange_cache_->RecordHistograms();
}
int RenderFrameHostImpl::GetRoutingID() {
return routing_id_;
}
const base::UnguessableToken& RenderFrameHostImpl::GetFrameToken() {
return frame_token_;
}
ui::AXTreeID RenderFrameHostImpl::GetAXTreeID() {
return ax_tree_id();
}
const base::UnguessableToken& RenderFrameHostImpl::GetTopFrameToken() {
RenderFrameHostImpl* frame = this;
while (frame->parent_) {
frame = frame->parent_;
}
return frame->GetFrameToken();
}
void RenderFrameHostImpl::AudioContextPlaybackStarted(int audio_context_id) {
delegate_->AudioContextPlaybackStarted(this, audio_context_id);
}
void RenderFrameHostImpl::AudioContextPlaybackStopped(int audio_context_id) {
delegate_->AudioContextPlaybackStopped(this, audio_context_id);
}
// The current frame went into the BackForwardCache.
void RenderFrameHostImpl::DidEnterBackForwardCache() {
TRACE_EVENT0("navigation", "RenderFrameHostImpl::EnterBackForwardCache");
DCHECK(IsBackForwardCacheEnabled());
DCHECK_EQ(lifecycle_state_, LifecycleState::kActive);
SetLifecycleState(LifecycleState::kInBackForwardCache);
// Pages in the back-forward cache are automatically evicted after a certain
// time.
if (!GetParent())
StartBackForwardCacheEvictionTimer();
for (auto& child : children_)
child->current_frame_host()->DidEnterBackForwardCache();
if (service_worker_container_hosts_.empty())
return;
std::vector<base::WeakPtr<ServiceWorkerContainerHost>> hosts;
for (auto host : service_worker_container_hosts_)
hosts.push_back(host.second);
RunOrPostTaskOnThread(
FROM_HERE, ServiceWorkerContext::GetCoreThreadId(),
base::BindOnce(
[](std::vector<base::WeakPtr<ServiceWorkerContainerHost>> hosts) {
for (auto host : hosts) {
if (host)
host->OnEnterBackForwardCache();
}
},
std::move(hosts)));
}
// The frame as been restored from the BackForwardCache.
void RenderFrameHostImpl::WillLeaveBackForwardCache() {
TRACE_EVENT0("navigation", "RenderFrameHostImpl::LeaveBackForwardCache");
DCHECK(IsBackForwardCacheEnabled());
DCHECK_EQ(lifecycle_state_, LifecycleState::kInBackForwardCache);
if (back_forward_cache_eviction_timer_.IsRunning())
back_forward_cache_eviction_timer_.Stop();
for (auto& child : children_)
child->current_frame_host()->WillLeaveBackForwardCache();
if (service_worker_container_hosts_.empty())
return;
std::vector<base::WeakPtr<ServiceWorkerContainerHost>> hosts;
for (auto host : service_worker_container_hosts_)
hosts.push_back(host.second);
RunOrPostTaskOnThread(
FROM_HERE, ServiceWorkerContext::GetCoreThreadId(),
base::BindOnce(
[](std::vector<base::WeakPtr<ServiceWorkerContainerHost>> hosts) {
for (auto host : hosts) {
if (host)
host->OnRestoreFromBackForwardCache();
}
},
std::move(hosts)));
}
std::unique_ptr<FrameHostMsg_DidCommitProvisionalLoad_Params>
RenderFrameHostImpl::TakeLastCommitParams() {
return std::move(last_commit_params_);
}
void RenderFrameHostImpl::StartBackForwardCacheEvictionTimer() {
DCHECK(IsInBackForwardCache());
base::TimeDelta evict_after =
BackForwardCacheImpl::GetTimeToLiveInBackForwardCache();
back_forward_cache_eviction_timer_.SetTaskRunner(
frame_tree()->controller()->GetBackForwardCache().GetTaskRunner());
back_forward_cache_eviction_timer_.Start(
FROM_HERE, evict_after,
base::BindOnce(&RenderFrameHostImpl::EvictFromBackForwardCacheWithReason,
weak_ptr_factory_.GetWeakPtr(),
BackForwardCacheMetrics::NotRestoredReason::kTimeout));
}
void RenderFrameHostImpl::DisableBackForwardCache(base::StringPiece reason) {
back_forward_cache_disabled_reasons_.insert(reason.as_string());
MaybeEvictFromBackForwardCache();
}
void RenderFrameHostImpl::DisableProactiveBrowsingInstanceSwapForTesting() {
// This should only be called on main frames.
DCHECK(!GetParent());
has_test_disabled_proactive_browsing_instance_swap_ = true;
}
void RenderFrameHostImpl::OnGrantedMediaStreamAccess() {
was_granted_media_access_ = true;
MaybeEvictFromBackForwardCache();
}
void RenderFrameHostImpl::OnPortalActivated(
std::unique_ptr<Portal> predecessor,
mojo::PendingAssociatedRemote<blink::mojom::Portal> pending_portal,
mojo::PendingAssociatedReceiver<blink::mojom::PortalClient> client_receiver,
blink::TransferableMessage data,
base::OnceCallback<void(blink::mojom::PortalActivateResult)> callback) {
auto it = portals_.insert(std::move(predecessor)).first;
GetAssociatedLocalMainFrame()->OnPortalActivated(
(*it)->portal_token(), std::move(pending_portal),
std::move(client_receiver), std::move(data),
base::BindOnce(
[](base::OnceCallback<void(blink::mojom::PortalActivateResult)>
callback,
blink::mojom::PortalActivateResult result) {
switch (result) {
case blink::mojom::PortalActivateResult::kPredecessorWillUnload:
case blink::mojom::PortalActivateResult::kPredecessorWasAdopted:
// These values are acceptable from the renderer.
break;
case blink::mojom::PortalActivateResult::
kRejectedDueToPredecessorNavigation:
case blink::mojom::PortalActivateResult::
kRejectedDueToPortalNotReady:
case blink::mojom::PortalActivateResult::
kRejectedDueToErrorInPortal:
case blink::mojom::PortalActivateResult::kDisconnected:
case blink::mojom::PortalActivateResult::kAbortedDueToBug:
// The renderer is misbehaving.
mojo::ReportBadMessage(
"Unexpected PortalActivateResult from renderer");
result = blink::mojom::PortalActivateResult::kAbortedDueToBug;
break;
}
std::move(callback).Run(result);
},
std::move(callback)));
}
void RenderFrameHostImpl::OnPortalCreatedForTesting(
std::unique_ptr<Portal> portal) {
portals_.insert(std::move(portal));
}
Portal* RenderFrameHostImpl::FindPortalByToken(
const blink::PortalToken& portal_token) {
auto it =
std::find_if(portals_.begin(), portals_.end(), [&](const auto& portal) {
return portal->portal_token() == portal_token;
});
return it == portals_.end() ? nullptr : it->get();
}
std::vector<Portal*> RenderFrameHostImpl::GetPortals() const {
std::vector<Portal*> result;
for (const auto& portal : portals_)
result.push_back(portal.get());
return result;
}
void RenderFrameHostImpl::DestroyPortal(Portal* portal) {
auto it = portals_.find(portal);
CHECK(it != portals_.end());
std::unique_ptr<Portal> owned_portal(std::move(*it));
portals_.erase(it);
// |owned_portal| is deleted as it goes out of scope.
}
void RenderFrameHostImpl::ForwardMessageFromHost(
blink::TransferableMessage message,
const url::Origin& source_origin) {
DCHECK_EQ(source_origin, GetLastCommittedOrigin());
GetAssociatedLocalMainFrame()->ForwardMessageFromHost(std::move(message),
source_origin);
}
SiteInstanceImpl* RenderFrameHostImpl::GetSiteInstance() {
return site_instance_.get();
}
RenderProcessHost* RenderFrameHostImpl::GetProcess() {
return agent_scheduling_group_.GetProcess();
}
RenderFrameHostImpl* RenderFrameHostImpl::GetParent() {
return parent_;
}
std::vector<RenderFrameHost*> RenderFrameHostImpl::GetFramesInSubtree() {
std::vector<RenderFrameHost*> frame_hosts;
for (FrameTreeNode* node : frame_tree_->SubtreeNodes(frame_tree_node()))
frame_hosts.push_back(node->current_frame_host());
return frame_hosts;
}
bool RenderFrameHostImpl::IsDescendantOf(RenderFrameHost* ancestor) {
if (!ancestor || !static_cast<RenderFrameHostImpl*>(ancestor)->child_count())
return false;
for (RenderFrameHostImpl* current = GetParent(); current;
current = current->GetParent()) {
if (current == ancestor)
return true;
}
return false;
}
int RenderFrameHostImpl::GetFrameTreeNodeId() {
return frame_tree_node_->frame_tree_node_id();
}
base::UnguessableToken RenderFrameHostImpl::GetDevToolsFrameToken() {
return frame_tree_node_->devtools_frame_token();
}
base::Optional<base::UnguessableToken>
RenderFrameHostImpl::GetEmbeddingToken() {
return embedding_token_;
}
const std::string& RenderFrameHostImpl::GetFrameName() {
return frame_tree_node_->frame_name();
}
bool RenderFrameHostImpl::IsFrameDisplayNone() {
return frame_tree_node()->frame_owner_properties().is_display_none;
}
const base::Optional<gfx::Size>& RenderFrameHostImpl::GetFrameSize() {
return frame_size_;
}
size_t RenderFrameHostImpl::GetFrameDepth() {
return frame_tree_node()->depth();
}
bool RenderFrameHostImpl::IsCrossProcessSubframe() {
if (!parent_)
return false;
return GetSiteInstance() != parent_->GetSiteInstance();
}
const GURL& RenderFrameHostImpl::GetLastCommittedURL() {
return last_committed_url_;
}
const url::Origin& RenderFrameHostImpl::GetLastCommittedOrigin() {
return last_committed_origin_;
}
const net::NetworkIsolationKey& RenderFrameHostImpl::GetNetworkIsolationKey() {
DCHECK(!isolation_info_.IsEmpty());
return isolation_info_.network_isolation_key();
}
const net::IsolationInfo&
RenderFrameHostImpl::GetIsolationInfoForSubresources() {
DCHECK(!isolation_info_.IsEmpty());
return isolation_info_;
}
void RenderFrameHostImpl::GetCanonicalUrlForSharing(
mojom::Frame::GetCanonicalUrlForSharingCallback callback) {
// TODO(https://crbug.com/859110): Remove this once frame_ can no longer be
// null.
if (IsRenderFrameLive()) {
frame_->GetCanonicalUrlForSharing(std::move(callback));
} else {
std::move(callback).Run(base::nullopt);
}
}
void RenderFrameHostImpl::GetSerializedHtmlWithLocalLinks(
const base::flat_map<GURL, base::FilePath>& url_map,
const base::flat_map<base::UnguessableToken, base::FilePath>&
frame_token_map,
bool save_with_empty_url,
mojo::PendingRemote<mojom::FrameHTMLSerializerHandler> serializer_handler) {
// TODO(https://crbug.com/859110): Remove once frame_ can no longer be null.
if (!IsRenderFrameLive())
return;
frame_->GetSerializedHtmlWithLocalLinks(url_map, frame_token_map,
save_with_empty_url,
std::move(serializer_handler));
}
void RenderFrameHostImpl::ExecuteMediaPlayerActionAtLocation(
const gfx::Point& location,
const blink::mojom::MediaPlayerAction& action) {
auto media_player_action = blink::mojom::MediaPlayerAction::New();
media_player_action->type = action.type;
media_player_action->enable = action.enable;
gfx::PointF point_in_view = GetView()->TransformRootPointToViewCoordSpace(
gfx::PointF(location.x(), location.y()));
GetAssociatedLocalFrame()->MediaPlayerActionAt(
gfx::Point(point_in_view.x(), point_in_view.y()),
std::move(media_player_action));
}
bool RenderFrameHostImpl::CreateNetworkServiceDefaultFactory(
mojo::PendingReceiver<network::mojom::URLLoaderFactory>
default_factory_receiver) {
mojo::PendingRemote<network::mojom::CrossOriginEmbedderPolicyReporter>
coep_reporter_remote;
if (coep_reporter_) {
coep_reporter_->Clone(
coep_reporter_remote.InitWithNewPipeAndPassReceiver());
}
// We use the last committed Origin and ClientSecurityState. If the caller
// wanted a factory associated to a navigation about to commit, the params
// generated won't be correct. There is no good way of fixing this before
// RenderDocumentHost (ie swapping RenderFrameHost on each navigation).
return CreateNetworkServiceDefaultFactoryAndObserve(
CreateURLLoaderFactoryParamsForMainWorld(
last_committed_origin_,
mojo::Clone(last_committed_client_security_state_),
std::move(coep_reporter_remote),
DetermineAfterCommitWhetherToForbidTrustTokenRedemption(this),
"RFHI::CreateNetworkServiceDefaultFactory"),
std::move(default_factory_receiver));
}
void RenderFrameHostImpl::MarkIsolatedWorldsAsRequiringSeparateURLLoaderFactory(
base::flat_set<url::Origin> isolated_world_origins,
bool push_to_renderer_now) {
size_t old_size =
isolated_worlds_requiring_separate_url_loader_factory_.size();
isolated_worlds_requiring_separate_url_loader_factory_.insert(
isolated_world_origins.begin(), isolated_world_origins.end());
size_t new_size =
isolated_worlds_requiring_separate_url_loader_factory_.size();
bool insertion_took_place = (old_size != new_size);
// Push the updated set of factories to the renderer, but only if
// 1) the caller requested an immediate push (e.g. for content scripts
// injected programmatically chrome.tabs.executeCode, but not for content
// scripts declared in the manifest - the difference is that the latter
// happen at a commit and the factories can just be send in the commit
// IPC).
// 2) an insertion actually took place / the factories have been modified
// 3) a commit has taken place before (i.e. the frame has received a factory
// bundle before).
if (push_to_renderer_now && insertion_took_place &&
has_committed_any_navigation_) {
std::unique_ptr<blink::PendingURLLoaderFactoryBundle>
subresource_loader_factories =
std::make_unique<blink::PendingURLLoaderFactoryBundle>();
subresource_loader_factories->pending_isolated_world_factories() =
CreateURLLoaderFactoriesForIsolatedWorlds(
GetExpectedMainWorldOriginForUrlLoaderFactory(),
isolated_world_origins,
mojo::Clone(last_committed_client_security_state_),
DetermineAfterCommitWhetherToForbidTrustTokenRedemption(this));
GetNavigationControl()->UpdateSubresourceLoaderFactories(
std::move(subresource_loader_factories));
}
}
bool RenderFrameHostImpl::IsSandboxed(network::mojom::WebSandboxFlags flags) {
if (base::FeatureList::IsEnabled(features::kFeaturePolicyForSandbox)) {
blink::mojom::FeaturePolicyFeature feature =
blink::FeaturePolicy::FeatureForSandboxFlag(flags);
if (feature != blink::mojom::FeaturePolicyFeature::kNotFound)
return !IsFeatureEnabled(feature);
}
return static_cast<int>(active_sandbox_flags_) & static_cast<int>(flags);
}
blink::web_pref::WebPreferences
RenderFrameHostImpl::GetOrCreateWebPreferences() {
return delegate()->GetOrCreateWebPreferences();
}
blink::PendingURLLoaderFactoryBundle::OriginMap
RenderFrameHostImpl::CreateURLLoaderFactoriesForIsolatedWorlds(
const url::Origin& main_world_origin,
const base::flat_set<url::Origin>& isolated_world_origins,
network::mojom::ClientSecurityStatePtr client_security_state,
network::mojom::TrustTokenRedemptionPolicy trust_token_redemption_policy) {
auto preferences = GetOrCreateWebPreferences();
blink::PendingURLLoaderFactoryBundle::OriginMap result;
for (const url::Origin& isolated_world_origin : isolated_world_origins) {
network::mojom::URLLoaderFactoryParamsPtr factory_params =
URLLoaderFactoryParamsHelper::CreateForIsolatedWorld(
this, isolated_world_origin, main_world_origin,
mojo::Clone(client_security_state), trust_token_redemption_policy);
mojo::PendingRemote<network::mojom::URLLoaderFactory> factory_remote;
CreateNetworkServiceDefaultFactoryAndObserve(
std::move(factory_params),
factory_remote.InitWithNewPipeAndPassReceiver());
result[isolated_world_origin] = std::move(factory_remote);
}
return result;
}
gfx::NativeView RenderFrameHostImpl::GetNativeView() {
RenderWidgetHostView* view = render_view_host_->GetWidget()->GetView();
if (!view)
return nullptr;
return view->GetNativeView();
}
void RenderFrameHostImpl::AddMessageToConsole(
blink::mojom::ConsoleMessageLevel level,
const std::string& message) {
AddMessageToConsoleImpl(level, message, false /* discard_duplicates */);
}
void RenderFrameHostImpl::ExecuteJavaScript(const base::string16& javascript,
JavaScriptResultCallback callback) {
DCHECK_CURRENTLY_ON(BrowserThread::UI);
CHECK(CanExecuteJavaScript());
const bool wants_result = !callback.is_null();
GetNavigationControl()->JavaScriptExecuteRequest(javascript, wants_result,
std::move(callback));
}
void RenderFrameHostImpl::ExecuteJavaScriptInIsolatedWorld(
const base::string16& javascript,
JavaScriptResultCallback callback,
int32_t world_id) {
DCHECK_CURRENTLY_ON(BrowserThread::UI);
DCHECK_GT(world_id, ISOLATED_WORLD_ID_GLOBAL);
DCHECK_LE(world_id, ISOLATED_WORLD_ID_MAX);
const bool wants_result = !callback.is_null();
GetNavigationControl()->JavaScriptExecuteRequestInIsolatedWorld(
javascript, wants_result, world_id, std::move(callback));
}
void RenderFrameHostImpl::ExecuteJavaScriptForTests(
const base::string16& javascript,
JavaScriptResultCallback callback,
int32_t world_id) {
DCHECK_CURRENTLY_ON(BrowserThread::UI);
const bool has_user_gesture = false;
const bool wants_result = !callback.is_null();
GetNavigationControl()->JavaScriptExecuteRequestForTests( // IN-TEST
javascript, wants_result, has_user_gesture, world_id,
std::move(callback));
}
void RenderFrameHostImpl::ExecuteJavaScriptWithUserGestureForTests(
const base::string16& javascript,
int32_t world_id) {
DCHECK_CURRENTLY_ON(BrowserThread::UI);
// TODO(mustaq): The render-to-browser state update caused by the below
// JavaScriptExecuteRequestsForTests call is redundant with this update. We
// should determine if the redundancy can be removed.
frame_tree_node()->UpdateUserActivationState(
blink::mojom::UserActivationUpdateType::kNotifyActivation,
blink::mojom::UserActivationNotificationType::kTest);
const bool has_user_gesture = true;
GetNavigationControl()->JavaScriptExecuteRequestForTests( // IN-TEST
javascript, false, has_user_gesture, world_id, base::NullCallback());
}
void RenderFrameHostImpl::CopyImageAt(int x, int y) {
gfx::PointF point_in_view =
GetView()->TransformRootPointToViewCoordSpace(gfx::PointF(x, y));
GetAssociatedLocalFrame()->CopyImageAt(
gfx::Point(point_in_view.x(), point_in_view.y()));
}
void RenderFrameHostImpl::SaveImageAt(int x, int y) {
gfx::PointF point_in_view =
GetView()->TransformRootPointToViewCoordSpace(gfx::PointF(x, y));
GetAssociatedLocalFrame()->SaveImageAt(
gfx::Point(point_in_view.x(), point_in_view.y()));
}
RenderViewHost* RenderFrameHostImpl::GetRenderViewHost() {
return render_view_host_.get();
}
service_manager::InterfaceProvider* RenderFrameHostImpl::GetRemoteInterfaces() {
return remote_interfaces_.get();
}
blink::AssociatedInterfaceProvider*
RenderFrameHostImpl::GetRemoteAssociatedInterfaces() {
if (!remote_associated_interfaces_) {
mojo::AssociatedRemote<blink::mojom::AssociatedInterfaceProvider>
remote_interfaces;
if (agent_scheduling_group().GetChannel()) {
agent_scheduling_group().GetRemoteRouteProvider()->GetRoute(
GetRoutingID(), remote_interfaces.BindNewEndpointAndPassReceiver());
} else {
// The channel may not be initialized in some tests environments. In this
// case we set up a dummy interface provider.
ignore_result(
remote_interfaces.BindNewEndpointAndPassDedicatedReceiver());
}
remote_associated_interfaces_ =
std::make_unique<blink::AssociatedInterfaceProvider>(
remote_interfaces.Unbind());
}
return remote_associated_interfaces_.get();
}
PageVisibilityState RenderFrameHostImpl::GetVisibilityState() {
// Works around the crashes seen in https://crbug.com/501863, where the
// active WebContents from a browser iterator may contain a render frame
// detached from the frame tree. This tries to find a RenderWidgetHost
// attached to an ancestor frame, and defaults to visibility hidden if
// it fails.
// TODO(yfriedman, peter): Ideally this would never be called on an
// unattached frame and we could omit this check. See
// https://crbug.com/615867.
RenderFrameHostImpl* frame = this;
while (frame) {
if (frame->GetLocalRenderWidgetHost())
break;
frame = frame->GetParent();
}
if (!frame)
return PageVisibilityState::kHidden;
PageVisibilityState visibility_state = GetRenderWidgetHost()->is_hidden()
? PageVisibilityState::kHidden
: PageVisibilityState::kVisible;
GetContentClient()->browser()->OverridePageVisibilityState(this,
&visibility_state);
return visibility_state;
}
bool RenderFrameHostImpl::Send(IPC::Message* message) {
return agent_scheduling_group().Send(message);
}
bool RenderFrameHostImpl::OnMessageReceived(const IPC::Message& msg) {
// Only process messages if the RenderFrame is alive.
if (!render_frame_created_)
return false;
// Crash reports triggered by IPC messages for this frame should be associated
// with its URL.
ScopedActiveURL scoped_active_url(this);
if (delegate_->OnMessageReceived(this, msg))
return true;
RenderFrameProxyHost* proxy =
frame_tree_node_->render_manager()->GetProxyToParent();
if (proxy && proxy->cross_process_frame_connector() &&
proxy->cross_process_frame_connector()->OnMessageReceived(msg))
return true;
bool handled = true;
IPC_BEGIN_MESSAGE_MAP(RenderFrameHostImpl, msg)
IPC_MESSAGE_HANDLER(FrameHostMsg_Unload_ACK, OnUnloadACK)
IPC_MESSAGE_HANDLER(FrameHostMsg_ContextMenu, OnContextMenu)
IPC_END_MESSAGE_MAP()
// No further actions here, since we may have been deleted.
return handled;
}
void RenderFrameHostImpl::OnAssociatedInterfaceRequest(
const std::string& interface_name,
mojo::ScopedInterfaceEndpointHandle handle) {
ContentBrowserClient* browser_client = GetContentClient()->browser();
if (!associated_registry_->TryBindInterface(interface_name, &handle) &&
!browser_client->BindAssociatedReceiverFromFrame(this, interface_name,
&handle)) {
delegate_->OnAssociatedInterfaceRequest(this, interface_name,
std::move(handle));
}
}
void RenderFrameHostImpl::AccessibilityPerformAction(
const ui::AXActionData& action_data) {
// Don't perform any Accessibility action on an inactive frame.
if (IsInactiveAndDisallowReactivation() || !render_accessibility_)
return;
if (action_data.action == ax::mojom::Action::kHitTest) {
AccessibilityHitTest(action_data.target_point,
action_data.hit_test_event_to_fire,
action_data.request_id, {});
return;
}
// Set the input modality in RenderWidgetHostViewAura to touch so the
// VK shows up.
if (action_data.action == ax::mojom::Action::kFocus) {
RenderWidgetHostViewBase* view = static_cast<RenderWidgetHostViewBase*>(
render_view_host_->GetWidget()->GetView());
if (view)
view->SetLastPointerType(ui::EventPointerType::kTouch);
}
render_accessibility_->PerformAction(action_data);
}
bool RenderFrameHostImpl::AccessibilityViewHasFocus() {
RenderWidgetHostView* view = render_view_host_->GetWidget()->GetView();
if (view)
return view->HasFocus();
return false;
}
void RenderFrameHostImpl::AccessibilityViewSetFocus() {
// Don't update Accessibility for inactive frames.
if (IsInactiveAndDisallowReactivation())
return;
RenderWidgetHostView* view = render_view_host_->GetWidget()->GetView();
if (view)
view->Focus();
}
gfx::Rect RenderFrameHostImpl::AccessibilityGetViewBounds() {
RenderWidgetHostView* view = render_view_host_->GetWidget()->GetView();
if (view)
return view->GetViewBounds();
return gfx::Rect();
}
float RenderFrameHostImpl::AccessibilityGetDeviceScaleFactor() {
RenderWidgetHostView* view = render_view_host_->GetWidget()->GetView();
if (view)
return GetScaleFactorForView(view);
return 1.0f;
}
void RenderFrameHostImpl::AccessibilityReset() {
if (!render_accessibility_)
return;
accessibility_reset_token_ = g_next_accessibility_reset_token++;
render_accessibility_->Reset(accessibility_reset_token_);
}
void RenderFrameHostImpl::AccessibilityFatalError() {
browser_accessibility_manager_.reset(nullptr);
if (accessibility_reset_token_ || !render_accessibility_)
return;
accessibility_reset_count_++;
if (accessibility_reset_count_ >= kMaxAccessibilityResets) {
render_accessibility_->FatalError();
} else {
AccessibilityReset();
}
}
gfx::AcceleratedWidget
RenderFrameHostImpl::AccessibilityGetAcceleratedWidget() {
// Only the main frame's current frame host is connected to the native
// widget tree for accessibility, so return null if this is queried on
// any other frame.
if (!is_main_frame() || !IsCurrent())
return gfx::kNullAcceleratedWidget;
RenderWidgetHostViewBase* view = static_cast<RenderWidgetHostViewBase*>(
render_view_host_->GetWidget()->GetView());
if (view)
return view->AccessibilityGetAcceleratedWidget();
return gfx::kNullAcceleratedWidget;
}
gfx::NativeViewAccessible
RenderFrameHostImpl::AccessibilityGetNativeViewAccessible() {
// If this method is called when the document is in BackForwardCache, evict
// the document to avoid ignoring any accessibility related events which the
// document might not expect.
if (IsInactiveAndDisallowReactivation())
return nullptr;
RenderWidgetHostViewBase* view = static_cast<RenderWidgetHostViewBase*>(
render_view_host_->GetWidget()->GetView());
if (view)
return view->AccessibilityGetNativeViewAccessible();
return nullptr;
}
gfx::NativeViewAccessible
RenderFrameHostImpl::AccessibilityGetNativeViewAccessibleForWindow() {
// If this method is called when the frame is in BackForwardCache, evict
// the frame to avoid ignoring any accessibility related events which are not
// expected.
if (IsInactiveAndDisallowReactivation())
return nullptr;
RenderWidgetHostViewBase* view = static_cast<RenderWidgetHostViewBase*>(
render_view_host_->GetWidget()->GetView());
if (view)
return view->AccessibilityGetNativeViewAccessibleForWindow();
return nullptr;
}
WebContents* RenderFrameHostImpl::AccessibilityWebContents() {
// If this method is called when the frame is in BackForwardCache, evict
// the frame to avoid ignoring any accessibility related events which are not
// expected.
if (IsInactiveAndDisallowReactivation())
return nullptr;
return delegate()->GetAsWebContents();
}
void RenderFrameHostImpl::AccessibilityHitTest(
const gfx::Point& point_in_frame_pixels,
ax::mojom::Event opt_event_to_fire,
int opt_request_id,
base::OnceCallback<void(BrowserAccessibilityManager* hit_manager,
int hit_node_id)> opt_callback) {
// This is called by BrowserAccessibilityManager. During teardown it's
// possible that render_accessibility_ is null but the corresponding
// BrowserAccessibilityManager still exists and could call this.
if (IsInactiveAndDisallowReactivation() || !render_accessibility_) {
if (opt_callback)
std::move(opt_callback).Run(nullptr, 0);
return;
}
render_accessibility_->HitTest(
point_in_frame_pixels, opt_event_to_fire, opt_request_id,
base::BindOnce(&RenderFrameHostImpl::AccessibilityHitTestCallback,
weak_ptr_factory_.GetWeakPtr(), opt_request_id,
opt_event_to_fire, std::move(opt_callback)));
}
bool RenderFrameHostImpl::AccessibilityIsMainFrame() {
return is_main_frame();
}
void RenderFrameHostImpl::RenderProcessExited(
RenderProcessHost* host,
const ChildProcessTerminationInfo& info) {
if (base::FeatureList::IsEnabled(features::kCrashReporting))
MaybeGenerateCrashReport(info.status, info.exit_code);
// When a frame's process dies, its RenderFrame no longer exists, which means
// that its child frames must be cleaned up as well.
ResetChildren();
// Reset state for the current RenderFrameHost once the FrameTreeNode has been
// reset.
SetRenderFrameCreated(false);
InvalidateMojoConnection();
document_scoped_interface_provider_receiver_.reset();
broker_receiver_.reset();
SetLastCommittedUrl(GURL());
web_bundle_handle_.reset();
must_be_replaced_ = ShouldCreateNewHostForCrashedFrame();
has_committed_any_navigation_ = false;
#if defined(OS_ANDROID)
// Execute any pending Samsung smart clip callbacks.
for (base::IDMap<std::unique_ptr<ExtractSmartClipDataCallback>>::iterator
iter(&smart_clip_callbacks_);
!iter.IsAtEnd(); iter.Advance()) {
std::move(*iter.GetCurrentValue())
.Run(base::string16(), base::string16(), gfx::Rect());
}
smart_clip_callbacks_.Clear();
#endif // defined(OS_ANDROID)
// Ensure that future remote interface requests are associated with the new
// process's channel.
remote_associated_interfaces_.reset();
// Any termination disablers in content loaded by the new process will
// be sent again.
has_before_unload_handler_ = false;
has_unload_handler_ = false;
has_pagehide_handler_ = false;
has_visibilitychange_handler_ = false;
if (IsPendingDeletion()) {
// If the process has died, we don't need to wait for the ACK. Complete the
// deletion immediately.
SetLifecycleState(LifecycleState::kReadyToBeDeleted);
DCHECK(children_.empty());
PendingDeletionCheckCompleted();
// |this| is deleted. Don't add any more code at this point in the function.
return;
}
// If this was the current pending or speculative RFH dying, cancel and
// destroy it.
frame_tree_node_->render_manager()->CancelPendingIfNecessary(this);
// Note: don't add any more code at this point in the function because
// |this| may be deleted. Any additional cleanup should happen before
// the last block of code here.
}
void RenderFrameHostImpl::RenderProcessGone(
SiteInstanceImpl* site_instance,
const ChildProcessTerminationInfo& info) {
DCHECK_EQ(site_instance_.get(), site_instance);
if (IsInBackForwardCache()) {
EvictFromBackForwardCacheWithReason(
info.status == base::TERMINATION_STATUS_PROCESS_CRASHED
? BackForwardCacheMetrics::NotRestoredReason::
kRendererProcessCrashed
: BackForwardCacheMetrics::NotRestoredReason::
kRendererProcessKilled);
return;
}
if (owned_render_widget_host_)
owned_render_widget_host_->RendererExited();
// The renderer process is gone, so this frame can no longer be loading.
if (navigation_request())
navigation_request()->set_net_error(net::ERR_ABORTED);
ResetNavigationRequests();
ResetLoadingState();
// Any future UpdateState or UpdateTitle messages from this or a recreated
// process should be ignored until the next commit.
set_nav_entry_id(0);
if (is_audible_)
OnAudibleStateChanged(false);
}
void RenderFrameHostImpl::ReportContentSecurityPolicyViolation(
network::mojom::CSPViolationPtr violation_params) {
GetAssociatedLocalFrame()->ReportContentSecurityPolicyViolation(
std::move(violation_params));
}
void RenderFrameHostImpl::SanitizeDataForUseInCspViolation(
bool is_redirect,
network::mojom::CSPDirectiveName directive,
GURL* blocked_url,
network::mojom::SourceLocation* source_location) const {
DCHECK(blocked_url);
DCHECK(source_location);
GURL source_location_url(source_location->url);
// The main goal of this is to avoid leaking information between potentially
// separate renderers, in the event of one of them being compromised.
// See https://crbug.com/633306.
bool sanitize_blocked_url = true;
bool sanitize_source_location = true;
// There is no need to sanitize data when it is same-origin with the current
// url of the renderer.
if (url::Origin::Create(*blocked_url)
.IsSameOriginWith(last_committed_origin_))
sanitize_blocked_url = false;
if (url::Origin::Create(source_location_url)
.IsSameOriginWith(last_committed_origin_))
sanitize_source_location = false;
// When a renderer tries to do a form submission, it already knows the url of
// the blocked url, except when it is redirected.
if (!is_redirect && directive == network::mojom::CSPDirectiveName::FormAction)
sanitize_blocked_url = false;
if (sanitize_blocked_url)
*blocked_url = blocked_url->GetOrigin();
if (sanitize_source_location) {
source_location->url = source_location_url.GetOrigin().spec();
source_location->line = 0u;
source_location->column = 0u;
}
}
void RenderFrameHostImpl::PerformAction(const ui::AXActionData& data) {
AccessibilityPerformAction(data);
}
bool RenderFrameHostImpl::RequiresPerformActionPointInPixels() const {
return true;
}
bool RenderFrameHostImpl::SchemeShouldBypassCSP(
const base::StringPiece& scheme) {
// Blink uses its SchemeRegistry to check if a scheme should be bypassed.
// It can't be used on the browser process. It is used for two things:
// 1) Bypassing the "chrome-extension" scheme when chrome is built with the
// extensions support.
// 2) Bypassing arbitrary scheme for testing purpose only in blink and in V8.
// TODO(arthursonzogni): url::GetBypassingCSPScheme() is used instead of the
// blink::SchemeRegistry. It contains 1) but not 2).
const auto& bypassing_schemes = url::GetCSPBypassingSchemes();
return base::Contains(bypassing_schemes, scheme);
}
bool RenderFrameHostImpl::CreateRenderFrame(
int previous_routing_id,
const base::Optional<base::UnguessableToken>& opener_frame_token,
int parent_routing_id,
int previous_sibling_routing_id) {
TRACE_EVENT0("navigation", "RenderFrameHostImpl::CreateRenderFrame");
DCHECK(!IsRenderFrameLive()) << "Creating frame twice";
// The process may (if we're sharing a process with another host that already
// initialized it) or may not (we have our own process or the old process
// crashed) have been initialized. Calling Init multiple times will be
// ignored, so this is safe.
if (!GetProcess()->Init())
return false;
DCHECK(GetProcess()->IsInitializedAndNotDead());
mojo::PendingRemote<service_manager::mojom::InterfaceProvider>
interface_provider;
BindInterfaceProviderReceiver(
interface_provider.InitWithNewPipeAndPassReceiver());
mojo::PendingRemote<blink::mojom::BrowserInterfaceBroker>
browser_interface_broker;
BindBrowserInterfaceBrokerReceiver(
browser_interface_broker.InitWithNewPipeAndPassReceiver());
mojom::CreateFrameParamsPtr params = mojom::CreateFrameParams::New();
params->interface_bundle = mojom::DocumentScopedInterfaceBundle::New(
std::move(interface_provider), std::move(browser_interface_broker));
params->routing_id = routing_id_;
params->previous_routing_id = previous_routing_id;
params->opener_frame_token = opener_frame_token;
params->parent_routing_id = parent_routing_id;
params->previous_sibling_routing_id = previous_sibling_routing_id;
params->replication_state = frame_tree_node()->current_replication_state();
params->frame_token = frame_token_;
params->devtools_frame_token = frame_tree_node()->devtools_frame_token();
// Normally, the replication state contains effective frame policy, excluding
// sandbox flags and feature policy attributes that were updated but have not
// taken effect. However, a new RenderFrame should use the pending frame
// policy, since it is being created as part of the navigation that will
// commit it. (I.e., the RenderFrame needs to know the policy to use when
// initializing the new document once it commits).
params->replication_state.frame_policy =
frame_tree_node()->pending_frame_policy();
// If we switched BrowsingInstances because of the COOP header, we should
// clear the frame name. This below informs the renderer at frame creation.
NavigationRequest* navigation_request =
frame_tree_node()->navigation_request();
if (navigation_request &&
navigation_request->coop_status().require_browsing_instance_swap()) {
params->replication_state.name = "";
// "COOP swaps" only affect main frames, that have an empty unique name.
DCHECK(params->replication_state.unique_name.empty());
}
params->frame_owner_properties =
frame_tree_node()->frame_owner_properties().Clone();
params->has_committed_real_load =
frame_tree_node()->has_committed_real_load();
// The RenderWidgetHost takes ownership of its view. It is tied to the
// lifetime of the current RenderProcessHost for this RenderFrameHost.
// TODO(avi): This will need to change to initialize a
// RenderWidgetHostViewAura for the main frame once RenderViewHostImpl has-a
// RenderWidgetHostImpl. https://crbug.com/545684
if (owned_render_widget_host_) {
DCHECK(parent_);
DCHECK_NE(parent_routing_id, MSG_ROUTING_NONE);
blink::ScreenInfo screen_info;
parent_->GetRenderWidgetHost()->GetScreenInfo(&screen_info);
RenderWidgetHostView* rwhv = RenderWidgetHostViewChildFrame::Create(
owned_render_widget_host_.get(), screen_info);
// The child frame should be created hidden.
DCHECK(!rwhv->IsShowing());
}
if (auto* rwh = GetLocalRenderWidgetHost()) {
params->widget_params = mojom::CreateFrameWidgetParams::New();
params->widget_params->routing_id =
GetLocalRenderWidgetHost()->GetRoutingID();
params->widget_params->visual_properties =
GetLocalRenderWidgetHost()->GetInitialVisualProperties();
std::tie(params->widget_params->widget_host,
params->widget_params->widget) = rwh->BindNewWidgetInterfaces();
std::tie(params->widget_params->frame_widget_host,
params->widget_params->frame_widget) =
rwh->BindNewFrameWidgetInterfaces();
}
// https://crbug.com/1006814. The renderer needs at least one of these IDs to
// be able to insert the new frame in the frame tree.
DCHECK(params->previous_routing_id != MSG_ROUTING_NONE ||
params->parent_routing_id != MSG_ROUTING_NONE);
agent_scheduling_group().CreateFrame(std::move(params));
if (previous_routing_id != MSG_ROUTING_NONE) {
RenderFrameProxyHost* proxy = RenderFrameProxyHost::FromID(
GetProcess()->GetID(), previous_routing_id);
// We have also created a RenderFrameProxy in CreateFrame above, so
// remember that.
//
// RenderDocument: |proxy| can be null, when |previous_routing_id| refers to
// a RenderFrameHost instead of a RenderFrameProxy.
if (proxy)
proxy->SetRenderFrameProxyCreated(true);
}
// The renderer now has a RenderFrame for this RenderFrameHost. Note that
// this path is only used for out-of-process iframes. Main frame RenderFrames
// are created with their RenderView, and same-site iframes are created at the
// time of OnCreateChildFrame.
SetRenderFrameCreated(true);
return true;
}
void RenderFrameHostImpl::DeleteRenderFrame(FrameDeleteIntention intent) {
if (IsPendingDeletion())
return;
if (render_frame_created_) {
Send(new UnfreezableFrameMsg_Delete(routing_id_, intent));
if (!frame_tree_node_->IsMainFrame() && IsCurrent()) {
DCHECK_NE(lifecycle_state(), LifecycleState::kSpeculative);
// If this subframe has unload handlers (and isn't speculative), ensure
// that they have a chance to execute by delaying process cleanup. This
// will prevent the process from shutting down immediately in the case
// where this is the last active frame in the process.
// See https://crbug.com/852204.
if (has_unload_handlers()) {
RenderProcessHostImpl* process =
static_cast<RenderProcessHostImpl*>(GetProcess());
process->DelayProcessShutdownForUnload(subframe_unload_timeout_);
}
// If the subframe takes too long to unload, force its removal from the
// tree. See https://crbug.com/950625.
subframe_unload_timer_.Start(FROM_HERE, subframe_unload_timeout_, this,
&RenderFrameHostImpl::OnUnloadTimeout);
}
}
LifecycleState lifecycle_state = has_unload_handlers()
? LifecycleState::kRunningUnloadHandlers
: LifecycleState::kReadyToBeDeleted;
SetLifecycleState(lifecycle_state);
}
void RenderFrameHostImpl::SetRenderFrameCreated(bool created) {
// We should not create new RenderFrames while our delegate is being destroyed
// (e.g., via a WebContentsObserver during WebContents shutdown). This seems
// to have caused crashes in https://crbug.com/717650.
if (created)
CHECK(!delegate_->IsBeingDestroyed());
bool was_created = render_frame_created_;
render_frame_created_ = created;
// Clear all the user data associated with this RenderFrameHost when its
// RenderFrame is recreated after a crash. Checking
// |was_render_frame_ever_created_| guarantees that the user data isn't
// cleared for the initial RenderFrame creation. Note that the user data is
// intentionally not cleared at the time of crash. Please refer to
// https://crbug.com/1099237 for more details.
//
// Clearing of user data should be called before RenderFrameCreated to ensure:
// - a) new new state set in RenderFrameCreated doesn't get deleted.
// - b) the old state is not leaked to a new RenderFrameHost.
if (!was_created && created && was_render_frame_ever_created_)
document_associated_data_.ClearAllUserData();
if (created)
was_render_frame_ever_created_ = true;
// If the current status is different than the new status, the delegate
// needs to be notified.
if (created != was_created) {
if (created) {
SetUpMojoIfNeeded();
delegate_->RenderFrameCreated(this);
} else {
delegate_->RenderFrameDeleted(this);
}
}
// TODO(http://crbug.com/1014212): Change to DCHECK.
if (created)
CHECK(frame_);
if (created && GetLocalRenderWidgetHost()) {
GetLocalRenderWidgetHost()->input_router()->SetFrameTreeNodeId(
frame_tree_node_->frame_tree_node_id());
mojo::Remote<viz::mojom::InputTargetClient> input_target_client;
remote_interfaces_->GetInterface(
input_target_client.BindNewPipeAndPassReceiver());
input_target_client_ = input_target_client.get();
GetLocalRenderWidgetHost()->SetInputTargetClient(
std::move(input_target_client));
GetLocalRenderWidgetHost()->InitForFrame();
}
if (enabled_bindings_ && created)
GetFrameBindingsControl()->AllowBindings(enabled_bindings_);
if (web_ui_) {
if (created) {
if (enabled_bindings_ & BINDINGS_POLICY_WEB_UI)
web_ui_->SetupMojoConnection();
} else {
web_ui_->InvalidateMojoConnection();
}
}
}
void RenderFrameHostImpl::SwapIn() {
GetNavigationControl()->SwapIn();
}
void RenderFrameHostImpl::Init() {
ResumeBlockedRequestsForFrame();
if (!waiting_for_init_)
return;
waiting_for_init_ = false;
if (pending_navigate_) {
frame_tree_node()->navigator().OnBeginNavigation(
frame_tree_node(), std::move(pending_navigate_->common_params),
std::move(pending_navigate_->begin_navigation_params),
std::move(pending_navigate_->blob_url_loader_factory),
std::move(pending_navigate_->navigation_client),
std::move(pending_navigate_->navigation_initiator),
EnsurePrefetchedSignedExchangeCache(),
MaybeCreateWebBundleHandleTracker());
pending_navigate_.reset();
}
}
void RenderFrameHostImpl::OnAudibleStateChanged(bool is_audible) {
DCHECK_NE(is_audible_, is_audible);
if (is_audible) {
GetProcess()->OnMediaStreamAdded();
} else {
GetProcess()->OnMediaStreamRemoved();
}
is_audible_ = is_audible;
delegate_->OnFrameAudioStateChanged(this, is_audible_);
}
void RenderFrameHostImpl::DidAddMessageToConsole(
blink::mojom::ConsoleMessageLevel log_level,
const base::string16& message,
int32_t line_no,
const base::string16& source_id) {
if (delegate_->DidAddMessageToConsole(log_level, message, line_no,
source_id)) {
return;
}
// Pass through log severity only on builtin components pages to limit console
// spew.
const bool is_builtin_component =
HasWebUIScheme(delegate_->GetMainFrameLastCommittedURL()) ||
GetContentClient()->browser()->IsBuiltinComponent(
GetProcess()->GetBrowserContext(), GetLastCommittedOrigin());
const bool is_off_the_record =
GetSiteInstance()->GetBrowserContext()->IsOffTheRecord();
LogConsoleMessage(log_level, message, line_no, is_builtin_component,
is_off_the_record, source_id);
}
void RenderFrameHostImpl::OnCreateChildFrame(
int new_routing_id,
mojo::PendingReceiver<service_manager::mojom::InterfaceProvider>
new_interface_provider_provider_receiver,
mojo::PendingReceiver<blink::mojom::BrowserInterfaceBroker>
browser_interface_broker_receiver,
blink::mojom::TreeScopeType scope,
const std::string& frame_name,
const std::string& frame_unique_name,
bool is_created_by_script,
const base::UnguessableToken& frame_token,
const base::UnguessableToken& devtools_frame_token,
const blink::FramePolicy& frame_policy,
const blink::mojom::FrameOwnerProperties& frame_owner_properties,
const blink::mojom::FrameOwnerElementType owner_type) {
// TODO(lukasza): Call ReceivedBadMessage when |frame_unique_name| is empty.
DCHECK(!frame_unique_name.empty());
DCHECK(new_interface_provider_provider_receiver.is_valid());
DCHECK(browser_interface_broker_receiver.is_valid());
if (owner_type == blink::mojom::FrameOwnerElementType::kNone) {
// Any child frame must have a HTMLFrameOwnerElement in its parent document
// and therefore the corresponding type of kNone (specific to main frames)
// is invalid.
bad_message::ReceivedBadMessage(
GetProcess(), bad_message::RFH_CHILD_FRAME_NEEDS_OWNER_ELEMENT_TYPE);
}
// The RenderFrame corresponding to this host sent an IPC message to create a
// child, but by the time we get here, it's possible for the RenderFrameHost
// to become pending deletion, or for its process to have disconnected (maybe
// due to browser shutdown). Ignore such messages.
if (IsInactiveAndDisallowReactivation() || !render_frame_created_)
return;
// |new_routing_id|, |new_interface_provider_provider_receiver|,
// |browser_interface_broker_receiver| and |devtools_frame_token| were
// generated on the browser's IO thread and not taken from the renderer
// process.
frame_tree_->AddFrame(this, GetProcess()->GetID(), new_routing_id,
std::move(new_interface_provider_provider_receiver),
std::move(browser_interface_broker_receiver), scope,
frame_name, frame_unique_name, is_created_by_script,
frame_token, devtools_frame_token, frame_policy,
frame_owner_properties, was_discarded_, owner_type);
}
void RenderFrameHostImpl::DidNavigate(
const FrameHostMsg_DidCommitProvisionalLoad_Params& params,
NavigationRequest* navigation_request,
bool did_create_new_document) {
// Keep track of the last committed URL and origin in the RenderFrameHost
// itself. These allow GetLastCommittedURL and GetLastCommittedOrigin to
// stay correct even if the render_frame_host later becomes pending deletion.
// The URL is set regardless of whether it's for a net error or not.
frame_tree_node_->SetCurrentURL(params.url);
SetLastCommittedOrigin(params.origin);
// Separately, update the frame's last successful URL except for net error
// pages, since those do not end up in the correct process after transfers
// (see https://crbug.com/560511). Instead, the next cross-process navigation
// or transfer should decide whether to swap as if the net error had not
// occurred.
// TODO(creis): Remove this block and always set the URL.
// See https://crbug.com/588314.
if (!params.url_is_unreachable)
last_successful_url_ = params.url;
// Reset the salt so that media device IDs are reset after the new navigation
// if necessary.
media_device_id_salt_base_ = BrowserContext::CreateRandomMediaDeviceIDSalt();
if (did_create_new_document)
DidCommitNewDocument(params, navigation_request);
}
void RenderFrameHostImpl::SetLastCommittedOrigin(const url::Origin& origin) {
last_committed_origin_ = origin;
CSPContext::SetSelf(origin);
}
void RenderFrameHostImpl::SetLastCommittedOriginForTesting(
const url::Origin& origin) {
SetLastCommittedOrigin(origin);
}
const url::Origin& RenderFrameHostImpl::ComputeTopFrameOrigin(
const url::Origin& frame_origin) const {
if (frame_tree_node_->IsMainFrame()) {
return frame_origin;
}
DCHECK(parent_);
// It's important to go through parent_ rather than via
// frame_free_->root() here in case we're in process of being deleted, as the
// latter might point to what our ancestor is being replaced with rather than
// the actual ancestor.
RenderFrameHostImpl* host = parent_;
while (host->parent_) {
host = host->parent_;
}
return host->GetLastCommittedOrigin();
}
net::IsolationInfo RenderFrameHostImpl::ComputeIsolationInfoForNavigation(
const GURL& destination) const {
net::IsolationInfo::RedirectMode redirect_mode =
frame_tree_node_->IsMainFrame()
? net::IsolationInfo::RedirectMode::kUpdateTopFrame
: net::IsolationInfo::RedirectMode::kUpdateFrameOnly;
return ComputeIsolationInfoInternal(url::Origin::Create(destination),
redirect_mode);
}
net::SiteForCookies RenderFrameHostImpl::ComputeSiteForCookies() {
return isolation_info_.site_for_cookies();
}
net::IsolationInfo RenderFrameHostImpl::ComputeIsolationInfoInternal(
const url::Origin& frame_origin,
net::IsolationInfo::RedirectMode redirect_mode) const {
url::Origin top_frame_origin = ComputeTopFrameOrigin(frame_origin);
net::SiteForCookies candidate_site_for_cookies =
net::SiteForCookies::FromOrigin(top_frame_origin);
if (GetContentClient()
->browser()
->ShouldTreatURLSchemeAsFirstPartyWhenTopLevel(
top_frame_origin.scheme(),
GURL::SchemeIsCryptographic(frame_origin.scheme()))) {
return net::IsolationInfo::Create(redirect_mode, top_frame_origin,
frame_origin, candidate_site_for_cookies);
}
// Make sure all ancestors have origins consistent with the candidate
// SiteForCookies of the main document. Otherwise, SameSite cookies may not be
// used. For frame requests, it's OK to skip checking the frame itself since
// each request will be validated against |site_for_cookies| anyway.
for (const RenderFrameHostImpl* rfh = this->parent_; rfh;
rfh = rfh->parent_) {
if (!candidate_site_for_cookies.IsEquivalent(
net::SiteForCookies::FromOrigin(rfh->last_committed_origin_))) {
return net::IsolationInfo::Create(redirect_mode, top_frame_origin,
frame_origin, net::SiteForCookies());
}
candidate_site_for_cookies.MarkIfCrossScheme(rfh->last_committed_origin_);
}
// If |redirect_mode| is kUpdateNothing, then IsolationInfo is being computed
// for subresource requests. In that case, also need to check the
// SiteForCookies against the frame origin.
if (redirect_mode == net::IsolationInfo::RedirectMode::kUpdateNothing &&
!candidate_site_for_cookies.IsEquivalent(
net::SiteForCookies::FromOrigin(frame_origin))) {
return net::IsolationInfo::Create(redirect_mode, top_frame_origin,
frame_origin, net::SiteForCookies());
}
return net::IsolationInfo::Create(redirect_mode, top_frame_origin,
frame_origin, candidate_site_for_cookies);
}
void RenderFrameHostImpl::SetOriginDependentStateOfNewFrame(
const url::Origin& new_frame_creator) {
// This method should only be called for *new* frames, that haven't committed
// a navigation yet.
DCHECK(!has_committed_any_navigation_);
DCHECK(GetLastCommittedOrigin().opaque());
DCHECK(isolation_info_.IsEmpty());
// Calculate and set |new_frame_origin|.
bool new_frame_should_be_sandboxed =
network::mojom::WebSandboxFlags::kOrigin ==
(frame_tree_node()->active_sandbox_flags() &
network::mojom::WebSandboxFlags::kOrigin);
url::Origin new_frame_origin = new_frame_should_be_sandboxed
? new_frame_creator.DeriveNewOpaqueOrigin()
: new_frame_creator;
isolation_info_ = ComputeIsolationInfoInternal(
new_frame_origin, net::IsolationInfo::RedirectMode::kUpdateNothing);
SetLastCommittedOrigin(new_frame_origin);
// Construct the frame's feature policy only once we know its initial
// committed origin. It's necessary to wait for the origin because the feature
// policy's state depends on the origin, so the FeaturePolicy object could be
// configured incorrectly if it were initialized before knowing the value of
// |last_committed_origin_|. More at crbug.com/1112959.
ResetFeaturePolicy();
}
FrameTreeNode* RenderFrameHostImpl::AddChild(
std::unique_ptr<FrameTreeNode> child,
int process_id,
int frame_routing_id,
const base::UnguessableToken& frame_token) {
// Child frame must always be created in the same process as the parent.
CHECK_EQ(process_id, GetProcess()->GetID());
// Initialize the RenderFrameHost for the new node. We always create child
// frames in the same SiteInstance as the current frame, and they can swap to
// a different one if they navigate away.
child->render_manager()->InitChild(GetSiteInstance(), frame_routing_id,
frame_token);
// Other renderer processes in this BrowsingInstance may need to find out
// about the new frame. Create a proxy for the child frame in all
// SiteInstances that have a proxy for the frame's parent, since all frames
// in a frame tree should have the same set of proxies.
frame_tree_node_->render_manager()->CreateProxiesForChildFrame(child.get());
// When the child is added, it hasn't committed any navigation yet - its
// initial empty document should inherit the origin of its parent (the origin
// may change after the first commit). See also https://crbug.com/932067.
child->current_frame_host()->SetOriginDependentStateOfNewFrame(
GetLastCommittedOrigin());
children_.push_back(std::move(child));
return children_.back().get();
}
void RenderFrameHostImpl::RemoveChild(FrameTreeNode* child) {
for (auto iter = children_.begin(); iter != children_.end(); ++iter) {
if (iter->get() == child) {
// Subtle: we need to make sure the node is gone from the tree before
// observers are notified of its deletion.
std::unique_ptr<FrameTreeNode> node_to_delete(std::move(*iter));
children_.erase(iter);
node_to_delete->current_frame_host()->DeleteRenderFrame(
FrameDeleteIntention::kNotMainFrame);
// Speculative RenderFrameHosts are deleted by the FrameTreeNode's
// RenderFrameHostManager's destructor. RenderFrameProxyHosts send
// UnfreezableFrameMsg_Delete automatically in the destructor.
// TODO(dcheng): This is horribly confusing. Refactor this logic so it's
// more understandable.
node_to_delete.reset();
PendingDeletionCheckCompleted();
return;
}
}
}
void RenderFrameHostImpl::ResetChildren() {
// Remove child nodes from the tree, then delete them. This destruction
// operation will notify observers. See https://crbug.com/612450 for
// explanation why we don't just call the std::vector::clear method.
std::vector<std::unique_ptr<FrameTreeNode>> children;
children.swap(children_);
// TODO(dcheng): Ideally, this would be done by messaging all the proxies of
// this RenderFrameHostImpl to detach the current frame's children, rather
// than messaging each child's current frame host...
for (auto& child : children)
child->current_frame_host()->DeleteRenderFrame(
FrameDeleteIntention::kNotMainFrame);
}
void RenderFrameHostImpl::SetLastCommittedUrl(const GURL& url) {
last_committed_url_ = url;
}
void RenderFrameHostImpl::UpdateRenderProcessHostFramePriorities() {
const auto new_committed_document_priority =
delegate_->IsFrameLowPriority(this)
? RenderProcessHostImpl::FramePriority::kLow
: RenderProcessHostImpl::FramePriority::kNormal;
if (last_committed_document_priority_ != new_committed_document_priority) {
GetProcess()->UpdateFrameWithPriority(last_committed_document_priority_,
new_committed_document_priority);
last_committed_document_priority_ = new_committed_document_priority;
}
}
void RenderFrameHostImpl::Detach() {
if (!parent_) {
bad_message::ReceivedBadMessage(GetProcess(),
bad_message::RFH_DETACH_MAIN_FRAME);
return;
}
// A frame is removed while replacing this document with the new one. When it
// happens, delete the frame and both the new and old documents. Unload
// handlers aren't guaranteed to run here.
if (is_waiting_for_unload_ack_) {
parent_->RemoveChild(frame_tree_node_);
return;
}
// Ignore Detach Mojo API, if the RenderFrameHost should be left in pending
// deletion state.
if (do_not_delete_for_testing_)
return;
if (IsPendingDeletion()) {
// The frame is pending deletion. Detach Mojo API is used to confirm its
// unload handlers ran. Note that it is possible for a frame to already be
// in kReadyToBeDeleted. This happens when this RenderFrameHost is pending
// deletion and is waiting on one of its children to run its unload
// handler. While running it, it can request its parent to detach itself.
// See test: SitePerProcessBrowserTest.PartialUnloadHandler.
if (lifecycle_state_ != LifecycleState::kReadyToBeDeleted)
SetLifecycleState(LifecycleState::kReadyToBeDeleted);
PendingDeletionCheckCompleted(); // Can delete |this|.
return;
}
// This frame is being removed by the renderer, and it has already executed
// its unload handler.
SetLifecycleState(LifecycleState::kReadyToBeDeleted);
// Before completing the removal, we still need to wait for all of its
// descendant frames to execute unload handlers. Start executing those
// handlers now.
StartPendingDeletionOnSubtree();
frame_tree()->FrameUnloading(frame_tree_node_);
// Some children with no unload handler may be eligible for immediate
// deletion. Cut the dead branches now. This is a performance optimization.
PendingDeletionCheckCompletedOnSubtree(); // Can delete |this|.
}
void RenderFrameHostImpl::DidFailLoadWithError(const GURL& url,
int32_t error_code) {
TRACE_EVENT2("navigation", "RenderFrameHostImpl::DidFailLoadWithError",
"frame_tree_node", frame_tree_node_->frame_tree_node_id(),
"error", error_code);
GURL validated_url(url);
GetProcess()->FilterURL(false, &validated_url);
frame_tree_node_->navigator().DidFailLoadWithError(this, validated_url,
error_code);
}
void RenderFrameHostImpl::DidFocusFrame() {
// We don't handle this IPC signal for non-active RenderFrameHost.
//
// For RenderFrameHost in BackForwardCache, it is safe to ignore this IPC as
// there is a renderer side check (see Document::IsFocusedAllowed) which
// returns false.
if (lifecycle_state_ != LifecycleState::kActive)
return;
// We need to handle receiving this IPC from a frame that is inside a portal
// despite there being a renderer side check (see Document::IsFocusAllowed).
// This is because the IPC to notify a page that it is inside a portal (see
// WebContentsImpl::NotifyInsidePortal) may race with portal activation, and
// we may run into a situation where a frame inside a portal doesn't know it's
// inside a portal yet and allows focus.
if (InsidePortal())
return;
delegate_->SetFocusedFrame(frame_tree_node_, GetSiteInstance());
}
void RenderFrameHostImpl::DidCallFocus() {
delegate_->DidCallFocus();
}
void RenderFrameHostImpl::DidAddContentSecurityPolicies(
std::vector<network::mojom::ContentSecurityPolicyPtr> policies) {
TRACE_EVENT1("navigation",
"RenderFrameHostImpl::OnDidAddContentSecurityPolicies",
"frame_tree_node", frame_tree_node_->frame_tree_node_id());
std::vector<network::mojom::ContentSecurityPolicyHeaderPtr> headers;
for (auto& policy : policies) {
headers.push_back(policy->header.Clone());
AddContentSecurityPolicy(std::move(policy));
}
frame_tree_node()->AddContentSecurityPolicies(std::move(headers));
}
void RenderFrameHostImpl::CancelInitialHistoryLoad() {
// A Javascript navigation interrupted the initial history load. Check if an
// initial subframe cross-process navigation needs to be canceled as a result.
// TODO(creis, clamy): Cancel any cross-process navigation.
NOTIMPLEMENTED();
}
void RenderFrameHostImpl::DidChangeActiveSchedulerTrackedFeatures(
uint64_t features_mask) {
renderer_reported_scheduler_tracked_features_ = features_mask;
MaybeEvictFromBackForwardCache();
}
void RenderFrameHostImpl::OnSchedulerTrackedFeatureUsed(
blink::scheduler::WebSchedulerTrackedFeature feature) {
browser_reported_scheduler_tracked_features_ |=
1ull << static_cast<uint64_t>(feature);
MaybeEvictFromBackForwardCache();
}
bool RenderFrameHostImpl::IsFrozen() {
// TODO(crbug.com/1081920): Account for non-bfcache freezing here as well.
return lifecycle_state_ == LifecycleState::kInBackForwardCache;
}
void RenderFrameHostImpl::DidCommitProvisionalLoad(
std::unique_ptr<FrameHostMsg_DidCommitProvisionalLoad_Params> params,
mojom::DidCommitProvisionalLoadInterfaceParamsPtr interface_params) {
if (MaybeInterceptCommitCallback(nullptr, params.get(), &interface_params)) {
DidCommitNavigation(std::move(navigation_request_), std::move(params),
std::move(interface_params));
}
}
void RenderFrameHostImpl::DidCommitBackForwardCacheNavigation(
NavigationRequest* committing_navigation_request,
std::unique_ptr<FrameHostMsg_DidCommitProvisionalLoad_Params> params) {
auto request = navigation_requests_.find(committing_navigation_request);
CHECK(request != navigation_requests_.end());
std::unique_ptr<NavigationRequest> owned_request = std::move(request->second);
navigation_requests_.erase(committing_navigation_request);
// During a normal (uncached) navigation, is_loading_ is set to true in
// CommitNavigation(). When navigating to a document in the BackForwardCache,
// CommitNavigation() is never called, so we have to set is_loading_ to true
// ourselves.
//
// If is_start_loading_ is set to false, DidCommitNavigationInternal will
// re-fire the DidStartLoading event, which we don't want since it has already
// been fired.
is_loading_ = true;
DidCommitNavigationInternal(std::move(owned_request), std::move(params),
/*is_same_document_navigation=*/false);
// The page is already loaded since it came from the cache, so fire the stop
// loading event.
DidStopLoading();
}
void RenderFrameHostImpl::DidCommitPerNavigationMojoInterfaceNavigation(
NavigationRequest* committing_navigation_request,
std::unique_ptr<FrameHostMsg_DidCommitProvisionalLoad_Params> params,
mojom::DidCommitProvisionalLoadInterfaceParamsPtr interface_params) {
DCHECK(committing_navigation_request);
committing_navigation_request->IgnoreCommitInterfaceDisconnection();
if (!MaybeInterceptCommitCallback(committing_navigation_request, params.get(),
&interface_params)) {
return;
}
auto request = navigation_requests_.find(committing_navigation_request);
// The committing request should be in the map of NavigationRequests for
// this RenderFrameHost.
CHECK(request != navigation_requests_.end());
std::unique_ptr<NavigationRequest> owned_request = std::move(request->second);
navigation_requests_.erase(committing_navigation_request);
DidCommitNavigation(std::move(owned_request), std::move(params),
std::move(interface_params));
}
void RenderFrameHostImpl::DidCommitSameDocumentNavigation(
std::unique_ptr<FrameHostMsg_DidCommitProvisionalLoad_Params> params) {
ScopedActiveURL scoped_active_url(params->url,
frame_tree()->root()->current_origin());
ScopedCommitStateResetter commit_state_resetter(this);
// When the frame is pending deletion, the browser is waiting for it to unload
// properly. In the meantime, because of race conditions, it might tries to
// commit a same-document navigation before unloading. Similarly to what is
// done with cross-document navigations, such navigation are ignored. The
// browser already committed to destroying this RenderFrameHost.
// See https://crbug.com/805705 and https://crbug.com/930132.
// TODO(ahemery): Investigate to see if this can be removed when the
// NavigationClient interface is implemented.
// If this is called when the frame is in BackForwardCache, evict the frame
// to avoid ignoring the renderer-initiated navigation, which the frame
// might not expect.
if (IsInactiveAndDisallowReactivation())
return;
TRACE_EVENT2("navigation",
"RenderFrameHostImpl::DidCommitSameDocumentNavigation",
"frame_tree_node", frame_tree_node_->frame_tree_node_id(), "url",
params->url.possibly_invalid_spec());
// Check if the navigation matches a stored same-document NavigationRequest.
// In that case it is browser-initiated.
bool is_browser_initiated =
same_document_navigation_request_ &&
(same_document_navigation_request_->commit_params().navigation_token ==
params->navigation_token);
if (!DidCommitNavigationInternal(
is_browser_initiated ? std::move(same_document_navigation_request_)
: nullptr,
std::move(params), true /* is_same_document_navigation*/)) {
return;
}
// Since we didn't early return, it's safe to keep the commit state.
commit_state_resetter.disable();
}
RenderWidgetHostImpl* RenderFrameHostImpl::GetRenderWidgetHost() {
RenderFrameHostImpl* frame = this;
while (frame) {
if (frame->GetLocalRenderWidgetHost())
return frame->GetLocalRenderWidgetHost();
frame = frame->GetParent();
}
NOTREACHED();
return nullptr;
}
RenderWidgetHostView* RenderFrameHostImpl::GetView() {
return GetRenderWidgetHost()->GetView();
}
GlobalFrameRoutingId RenderFrameHostImpl::GetGlobalFrameRoutingId() {
return GlobalFrameRoutingId(GetProcess()->GetID(), GetRoutingID());
}
bool RenderFrameHostImpl::HasPendingCommitNavigation() const {
return navigation_request_ || same_document_navigation_request_ ||
!navigation_requests_.empty();
}
void RenderFrameHostImpl::ResetNavigationRequests() {
navigation_request_.reset();
same_document_navigation_request_.reset();
navigation_requests_.clear();
}
void RenderFrameHostImpl::SetNavigationRequest(
std::unique_ptr<NavigationRequest> navigation_request) {
DCHECK(navigation_request);
if (NavigationTypeUtils::IsSameDocument(
navigation_request->common_params().navigation_type)) {
same_document_navigation_request_ = std::move(navigation_request);
return;
}
navigation_requests_[navigation_request.get()] =
std::move(navigation_request);
}
void RenderFrameHostImpl::Unload(RenderFrameProxyHost* proxy, bool is_loading) {
// The end of this event is in OnUnloadACK when the RenderFrame has completed
// the operation and sends back an IPC message.
TRACE_EVENT_NESTABLE_ASYNC_BEGIN1("navigation", "RenderFrameHostImpl::Unload",
TRACE_ID_LOCAL(this), "frame_tree_node",
frame_tree_node_->frame_tree_node_id());
// If this RenderFrameHost is already pending deletion, it must have already
// gone through this, therefore just return.
if (IsPendingDeletion()) {
NOTREACHED() << "RFH should be in default state when calling Unload.";
return;
}
if (unload_event_monitor_timeout_ && !do_not_delete_for_testing_) {
unload_event_monitor_timeout_->Start(base::TimeDelta::FromMilliseconds(
RenderViewHostImpl::kUnloadTimeoutMS));
}
// TODO(nasko): If the frame is not live, the RFH should just be deleted by
// simulating the receipt of unload ack.
is_waiting_for_unload_ack_ = true;
if (proxy) {
SetLifecycleState(LifecycleState::kRunningUnloadHandlers);
if (IsRenderFrameLive()) {
Send(new UnfreezableFrameMsg_Unload(
routing_id_, proxy->GetRoutingID(), is_loading,
proxy->frame_tree_node()->current_replication_state(),
proxy->GetFrameToken()));
// Remember that a RenderFrameProxy was created as part of processing the
// Unload message above.
proxy->SetRenderFrameProxyCreated(true);
}
} else {
// RenderDocument: After a local<->local swap, this function is called with
// a null |proxy|.
CHECK(ShouldCreateNewHostForSameSiteSubframe());
// The unload handlers already ran for this document during the
// local<->local swap. Hence, there is no need to send
// UnfreezableFrameMsg_Unload here. It can be marked at completed.
SetLifecycleState(LifecycleState::kReadyToBeDeleted);
}
if (web_ui())
web_ui()->RenderFrameHostUnloading();
web_bluetooth_services_.clear();
StartPendingDeletionOnSubtree();
// Some children with no unload handler may be eligible for deletion. Cut the
// dead branches now. This is a performance optimization.
PendingDeletionCheckCompletedOnSubtree();
// |this| is potentially deleted. Do not add code after this.
}
void RenderFrameHostImpl::DetachFromProxy() {
if (IsPendingDeletion())
return;
// Start pending deletion on this frame and its children.
DeleteRenderFrame(FrameDeleteIntention::kNotMainFrame);
StartPendingDeletionOnSubtree();
frame_tree()->FrameUnloading(frame_tree_node_);
// Some children with no unload handler may be eligible for immediate
// deletion. Cut the dead branches now. This is a performance optimization.
PendingDeletionCheckCompletedOnSubtree(); // May delete |this|.
}
void RenderFrameHostImpl::ProcessBeforeUnloadCompleted(
bool proceed,
bool treat_as_final_completion_callback,
const base::TimeTicks& renderer_before_unload_start_time,
const base::TimeTicks& renderer_before_unload_end_time) {
TRACE_EVENT_NESTABLE_ASYNC_END1(
"navigation", "RenderFrameHostImpl BeforeUnload", TRACE_ID_LOCAL(this),
"FrameTreeNode id", frame_tree_node_->frame_tree_node_id());
// If this renderer navigated while the beforeunload request was in flight, we
// may have cleared this state in DidCommitProvisionalLoad, in which case we
// can ignore this message.
// However renderer might also be swapped out but we still want to proceed
// with navigation, otherwise it would block future navigations. This can
// happen when pending cross-site navigation is canceled by a second one just
// before DidCommitProvisionalLoad while current RVH is waiting for commit
// but second navigation is started from the beginning.
RenderFrameHostImpl* initiator = GetBeforeUnloadInitiator();
if (!initiator)
return;
// Continue processing the ACK in the frame that triggered beforeunload in
// this frame. This could be either this frame itself or an ancestor frame.
initiator->ProcessBeforeUnloadCompletedFromFrame(
proceed, treat_as_final_completion_callback, this,
false /* is_frame_being_destroyed */, renderer_before_unload_start_time,
renderer_before_unload_end_time);
}
RenderFrameHostImpl* RenderFrameHostImpl::GetBeforeUnloadInitiator() {
for (RenderFrameHostImpl* frame = this; frame; frame = frame->GetParent()) {
if (frame->is_waiting_for_beforeunload_completion_)
return frame;
}
return nullptr;
}
void RenderFrameHostImpl::ProcessBeforeUnloadCompletedFromFrame(
bool proceed,
bool treat_as_final_completion_callback,
RenderFrameHostImpl* frame,
bool is_frame_being_destroyed,
const base::TimeTicks& renderer_before_unload_start_time,
const base::TimeTicks& renderer_before_unload_end_time) {
// Check if we need to wait for more beforeunload completion callbacks. If
// |proceed| is false, we know the navigation or window close will be aborted,
// so we don't need to wait for beforeunload completion callbacks from any
// other frames. |treat_as_final_completion_callback| also indicates that we
// shouldn't wait for any other ACKs (e.g., when a beforeunload timeout
// fires).
if (!proceed || treat_as_final_completion_callback) {
beforeunload_pending_replies_.clear();
} else {
beforeunload_pending_replies_.erase(frame);
if (!beforeunload_pending_replies_.empty())
return;
}
DCHECK(!send_before_unload_start_time_.is_null());
// Sets a default value for before_unload_end_time so that the browser
// survives a hacked renderer.
base::TimeTicks before_unload_end_time = renderer_before_unload_end_time;
if (!renderer_before_unload_start_time.is_null() &&
!renderer_before_unload_end_time.is_null()) {
base::TimeTicks before_unload_completed_time = base::TimeTicks::Now();
if (!base::TimeTicks::IsConsistentAcrossProcesses()) {
// TimeTicks is not consistent across processes and we are passing
// TimeTicks across process boundaries so we need to compensate for any
// skew between the processes. Here we are converting the renderer's
// notion of before_unload_end_time to TimeTicks in the browser process.
// See comments in inter_process_time_ticks_converter.h for more.
InterProcessTimeTicksConverter converter(
LocalTimeTicks::FromTimeTicks(send_before_unload_start_time_),
LocalTimeTicks::FromTimeTicks(before_unload_completed_time),
RemoteTimeTicks::FromTimeTicks(renderer_before_unload_start_time),
RemoteTimeTicks::FromTimeTicks(renderer_before_unload_end_time));
LocalTimeTicks browser_before_unload_end_time =
converter.ToLocalTimeTicks(
RemoteTimeTicks::FromTimeTicks(renderer_before_unload_end_time));
before_unload_end_time = browser_before_unload_end_time.ToTimeTicks();
}
base::TimeDelta on_before_unload_overhead_time =
(before_unload_completed_time - send_before_unload_start_time_) -
(renderer_before_unload_end_time - renderer_before_unload_start_time);
UMA_HISTOGRAM_TIMES("Navigation.OnBeforeUnloadOverheadTime",
on_before_unload_overhead_time);
frame_tree_node_->navigator().LogBeforeUnloadTime(
renderer_before_unload_start_time, renderer_before_unload_end_time,
send_before_unload_start_time_);
}
// Resets beforeunload waiting state.
is_waiting_for_beforeunload_completion_ = false;
has_shown_beforeunload_dialog_ = false;
if (beforeunload_timeout_)
beforeunload_timeout_->Stop();
send_before_unload_start_time_ = base::TimeTicks();
// If the ACK is for a navigation, send it to the Navigator to have the
// current navigation stop/proceed. Otherwise, send it to the
// RenderFrameHostManager which handles closing.
if (unload_ack_is_for_navigation_) {
frame_tree_node_->navigator().BeforeUnloadCompleted(
frame_tree_node_, proceed, before_unload_end_time);
} else {
// We could reach this from a subframe destructor for |frame| while we're
// in the middle of closing the current tab. In that case, dispatch the
// ACK to prevent re-entrancy and a potential nested attempt to free the
// current frame. See https://crbug.com/866382.
base::OnceClosure task = base::BindOnce(
[](base::WeakPtr<RenderFrameHostImpl> self,
const base::TimeTicks& before_unload_end_time, bool proceed) {
if (!self)
return;
self->frame_tree_node()->render_manager()->BeforeUnloadCompleted(
proceed, before_unload_end_time);
},
weak_ptr_factory_.GetWeakPtr(), before_unload_end_time, proceed);
if (is_frame_being_destroyed) {
DCHECK(proceed);
base::ThreadTaskRunnerHandle::Get()->PostTask(FROM_HERE, std::move(task));
} else {
std::move(task).Run();
}
}
// If canceled, notify the delegate to cancel its pending navigation entry.
// This is usually redundant with the dialog closure code in WebContentsImpl's
// OnDialogClosed, but there may be some cases that Blink returns !proceed
// without showing the dialog. We also update the address bar here to be safe.
if (!proceed)
delegate_->DidCancelLoading();
}
bool RenderFrameHostImpl::IsWaitingForUnloadACK() const {
return render_view_host_->is_waiting_for_page_close_completion_ ||
is_waiting_for_unload_ack_;
}
bool RenderFrameHostImpl::BeforeUnloadTimedOut() const {
return beforeunload_timeout_ &&
(send_before_unload_start_time_ != base::TimeTicks()) &&
(base::TimeTicks::Now() - send_before_unload_start_time_) >
beforeunload_timeout_delay_;
}
void RenderFrameHostImpl::OnUnloadACK() {
if (frame_tree_node_->render_manager()->is_attaching_inner_delegate()) {
// This RFH was unloaded while attaching an inner delegate. The RFH
// will stay around but it will no longer be associated with a RenderFrame.
SetRenderFrameCreated(false);
return;
}
// Ignore spurious unload ack.
if (!is_waiting_for_unload_ack_)
return;
// Ignore OnUnloadACK if the RenderFrameHost should be left in pending
// deletion state.
if (do_not_delete_for_testing_)
return;
DCHECK_EQ(LifecycleState::kRunningUnloadHandlers, lifecycle_state_);
SetLifecycleState(LifecycleState::kReadyToBeDeleted);
PendingDeletionCheckCompleted(); // Can delete |this|.
}
void RenderFrameHostImpl::OnUnloaded() {
DCHECK(is_waiting_for_unload_ack_);
TRACE_EVENT_NESTABLE_ASYNC_END0("navigation", "RenderFrameHostImpl::Unload",
TRACE_ID_LOCAL(this));
if (unload_event_monitor_timeout_)
unload_event_monitor_timeout_->Stop();
ClearWebUI();
bool deleted =
frame_tree_node_->render_manager()->DeleteFromPendingList(this);
CHECK(deleted);
}
void RenderFrameHostImpl::DisableUnloadTimerForTesting() {
unload_event_monitor_timeout_.reset();
}
void RenderFrameHostImpl::SetSubframeUnloadTimeoutForTesting(
const base::TimeDelta& timeout) {
subframe_unload_timeout_ = timeout;
}
void RenderFrameHostImpl::OnContextMenu(
const UntrustworthyContextMenuParams& params) {
if (IsInactiveAndDisallowReactivation())
return;
// Validate the URLs in |params|. If the renderer can't request the URLs
// directly, don't show them in the context menu.
ContextMenuParams validated_params(params);
validated_params.page_url = GetMainFrame()->GetLastCommittedURL();
if (GetParent()) // Only populate |frame_url| for subframes.
validated_params.frame_url = GetLastCommittedURL();
// We don't validate |unfiltered_link_url| so that this field can be used
// when users want to copy the original link URL.
RenderProcessHost* process = GetProcess();
process->FilterURL(true, &validated_params.link_url);
process->FilterURL(true, &validated_params.src_url);
process->FilterURL(false, &validated_params.page_url);
process->FilterURL(true, &validated_params.frame_url);
// It is necessary to transform the coordinates to account for nested
// RenderWidgetHosts, such as with out-of-process iframes.
gfx::Point original_point(validated_params.x, validated_params.y);
gfx::Point transformed_point =
static_cast<RenderWidgetHostViewBase*>(GetView())
->TransformPointToRootCoordSpace(original_point);
validated_params.x = transformed_point.x();
validated_params.y = transformed_point.y();
if (validated_params.selection_start_offset < 0) {
bad_message::ReceivedBadMessage(
GetProcess(), bad_message::RFH_NEGATIVE_SELECTION_START_OFFSET);
}
delegate_->ShowContextMenu(this, validated_params);
}
#if defined(OS_ANDROID)
void RenderFrameHostImpl::RequestSmartClipExtract(
ExtractSmartClipDataCallback callback,
gfx::Rect rect) {
int32_t callback_id = smart_clip_callbacks_.Add(
std::make_unique<ExtractSmartClipDataCallback>(std::move(callback)));
frame_->ExtractSmartClipData(
rect, base::BindOnce(&RenderFrameHostImpl::OnSmartClipDataExtracted,
base::Unretained(this), callback_id));
}
void RenderFrameHostImpl::OnSmartClipDataExtracted(int32_t callback_id,
const base::string16& text,
const base::string16& html,
const gfx::Rect& clip_rect) {
std::move(*smart_clip_callbacks_.Lookup(callback_id))
.Run(text, html, clip_rect);
smart_clip_callbacks_.Remove(callback_id);
}
#endif // defined(OS_ANDROID)
void RenderFrameHostImpl::RunModalAlertDialog(
const base::string16& alert_message,
RunModalAlertDialogCallback response_callback) {
auto dialog_closed_callback = base::BindOnce(
[](RunModalAlertDialogCallback response_callback, bool success,
const base::string16& response) {
// The response string is unused but we use a generic mechanism for
// closing the javascript dialog that returns two arguments.
std::move(response_callback).Run();
},
std::move(response_callback));
RunJavaScriptDialog(alert_message, base::string16(),
JAVASCRIPT_DIALOG_TYPE_ALERT,
std::move(dialog_closed_callback));
}
void RenderFrameHostImpl::RunModalConfirmDialog(
const base::string16& alert_message,
RunModalConfirmDialogCallback response_callback) {
auto dialog_closed_callback = base::BindOnce(
[](RunModalConfirmDialogCallback response_callback, bool success,
const base::string16& response) {
// The response string is unused but we use a generic mechanism for
// closing the javascript dialog that returns two arguments.
std::move(response_callback).Run(success);
},
std::move(response_callback));
RunJavaScriptDialog(alert_message, base::string16(),
JAVASCRIPT_DIALOG_TYPE_CONFIRM,
std::move(dialog_closed_callback));
}
void RenderFrameHostImpl::RunModalPromptDialog(
const base::string16& alert_message,
const base::string16& default_value,
RunModalPromptDialogCallback response_callback) {
RunJavaScriptDialog(alert_message, default_value,
JAVASCRIPT_DIALOG_TYPE_PROMPT,
std::move(response_callback));
}
void RenderFrameHostImpl::RunJavaScriptDialog(
const base::string16& message,
const base::string16& default_prompt,
JavaScriptDialogType dialog_type,
JavaScriptDialogCallback ipc_response_callback) {
// Don't show the dialog if it's triggered on a non-active RenderFrameHost.
// This happens when the RenderFrameHost is pending deletion or in the
// back-forward cache.
if (lifecycle_state_ != LifecycleState::kActive) {
std::move(ipc_response_callback).Run(true, base::string16());
return;
}
// While a JS message dialog is showing, tabs in the same process shouldn't
// process input events.
GetProcess()->SetBlocked(true);
delegate_->RunJavaScriptDialog(
this, message, default_prompt, dialog_type,
base::BindOnce(&RenderFrameHostImpl::JavaScriptDialogClosed,
weak_ptr_factory_.GetWeakPtr(),
std::move(ipc_response_callback)));
}
void RenderFrameHostImpl::RunBeforeUnloadConfirm(
bool is_reload,
RunBeforeUnloadConfirmCallback ipc_response_callback) {
TRACE_EVENT1("navigation", "RenderFrameHostImpl::OnRunBeforeUnloadConfirm",
"frame_tree_node", frame_tree_node_->frame_tree_node_id());
// Allow at most one attempt to show a beforeunload dialog per navigation.
RenderFrameHostImpl* beforeunload_initiator = GetBeforeUnloadInitiator();
if (beforeunload_initiator) {
// If the running beforeunload handler wants to display a dialog and the
// before-unload type wants to ignore it, then short-circuit the request and
// respond as if the user decided to stay on the page, canceling the unload.
if (beforeunload_initiator->beforeunload_dialog_request_cancels_unload_) {
std::move(ipc_response_callback).Run(/*success=*/false);
return;
}
if (beforeunload_initiator->has_shown_beforeunload_dialog_) {
// TODO(alexmos): Pass enough data back to renderer to record histograms
// for Document.BeforeUnloadDialog and add the intervention console
// message to match renderer-side behavior in
// Document::DispatchBeforeUnloadEvent().
std::move(ipc_response_callback).Run(/*success=*/true);
return;
}
beforeunload_initiator->has_shown_beforeunload_dialog_ = true;
} else {
// TODO(alexmos): If a renderer-initiated beforeunload shows a dialog, it
// won't find a |beforeunload_initiator|. This can happen for a
// renderer-initiated navigation or window.close(). We should ensure that
// when the browser process later kicks off subframe unload handlers (if
// any), they won't be able to show additional dialogs. However, we can't
// just set |has_shown_beforeunload_dialog_| because we don't know which
// frame is navigating/closing here. Plumb enough information here to fix
// this.
}
// While a JS beforeunload dialog is showing, tabs in the same process
// shouldn't process input events.
GetProcess()->SetBlocked(true);
// The beforeunload dialog for this frame may have been triggered by a
// browser-side request to this frame or a frame up in the frame hierarchy.
// Stop any timers that are waiting.
for (RenderFrameHostImpl* frame = this; frame; frame = frame->GetParent()) {
if (frame->beforeunload_timeout_)
frame->beforeunload_timeout_->Stop();
}
auto ipc_callback_wrapper = base::BindOnce(
[](RunBeforeUnloadConfirmCallback response_callback, bool success,
const base::string16& response) {
// The response string is unused but we use a generic mechanism for
// closing the javascript dialog that returns two arguments.
std::move(response_callback).Run(success);
},
std::move(ipc_response_callback));
auto dialog_closed_callback = base::BindOnce(
&RenderFrameHostImpl::JavaScriptDialogClosed,
weak_ptr_factory_.GetWeakPtr(), std::move(ipc_callback_wrapper));
delegate_->RunBeforeUnloadConfirm(this, is_reload,
std::move(dialog_closed_callback));
}
void RenderFrameHostImpl::ScaleFactorChanged(float scale) {
delegate_->OnPageScaleFactorChanged(this, scale);
}
void RenderFrameHostImpl::ContentsPreferredSizeChanged(
const gfx::Size& pref_size) {
render_view_host_->OnDidContentsPreferredSizeChange(pref_size);
}
void RenderFrameHostImpl::TextAutosizerPageInfoChanged(
blink::mojom::TextAutosizerPageInfoPtr page_info) {
delegate_->OnTextAutosizerPageInfoChanged(this, std::move(page_info));
}
void RenderFrameHostImpl::FocusPage() {
render_view_host_->OnFocus();
}
void RenderFrameHostImpl::UpdateTargetURL(
const GURL& url,
blink::mojom::LocalMainFrameHost::UpdateTargetURLCallback callback) {
delegate_->UpdateTargetURL(this, url);
std::move(callback).Run();
}
void RenderFrameHostImpl::UpdateFaviconURL(
std::vector<blink::mojom::FaviconURLPtr> favicon_urls) {
delegate_->UpdateFaviconURL(this, std::move(favicon_urls));
}
void RenderFrameHostImpl::DownloadURL(
blink::mojom::DownloadURLParamsPtr blink_parameters) {
if (!VerifyDownloadUrlParams(GetSiteInstance(), *blink_parameters))
return;
net::NetworkTrafficAnnotationTag traffic_annotation =
net::DefineNetworkTrafficAnnotation("renderer_initiated_download", R"(
semantics {
sender: "Download from Renderer"
description:
"The frame has either navigated to a URL that was determined to be "
"a download via one of the renderer's classification mechanisms, "
"or WebView has requested a <canvas> or <img> element at a "
"specific location be to downloaded."
trigger:
"The user navigated to a destination that was categorized as a "
"download, or WebView triggered saving a <canvas> or <img> tag."
data: "Only the URL we are attempting to download."
destination: WEBSITE
}
policy {
cookies_allowed: YES
cookies_store: "user"
setting: "This feature cannot be disabled by settings."
chrome_policy {
DownloadRestrictions {
DownloadRestrictions: 3
}
}
})");
std::unique_ptr<download::DownloadUrlParameters> parameters(
new download::DownloadUrlParameters(blink_parameters->url,
GetProcess()->GetID(),
GetRenderViewHost()->GetRoutingID(),
GetRoutingID(), traffic_annotation));
parameters->set_content_initiated(true);
parameters->set_suggested_name(
blink_parameters->suggested_name.value_or(base::string16()));
parameters->set_prompt(false);
parameters->set_cross_origin_redirects(
blink_parameters->cross_origin_redirects);
parameters->set_referrer(
blink_parameters->referrer ? blink_parameters->referrer->url : GURL());
parameters->set_referrer_policy(Referrer::ReferrerPolicyForUrlRequest(
blink_parameters->referrer ? blink_parameters->referrer->policy
: network::mojom::ReferrerPolicy::kDefault));
parameters->set_initiator(
blink_parameters->initiator_origin.value_or(url::Origin()));
parameters->set_download_source(download::DownloadSource::FROM_RENDERER);
if (blink_parameters->data_url_blob) {
DataURLBlobReader::ReadDataURLFromBlob(
std::move(blink_parameters->data_url_blob),
base::BindOnce(&OnDataURLRetrieved, std::move(parameters)));
return;
}
scoped_refptr<network::SharedURLLoaderFactory> blob_url_loader_factory;
if (blink_parameters->blob_url_token) {
blob_url_loader_factory =
ChromeBlobStorageContext::URLLoaderFactoryForToken(
GetStoragePartition(), std::move(blink_parameters->blob_url_token));
}
StartDownload(std::move(parameters), std::move(blob_url_loader_factory));
}
void RenderFrameHostImpl::ReportNoBinderForInterface(const std::string& error) {
broker_receiver_.ReportBadMessage(error + " for the frame/document scope");
}
ukm::SourceId RenderFrameHostImpl::GetPageUkmSourceId() {
int64_t navigation_id =
GetMainFrame()->last_committed_cross_document_navigation_id_;
if (navigation_id == -1)
return ukm::kInvalidSourceId;
return ukm::ConvertToSourceId(navigation_id,
ukm::SourceIdType::NAVIGATION_ID);
}
BrowserContext* RenderFrameHostImpl::GetBrowserContext() {
return GetProcess()->GetBrowserContext();
}
// TODO(crbug.com/1091720): Would be better to do this directly in the chrome
// layer. See referenced bug for further details.
void RenderFrameHostImpl::ReportHeavyAdIssue(
blink::mojom::HeavyAdResolutionStatus resolution,
blink::mojom::HeavyAdReason reason) {
auto issue =
devtools_instrumentation::GetHeavyAdIssue(this, resolution, reason);
devtools_instrumentation::ReportBrowserInitiatedIssue(this, issue.get());
}
void RenderFrameHostImpl::AsValueInto(
base::trace_event::TracedValue* traced_value) {
traced_value->SetPointer("this", this);
traced_value->SetInteger("process_id", GetProcess()->GetID());
traced_value->SetInteger("render_frame_id", GetRoutingID());
traced_value->SetString("lifecycle_state",
LifecycleStateToString(lifecycle_state_));
traced_value->SetString(
"origin", base::trace_event::ValueToString(GetLastCommittedOrigin()));
traced_value->SetString(
"url", base::trace_event::ValueToString(GetLastCommittedURL()));
traced_value->SetInteger("frame_tree_node_id",
frame_tree_node_->frame_tree_node_id());
traced_value->SetInteger("site_instance_id", GetSiteInstance()->GetId());
traced_value->SetInteger("browsing_instance_id",
GetSiteInstance()->GetBrowsingInstanceId());
traced_value->BeginDictionary("parent");
if (GetParent()) {
GetParent()->AsValueInto(traced_value);
}
traced_value->EndDictionary();
}
StoragePartition* RenderFrameHostImpl::GetStoragePartition() {
return BrowserContext::GetStoragePartition(GetBrowserContext(),
GetSiteInstance());
}
void RenderFrameHostImpl::RequestTextSurroundingSelection(
blink::mojom::LocalFrame::GetTextSurroundingSelectionCallback callback,
int max_length) {
DCHECK(!callback.is_null());
GetAssociatedLocalFrame()->GetTextSurroundingSelection(max_length,
std::move(callback));
}
bool RenderFrameHostImpl::HasCommittingNavigationRequestForOrigin(
const url::Origin& origin,
NavigationRequest* navigation_request_to_exclude) {
if (navigation_request_ &&
navigation_request_.get() != navigation_request_to_exclude &&
navigation_request_->HasCommittingOrigin(origin)) {
return true;
}
for (const auto& it : navigation_requests_) {
NavigationRequest* request = it.first;
if (request != navigation_request_to_exclude &&
request->HasCommittingOrigin(origin)) {
return true;
}
}
// Note: this function excludes |same_document_navigation_request_|, which
// should be ok since these cannot change the origin.
return false;
}
void RenderFrameHostImpl::SendInterventionReport(const std::string& id,
const std::string& message) {
GetAssociatedLocalFrame()->SendInterventionReport(id, message);
}
WebUI* RenderFrameHostImpl::GetWebUI() {
return web_ui();
}
void RenderFrameHostImpl::AllowBindings(int bindings_flags) {
// Never grant any bindings to browser plugin guests.
if (GetProcess()->IsForGuestsOnly()) {
NOTREACHED() << "Never grant bindings to a guest process.";
return;
}
TRACE_EVENT2("navigation", "RenderFrameHostImpl::AllowBindings",
"frame_tree_node", frame_tree_node_->frame_tree_node_id(),
"bindings flags", bindings_flags);
int webui_bindings = bindings_flags & kWebUIBindingsPolicyMask;
// TODO(nasko): Ensure callers that specify non-zero WebUI bindings are
// doing so on a RenderFrameHost that has WebUI associated with it.
// The bindings being granted here should not differ from the bindings that
// the associated WebUI requires.
if (web_ui_)
CHECK_EQ(web_ui_->GetBindings(), webui_bindings);
// Ensure we aren't granting WebUI bindings to a process that has already
// been used for non-privileged views.
if (webui_bindings && GetProcess()->IsInitializedAndNotDead() &&
!ChildProcessSecurityPolicyImpl::GetInstance()->HasWebUIBindings(
GetProcess()->GetID())) {
// This process has no bindings yet. Make sure it does not have more
// than this single active view.
// --single-process only has one renderer.
if (GetProcess()->GetActiveViewCount() > 1 &&
!base::CommandLine::ForCurrentProcess()->HasSwitch(
switches::kSingleProcess))
return;
}
if (webui_bindings) {
ChildProcessSecurityPolicyImpl::GetInstance()->GrantWebUIBindings(
GetProcess()->GetID(), webui_bindings);
}
enabled_bindings_ |= bindings_flags;
if (render_frame_created_) {
GetFrameBindingsControl()->AllowBindings(enabled_bindings_);
if (web_ui_ && enabled_bindings_ & BINDINGS_POLICY_WEB_UI)
web_ui_->SetupMojoConnection();
}
}
int RenderFrameHostImpl::GetEnabledBindings() {
return enabled_bindings_;
}
void RenderFrameHostImpl::SetWebUIProperty(const std::string& name,
const std::string& value) {
// WebUI allows to register SetProperties only for the main frame.
if (GetParent())
return;
// This is a sanity check before telling the renderer to enable the property.
// It could lie and send the corresponding IPC messages anyway, but we will
// not act on them if enabled_bindings_ doesn't agree. If we get here without
// WebUI bindings, terminate the renderer process.
if (enabled_bindings_ & BINDINGS_POLICY_WEB_UI)
web_ui_->SetProperty(name, value);
else
ReceivedBadMessage(GetProcess(), bad_message::RVH_WEB_UI_BINDINGS_MISMATCH);
}
void RenderFrameHostImpl::DisableBeforeUnloadHangMonitorForTesting() {
beforeunload_timeout_.reset();
}
bool RenderFrameHostImpl::IsBeforeUnloadHangMonitorDisabledForTesting() {
return !beforeunload_timeout_;
}
void RenderFrameHostImpl::DoNotDeleteForTesting() {
do_not_delete_for_testing_ = true;
}
void RenderFrameHostImpl::ResumeDeletionForTesting() {
do_not_delete_for_testing_ = false;
}
void RenderFrameHostImpl::DetachForTesting() {
do_not_delete_for_testing_ = false;
RenderFrameHostImpl::Detach();
}
bool RenderFrameHostImpl::IsFeatureEnabled(
blink::mojom::FeaturePolicyFeature feature) {
return feature_policy_ && feature_policy_->IsFeatureEnabledForOrigin(
feature, GetLastCommittedOrigin());
}
bool RenderFrameHostImpl::IsFeatureEnabled(
blink::mojom::DocumentPolicyFeature feature) {
blink::mojom::PolicyValueType feature_type =
blink::GetDocumentPolicyFeatureInfoMap().at(feature).default_value.Type();
return IsFeatureEnabled(
feature, blink::PolicyValue::CreateMaxPolicyValue(feature_type));
}
bool RenderFrameHostImpl::IsFeatureEnabled(
blink::mojom::DocumentPolicyFeature feature,
blink::PolicyValue threshold_value) {
return document_policy_ &&
document_policy_->IsFeatureEnabled(feature, threshold_value);
}
void RenderFrameHostImpl::ViewSource() {
delegate_->ViewSource(this);
}
void RenderFrameHostImpl::FlushNetworkAndNavigationInterfacesForTesting() {
DCHECK(network_service_disconnect_handler_holder_);
network_service_disconnect_handler_holder_.FlushForTesting(); // IN-TEST
if (!navigation_control_)
GetNavigationControl();
DCHECK(navigation_control_);
navigation_control_.FlushForTesting(); // IN-TEST
}
void RenderFrameHostImpl::PrepareForInnerWebContentsAttach(
PrepareForInnerWebContentsAttachCallback callback) {
frame_tree_node_->render_manager()->PrepareForInnerDelegateAttach(
std::move(callback));
}
void RenderFrameHostImpl::UpdateSubresourceLoaderFactories() {
// We only send loader factory bundle upon navigation, so
// bail out if the frame hasn't committed any yet.
if (!has_committed_any_navigation_)
return;
DCHECK(!IsOutOfProcessNetworkService() ||
network_service_disconnect_handler_holder_.is_bound());
// We use the last committed Origin and ClientSecurityState. If the caller
// wanted a factory associated to a navigation about to commit, the params
// generated won't be correct. There is no good way of fixing this before
// RenderDocumentHost (ie swapping RenderFrameHost on each navigation).
mojo::PendingRemote<network::mojom::URLLoaderFactory> default_factory_remote;
bool bypass_redirect_checks = false;
if (recreate_default_url_loader_factory_after_network_service_crash_) {
bypass_redirect_checks = CreateNetworkServiceDefaultFactory(
default_factory_remote.InitWithNewPipeAndPassReceiver());
}
std::unique_ptr<blink::PendingURLLoaderFactoryBundle>
subresource_loader_factories =
std::make_unique<blink::PendingURLLoaderFactoryBundle>(
std::move(default_factory_remote),
blink::PendingURLLoaderFactoryBundle::SchemeMap(),
CreateURLLoaderFactoriesForIsolatedWorlds(
GetExpectedMainWorldOriginForUrlLoaderFactory(),
isolated_worlds_requiring_separate_url_loader_factory_,
mojo::Clone(last_committed_client_security_state_),
DetermineAfterCommitWhetherToForbidTrustTokenRedemption(
this)),
bypass_redirect_checks);
GetNavigationControl()->UpdateSubresourceLoaderFactories(
std::move(subresource_loader_factories));
}
blink::mojom::FrameOwnerElementType
RenderFrameHostImpl::GetFrameOwnerElementType() {
return frame_tree_node_->frame_owner_element_type();
}
bool RenderFrameHostImpl::HasTransientUserActivation() {
return frame_tree_node_->HasTransientUserActivation();
}
void RenderFrameHostImpl::DidAccessInitialDocument() {
delegate_->DidAccessInitialDocument();
}
void RenderFrameHostImpl::DidChangeName(const std::string& name,
const std::string& unique_name) {
if (GetParent() != nullptr) {
// TODO(lukasza): Call ReceivedBadMessage when |unique_name| is empty.
DCHECK(!unique_name.empty());
}
TRACE_EVENT2("navigation", "RenderFrameHostImpl::OnDidChangeName",
"frame_tree_node", frame_tree_node_->frame_tree_node_id(),
"name length", name.length());
std::string old_name = frame_tree_node()->frame_name();
frame_tree_node()->SetFrameName(name, unique_name);
if (old_name.empty() && !name.empty())
frame_tree_node_->render_manager()->CreateProxiesForNewNamedFrame();
delegate_->DidChangeName(this, name);
}
void RenderFrameHostImpl::DidSetFramePolicyHeaders(
network::mojom::WebSandboxFlags sandbox_flags,
const blink::ParsedFeaturePolicy& feature_policy_header,
const blink::DocumentPolicyFeatureState& document_policy_header) {
// TODO(https://crbug.com/1093268): Investigate why this IPC can be received
// before the navigation commit. This can be triggered when loading an error
// page using the test:
// CrossOriginOpenerPolicyBrowserTest.NetworkErrorOnSandboxedPopups.
if (lifecycle_state() == LifecycleState::kSpeculative)
return;
// We should not be updating policy headers when the RenderFrameHost is in
// BackForwardCache. If this is called when the RenderFrameHost is in
// BackForwardCache, evict the document.
if (IsInactiveAndDisallowReactivation())
return;
// We shouldn't update policy headers for non-current frames.
DCHECK(IsCurrent());
// Rebuild |feature_policy_| for this frame.
ResetFeaturePolicy();
feature_policy_->SetHeaderPolicy(feature_policy_header);
// Rebuild |document_policy_| for this frame.
// Note: document_policy_header is the document policy state used to
// initialize |document_policy_| in SecurityContext on renderer side. It is
// supposed to be compatible with required_document_policy. If not, kill the
// renderer.
if (blink::DocumentPolicy::IsPolicyCompatible(
frame_tree_node()->effective_frame_policy().required_document_policy,
document_policy_header)) {
document_policy_ = blink::DocumentPolicy::CreateWithHeaderPolicy(
{document_policy_header, {} /* endpoint_map */});
} else {
bad_message::ReceivedBadMessage(
GetProcess(), bad_message::RFH_BAD_DOCUMENT_POLICY_HEADER);
return;
}
// Update the feature policy and sandbox flags in the frame tree. This will
// send any updates to proxies if necessary.
//
// Feature policy's inheritance from parent frame's feature policy is through
// accessing parent frame's security context(either remote or local) when
// initializing child's security context, so the update to proxies is needed.
//
// Document policy's inheritance from parent frame's required document policy
// is done at |HTMLFrameOwnerElement::UpdateRequiredPolicy|. Parent frame owns
// both parent required document policy and child frame's frame owner element
// which contains child's required document policy, so there is no need to
// store required document policy in proxies.
frame_tree_node()->UpdateFramePolicyHeaders(sandbox_flags,
feature_policy_header);
// Save a copy of the now-active sandbox flags on this RFHI.
active_sandbox_flags_ = frame_tree_node()->active_sandbox_flags();
CheckSandboxFlags();
}
void RenderFrameHostImpl::EnforceInsecureRequestPolicy(
blink::mojom::InsecureRequestPolicy policy) {
frame_tree_node()->SetInsecureRequestPolicy(policy);
}
void RenderFrameHostImpl::EnforceInsecureNavigationsSet(
const std::vector<uint32_t>& set) {
frame_tree_node()->SetInsecureNavigationsSet(set);
}
RenderFrameHostImpl* RenderFrameHostImpl::FindAndVerifyChild(
int32_t child_frame_routing_id,
bad_message::BadMessageReason reason) {
auto child_frame_or_proxy = LookupRenderFrameHostOrProxy(
GetProcess()->GetID(), child_frame_routing_id);
return FindAndVerifyChildInternal(child_frame_or_proxy, reason);
}
RenderFrameHostImpl* RenderFrameHostImpl::FindAndVerifyChild(
const base::UnguessableToken& child_frame_token,
bad_message::BadMessageReason reason) {
auto child_frame_or_proxy =
LookupRenderFrameHostOrProxy(GetProcess()->GetID(), child_frame_token);
return FindAndVerifyChildInternal(child_frame_or_proxy, reason);
}
RenderFrameHostImpl* RenderFrameHostImpl::FindAndVerifyChildInternal(
RenderFrameHostOrProxy child_frame_or_proxy,
bad_message::BadMessageReason reason) {
// A race can result in |child| to be nullptr. Avoid killing the renderer in
// that case.
if (!child_frame_or_proxy)
return nullptr;
if (child_frame_or_proxy.GetFrameTreeNode()->frame_tree() != frame_tree()) {
// Ignore the cases when the child lives in a different frame tree.
// This is possible when we create a proxy for inner WebContents (e.g.
// for portals) so the |child_frame_or_proxy| points to the root frame
// of the nested WebContents, which is in a different tree.
// TODO(altimin, lfg): Reconsider what the correct behaviour here should be.
return nullptr;
}
if (child_frame_or_proxy.GetFrameTreeNode()->parent() != this) {
bad_message::ReceivedBadMessage(GetProcess(), reason);
return nullptr;
}
return child_frame_or_proxy.proxy
? child_frame_or_proxy.proxy->frame_tree_node()
->current_frame_host()
: child_frame_or_proxy.frame;
}
void RenderFrameHostImpl::UpdateTitle(
const base::Optional<::base::string16>& title,
base::i18n::TextDirection title_direction) {
// This message should only be sent for top-level frames.
if (!is_main_frame())
return;
base::string16 received_title;
if (title.has_value())
received_title = title.value();
if (received_title.length() > blink::mojom::kMaxTitleChars) {
mojo::ReportBadMessage("Renderer sent too many characters in title.");
return;
}
delegate_->UpdateTitle(this, received_title, title_direction);
}
void RenderFrameHostImpl::UpdateEncoding(const std::string& encoding_name) {
// This message is only sent for top-level frames. TODO(avi): when frame tree
// mirroring works correctly, add a check here to enforce it.
if (encoding_name == last_reported_encoding_)
return;
last_reported_encoding_ = encoding_name;
canonical_encoding_ =
base::GetCanonicalEncodingNameByAliasName(encoding_name);
}
void RenderFrameHostImpl::FrameSizeChanged(const gfx::Size& frame_size) {
frame_size_ = frame_size;
delegate_->FrameSizeChanged(this, frame_size);
}
void RenderFrameHostImpl::FullscreenStateChanged(bool is_fullscreen) {
if (IsInactiveAndDisallowReactivation())
return;
delegate_->FullscreenStateChanged(this, is_fullscreen);
}
void RenderFrameHostImpl::RegisterProtocolHandler(const std::string& scheme,
const GURL& url,
const base::string16& title,
bool user_gesture) {
delegate_->RegisterProtocolHandler(this, scheme, url, title, user_gesture);
}
void RenderFrameHostImpl::UnregisterProtocolHandler(const std::string& scheme,
const GURL& url,
bool user_gesture) {
delegate_->UnregisterProtocolHandler(this, scheme, url, user_gesture);
}
void RenderFrameHostImpl::DidDisplayInsecureContent() {
delegate_->DidDisplayInsecureContent();
}
void RenderFrameHostImpl::DidContainInsecureFormAction() {
delegate_->DidContainInsecureFormAction();
}
void RenderFrameHostImpl::DocumentAvailableInMainFrame(
bool uses_temporary_zoom_level) {
if (!frame_tree_node_->IsMainFrame()) {
bad_message::ReceivedBadMessage(
GetProcess(), bad_message::RFH_INVALID_CALL_FROM_NOT_MAIN_FRAME);
return;
}
delegate_->DocumentAvailableInMainFrame();
if (!uses_temporary_zoom_level)
return;
#if !defined(OS_ANDROID)
HostZoomMapImpl* host_zoom_map =
static_cast<HostZoomMapImpl*>(HostZoomMap::Get(GetSiteInstance()));
host_zoom_map->SetTemporaryZoomLevel(GetProcess()->GetID(),
render_view_host()->GetRoutingID(),
host_zoom_map->GetDefaultZoomLevel());
#endif // !defined(OS_ANDROID)
}
void RenderFrameHostImpl::SetNeedsOcclusionTracking(bool needs_tracking) {
// Do not update the parent on behalf of inactive RenderFrameHost. See also
// https://crbug.com/972566.
if (IsInactiveAndDisallowReactivation())
return;
RenderFrameProxyHost* proxy =
frame_tree_node()->render_manager()->GetProxyToParent();
if (!proxy) {
bad_message::ReceivedBadMessage(GetProcess(),
bad_message::RFH_NO_PROXY_TO_PARENT);
return;
}
proxy->GetAssociatedRemoteFrame()->SetNeedsOcclusionTracking(needs_tracking);
}
void RenderFrameHostImpl::SetVirtualKeyboardOverlayPolicy(
bool vk_overlays_content) {
should_virtual_keyboard_overlay_content_ = vk_overlays_content;
}
bool RenderFrameHostImpl::ShouldVirtualKeyboardOverlayContent() const {
RenderFrameHostImpl* root_frame_host =
frame_tree_->root()->current_frame_host();
return root_frame_host->should_virtual_keyboard_overlay_content_;
}
void RenderFrameHostImpl::NotifyVirtualKeyboardOverlayRect(
const gfx::Rect& keyboard_rect) {
DCHECK(ShouldVirtualKeyboardOverlayContent());
RenderFrameHostImpl* root_frame_host =
frame_tree_->root()->current_frame_host();
RenderWidgetHostViewBase* view = static_cast<RenderWidgetHostViewBase*>(
root_frame_host->render_view_host_->GetWidget()->GetView());
if (!view)
return;
gfx::PointF root_widget_origin(0.f, 0.f);
view->TransformPointToRootSurface(&root_widget_origin);
gfx::Rect root_widget_rect;
if (!keyboard_rect.IsEmpty()) {
// If the rect is non-empty, we need to transform it to be widget-relative
// window (DIP coordinates). The input is client coordinates for the root
// window.
// Transform the widget rect origin to root relative coords.
root_widget_rect = gfx::Rect(root_widget_origin.x(), root_widget_origin.y(),
view->GetViewBounds().width(),
view->GetViewBounds().height());
// Intersect with the keyboard rect and transform back to widget-relative
// coordinates, which will be sent to the renderer.
root_widget_rect.Intersect(keyboard_rect);
root_widget_rect.Offset(-root_widget_origin.x(), -root_widget_origin.y());
}
// Notify each SiteInstance a single time. Renderer will take care of ensuring
// the event is dispatched to all relevant listeners in the grouping of frames
// for the SiteInstance.
// TODO(snianu): Transform from the main frame's coordinates to each
// individual frame client coordinates so that these are more usable from
// within iframes.
std::set<SiteInstance*> notified_instances;
for (RenderFrameHostImpl* node = this; node; node = node->GetParent()) {
SiteInstance* site_instance = node->GetSiteInstance();
if (base::Contains(notified_instances, site_instance))
continue;
node->GetAssociatedLocalFrame()->NotifyVirtualKeyboardOverlayRect(
root_widget_rect);
notified_instances.insert(site_instance);
}
}
#if defined(OS_ANDROID)
void RenderFrameHostImpl::UpdateUserGestureCarryoverInfo() {
delegate_->UpdateUserGestureCarryoverInfo();
}
#endif
void RenderFrameHostImpl::VisibilityChanged(
blink::mojom::FrameVisibility visibility) {
visibility_ = visibility;
}
void RenderFrameHostImpl::DidChangeThemeColor(
const base::Optional<SkColor>& theme_color) {
render_view_host_->OnThemeColorChanged(this, theme_color);
}
void RenderFrameHostImpl::DidChangeBackgroundColor(
const SkColor& background_color) {
render_view_host_->DidChangeBackgroundColor(this, background_color);
}
void RenderFrameHostImpl::SetCommitCallbackInterceptorForTesting(
CommitCallbackInterceptor* interceptor) {
// This DCHECK's aims to avoid unexpected replacement of an interceptor.
// If this becomes a legitimate use case, feel free to remove.
DCHECK(!commit_callback_interceptor_ || !interceptor);
commit_callback_interceptor_ = interceptor;
}
void RenderFrameHostImpl::DidBlockNavigation(
const GURL& blocked_url,
const GURL& initiator_url,
blink::mojom::NavigationBlockedReason reason) {
delegate_->OnDidBlockNavigation(blocked_url, initiator_url, reason);
}
void RenderFrameHostImpl::DidChangeLoadProgress(double load_progress) {
frame_tree_node_->DidChangeLoadProgress(load_progress);
}
void RenderFrameHostImpl::DidFinishLoad(const GURL& validated_url) {
delegate_->OnDidFinishLoad(this, validated_url);
}
void RenderFrameHostImpl::DispatchLoad() {
TRACE_EVENT1("navigation", "RenderFrameHostImpl::DispatchLoad",
"frame_tree_node", frame_tree_node_->frame_tree_node_id());
// Don't forward the load event to the parent on behalf of inactive
// RenderFrameHost. This can happen in a race where this inactive
// RenderFrameHost finishes loading just after the frame navigates away.
// See https://crbug.com/626802.
if (IsInactiveAndDisallowReactivation())
return;
// We should never be receiving this message from a speculative RFH.
DCHECK(IsCurrent());
// Only frames with an out-of-process parent frame should be sending this
// message.
RenderFrameProxyHost* proxy =
frame_tree_node()->render_manager()->GetProxyToParent();
if (!proxy) {
bad_message::ReceivedBadMessage(GetProcess(),
bad_message::RFH_NO_PROXY_TO_PARENT);
return;
}
proxy->GetAssociatedRemoteFrame()->DispatchLoadEventForFrameOwner();
}
void RenderFrameHostImpl::GoToEntryAtOffset(int32_t offset,
bool has_user_gesture) {
delegate_->OnGoToEntryAtOffset(this, offset, has_user_gesture);
}
void RenderFrameHostImpl::HandleAccessibilityFindInPageResult(
blink::mojom::FindInPageResultAXParamsPtr params) {
// Only update FindInPageResult on active RenderFrameHost. Note that, it is
// safe to ignore this call for BackForwardCache, as we terminate the
// FindInPage session once the page enters BackForwardCache.
if (lifecycle_state_ != LifecycleState::kActive)
return;
ui::AXMode accessibility_mode = delegate_->GetAccessibilityMode();
if (accessibility_mode.has_mode(ui::AXMode::kNativeAPIs)) {
BrowserAccessibilityManager* manager =
GetOrCreateBrowserAccessibilityManager();
if (manager) {
manager->OnFindInPageResult(params->request_id, params->match_index,
params->start_id, params->start_offset,
params->end_id, params->end_offset);
}
}
}
void RenderFrameHostImpl::HandleAccessibilityFindInPageTermination() {
// Only update FindInPageTermination on active RenderFrameHost. Note that, it
// is safe to ignore this call for BackForwardCache, as we terminate the
// FindInPage session once the page enters BackForwardCache.
if (lifecycle_state_ != LifecycleState::kActive)
return;
ui::AXMode accessibility_mode = delegate_->GetAccessibilityMode();
if (accessibility_mode.has_mode(ui::AXMode::kNativeAPIs)) {
BrowserAccessibilityManager* manager =
GetOrCreateBrowserAccessibilityManager();
if (manager)
manager->OnFindInPageTermination();
}
}
void RenderFrameHostImpl::DocumentOnLoadCompleted() {
// This message is only sent for top-level frames.
//
// TODO(avi): when frame tree mirroring works correctly, add a check here
// to enforce it.
delegate_->DocumentOnLoadCompleted(this);
}
void RenderFrameHostImpl::ForwardResourceTimingToParent(
blink::mojom::ResourceTimingInfoPtr timing) {
// Don't forward the resource timing of the parent on behalf of inactive
// RenderFrameHost. This can happen in a race where this RenderFrameHost
// finishes loading just after the frame navigates away. See
// https://crbug.com/626802.
if (IsInactiveAndDisallowReactivation())
return;
// We should never be receiving this message from a speculative RFH.
DCHECK(IsCurrent());
RenderFrameProxyHost* proxy =
frame_tree_node()->render_manager()->GetProxyToParent();
if (!proxy) {
bad_message::ReceivedBadMessage(GetProcess(),
bad_message::RFH_NO_PROXY_TO_PARENT);
return;
}
proxy->GetAssociatedRemoteFrame()->AddResourceTimingFromChild(
std::move(timing));
}
RenderWidgetHostViewBase* RenderFrameHostImpl::GetViewForAccessibility() {
return static_cast<RenderWidgetHostViewBase*>(
frame_tree_node_->IsMainFrame()
? render_view_host_->GetWidget()->GetView()
: GetMainFrame()->render_view_host_->GetWidget()->GetView());
}
void RenderFrameHostImpl::UpdateBrowserControlsState(
BrowserControlsState constraints,
BrowserControlsState current,
bool animate) {
if (frame_)
frame_->UpdateBrowserControlsState(constraints, current, animate);
}
bool RenderFrameHostImpl::Reload() {
NavigationControllerImpl* controller = static_cast<NavigationControllerImpl*>(
frame_tree_node_->navigator().GetController());
return controller->ReloadFrame(frame_tree_node_);
}
void RenderFrameHostImpl::SendAccessibilityEventsToManager(
const AXEventNotificationDetails& details) {
if (browser_accessibility_manager_ &&
!browser_accessibility_manager_->OnAccessibilityEvents(details)) {
// OnAccessibilityEvents returns false in IPC error conditions
AccessibilityFatalError();
}
}
bool RenderFrameHostImpl::IsInactiveAndDisallowReactivation() {
switch (lifecycle_state_) {
case LifecycleState::kRunningUnloadHandlers:
case LifecycleState::kReadyToBeDeleted:
return true;
case LifecycleState::kInBackForwardCache:
EvictFromBackForwardCacheWithReason(
BackForwardCacheMetrics::NotRestoredReason::kIgnoreEventAndEvict);
return true;
case LifecycleState::kSpeculative:
// We do not expect speculative RenderFrameHosts to generate events that
// require an active/inactive check. Don't crash the browser process in
// case it comes from a compromised renderer, but kill the renderer to
// avoid further confusion.
bad_message::ReceivedBadMessage(
GetProcess(), bad_message::RFH_INACTIVE_CHECK_FROM_SPECULATIVE_RFH);
return false;
case LifecycleState::kActive:
return false;
}
}
void RenderFrameHostImpl::EvictFromBackForwardCache() {
// TODO(hajimehoshi): This function should take the reason from the renderer
// side.
EvictFromBackForwardCacheWithReason(
BackForwardCacheMetrics::NotRestoredReason::kJavaScriptExecution);
}
void RenderFrameHostImpl::EvictFromBackForwardCacheWithReason(
BackForwardCacheMetrics::NotRestoredReason reason) {
BackForwardCacheCanStoreDocumentResult can_store;
can_store.No(reason);
EvictFromBackForwardCacheWithReasons(can_store);
}
void RenderFrameHostImpl::EvictFromBackForwardCacheWithReasons(
const BackForwardCacheCanStoreDocumentResult& can_store) {
TRACE_EVENT2("navigation", "RenderFrameHostImpl::EvictFromBackForwardCache",
"can_store", can_store.ToString(), "rfh", this);
DCHECK(IsBackForwardCacheEnabled());
if (is_evicted_from_back_forward_cache_)
return;
bool in_back_forward_cache = IsInBackForwardCache();
RenderFrameHostImpl* top_document = this;
while (top_document->parent_) {
top_document = top_document->parent_;
DCHECK_EQ(top_document->IsInBackForwardCache(), in_back_forward_cache);
}
// TODO(hajimehoshi): Record the 'race condition' by JavaScript execution when
// |in_back_forward_cache| is false.
BackForwardCacheMetrics* metrics = top_document->GetBackForwardCacheMetrics();
if (in_back_forward_cache && metrics)
metrics->MarkNotRestoredWithReason(can_store);
if (!in_back_forward_cache) {
TRACE_EVENT0("navigation", "BackForwardCache_EvictAfterDocumentRestored");
BackForwardCacheMetrics::RecordEvictedAfterDocumentRestored(
BackForwardCacheMetrics::EvictedAfterDocumentRestoredReason::
kByJavaScript);
// A document is evicted from the BackForwardCache, but it has already been
// restored. The current document should be reloaded, because it is not
// salvageable.
frame_tree()->controller()->Reload(ReloadType::NORMAL, false);
return;
}
// Check if there is an in-flight navigation restoring the frame that
// is being evicted.
NavigationRequest* in_flight_navigation_request =
top_document->frame_tree_node()->navigation_request();
bool is_navigation_to_evicted_frame_in_flight =
(in_flight_navigation_request &&
in_flight_navigation_request->rfh_restored_from_back_forward_cache() ==
top_document);
if (is_navigation_to_evicted_frame_in_flight) {
// If we are currently navigating to the frame that was just evicted, we
// must restart the navigation. This is important because restarting the
// navigation deletes the NavigationRequest associated with the evicted
// frame (preventing use-after-free).
// This should also happen asynchronously as eviction might happen in the
// middle of another navigation — we should not try to restart the
// navigation in that case.
// NOTE: Here we rely on the PostTask inside this function running before
// the task posted to destroy the evicted frames below.
in_flight_navigation_request->RestartBackForwardCachedNavigation();
}
// Evict the frame and schedule it to be destroyed. Eviction happens
// immediately, but destruction is delayed, so that callers don't have to
// worry about use-after-free of |this|.
top_document->is_evicted_from_back_forward_cache_ = true;
frame_tree()
->controller()
->GetBackForwardCache()
.PostTaskToDestroyEvictedFrames();
}
bool RenderFrameHostImpl::HasSeenRecentXrOverlaySetup() {
static constexpr base::TimeDelta kMaxInterval =
base::TimeDelta::FromSeconds(1);
base::TimeDelta delta = base::TimeTicks::Now() - last_xr_overlay_setup_time_;
DVLOG(2) << __func__ << ": return " << (delta <= kMaxInterval);
return delta <= kMaxInterval;
}
void RenderFrameHostImpl::SetIsXrOverlaySetup() {
DVLOG(2) << __func__;
last_xr_overlay_setup_time_ = base::TimeTicks::Now();
}
// TODO(alexmos): When the allowFullscreen flag is known in the browser
// process, use it to double-check that fullscreen can be entered here.
void RenderFrameHostImpl::EnterFullscreen(
blink::mojom::FullscreenOptionsPtr options,
EnterFullscreenCallback callback) {
// Consume the user activation when entering fullscreen mode in the browser
// side when the renderer is compromised and the fullscreen is not triggered
// by a user generated orientation change, because the fullscreen can be
// triggered by either a user activation or a user generated orientation
// change.
// CanEnterFullscreenWithoutUserActivation is always false by default, so it
// keeps the current logic that we can enter fullscreen mode either by the
// orientation change or successfully consuming the user activation. This
// function is used for layout tests to allow fullscreen when mocking screen
// screen orientation changes.
// TODO(lanwei): Investigate whether we can terminate the renderer when the
// user activation has already been consumed.
if (!delegate_->HasSeenRecentScreenOrientationChange() &&
!HasSeenRecentXrOverlaySetup() &&
!GetContentClient()
->browser()
->CanEnterFullscreenWithoutUserActivation()) {
bool is_consumed = frame_tree_node_->UpdateUserActivationState(
blink::mojom::UserActivationUpdateType::kConsumeTransientActivation,
blink::mojom::UserActivationNotificationType::kNone);
if (!is_consumed) {
DLOG(ERROR) << "Cannot enter fullscreen because there is no transient "
<< "user activation, orientation change, or XR overlay.";
std::move(callback).Run(/*granted=*/false);
return;
}
}
if (!delegate_->CanEnterFullscreenMode()) {
std::move(callback).Run(/*granted=*/false);
return;
}
std::move(callback).Run(/*granted=*/true);
// Entering fullscreen from a cross-process subframe also affects all
// renderers for ancestor frames, which will need to apply fullscreen CSS to
// appropriate ancestor <iframe> elements, fire fullscreenchange events, etc.
// Thus, walk through the ancestor chain of this frame and for each (parent,
// child) pair, send a message about the pending fullscreen change to the
// child's proxy in parent's SiteInstance. The renderer process will use this
// to find the <iframe> element in the parent frame that will need fullscreen
// styles. This is done at most once per SiteInstance: for example, with a
// A-B-A-B hierarchy, if the bottom frame goes fullscreen, this only needs to
// notify its parent, and Blink-side logic will take care of applying
// necessary changes to the other two ancestors.
std::set<SiteInstance*> notified_instances;
notified_instances.insert(GetSiteInstance());
for (RenderFrameHostImpl* rfh = this; rfh->GetParent();
rfh = rfh->GetParent()) {
SiteInstance* parent_site_instance = rfh->GetParent()->GetSiteInstance();
if (base::Contains(notified_instances, parent_site_instance))
continue;
RenderFrameProxyHost* child_proxy =
rfh->frame_tree_node()->render_manager()->GetRenderFrameProxyHost(
parent_site_instance);
child_proxy->GetAssociatedRemoteFrame()->WillEnterFullscreen(
options.Clone());
notified_instances.insert(parent_site_instance);
}
delegate_->EnterFullscreenMode(this, *options);
delegate_->FullscreenStateChanged(this, true /* is_fullscreen */);
// The previous call might change the fullscreen state. We need to make sure
// the renderer is aware of that, which is done via the resize message.
// Typically, this will be sent as part of the call on the |delegate_| above
// when resizing the native windows, but sometimes fullscreen can be entered
// without causing a resize, so we need to ensure that the resize message is
// sent in that case. We always send this to the main frame's widget, and if
// there are any OOPIF widgets, this will also trigger them to resize via
// frameRectsChanged.
render_view_host_->GetWidget()->SynchronizeVisualProperties();
}
// TODO(alexmos): When the allowFullscreen flag is known in the browser
// process, use it to double-check that fullscreen can be entered here.
void RenderFrameHostImpl::ExitFullscreen() {
delegate_->ExitFullscreenMode(/* will_cause_resize */ true);
// The previous call might change the fullscreen state. We need to make sure
// the renderer is aware of that, which is done via the resize message.
// Typically, this will be sent as part of the call on the |delegate_| above
// when resizing the native windows, but sometimes fullscreen can be entered
// without causing a resize, so we need to ensure that the resize message is
// sent in that case. We always send this to the main frame's widget, and if
// there are any OOPIF widgets, this will also trigger them to resize via
// frameRectsChanged.
render_view_host_->GetWidget()->SynchronizeVisualProperties();
}
void RenderFrameHostImpl::SuddenTerminationDisablerChanged(
bool present,
blink::mojom::SuddenTerminationDisablerType disabler_type) {
switch (disabler_type) {
case blink::mojom::SuddenTerminationDisablerType::kBeforeUnloadHandler:
DCHECK_NE(has_before_unload_handler_, present);
has_before_unload_handler_ = present;
break;
case blink::mojom::SuddenTerminationDisablerType::kPageHideHandler:
DCHECK_NE(has_pagehide_handler_, present);
has_pagehide_handler_ = present;
break;
case blink::mojom::SuddenTerminationDisablerType::kUnloadHandler:
DCHECK_NE(has_unload_handler_, present);
has_unload_handler_ = present;
break;
case blink::mojom::SuddenTerminationDisablerType::kVisibilityChangeHandler:
DCHECK_NE(has_visibilitychange_handler_, present);
has_visibilitychange_handler_ = present;
break;
}
}
bool RenderFrameHostImpl::GetSuddenTerminationDisablerState(
blink::mojom::SuddenTerminationDisablerType disabler_type) {
if (do_not_delete_for_testing_ &&
disabler_type !=
blink::mojom::SuddenTerminationDisablerType::kBeforeUnloadHandler) {
return true;
}
switch (disabler_type) {
case blink::mojom::SuddenTerminationDisablerType::kBeforeUnloadHandler:
return has_before_unload_handler_;
case blink::mojom::SuddenTerminationDisablerType::kPageHideHandler:
return has_pagehide_handler_;
case blink::mojom::SuddenTerminationDisablerType::kUnloadHandler:
return has_unload_handler_;
case blink::mojom::SuddenTerminationDisablerType::kVisibilityChangeHandler:
return has_visibilitychange_handler_;
}
}
bool RenderFrameHostImpl::UnloadHandlerExistsInSameSiteInstanceSubtree() {
DCHECK(!GetParent());
auto* main_frame_site_instance = GetSiteInstance();
for (auto* subframe : GetFramesInSubtree()) {
auto* rfhi = static_cast<RenderFrameHostImpl*>(subframe);
if (rfhi->GetSiteInstance() == main_frame_site_instance &&
rfhi->has_unload_handler_) {
return true;
}
}
return false;
}
bool RenderFrameHostImpl::InsidePortal() {
return GetRenderViewHost()->GetDelegate()->IsPortal();
}
void RenderFrameHostImpl::DidFinishDocumentLoad() {
dom_content_loaded_ = true;
delegate_->DOMContentLoaded(this);
}
void RenderFrameHostImpl::FocusedElementChanged(
bool is_editable_element,
const gfx::Rect& bounds_in_frame_widget,
blink::mojom::FocusType focus_type) {
if (!GetView())
return;
has_focused_editable_element_ = is_editable_element;
// First convert the bounds to root view.
delegate_->OnFocusedElementChangedInFrame(
this,
gfx::Rect(GetView()->TransformPointToRootCoordSpace(
bounds_in_frame_widget.origin()),
bounds_in_frame_widget.size()),
focus_type);
}
void RenderFrameHostImpl::TextSelectionChanged(const base::string16& text,
uint32_t offset,
const gfx::Range& range) {
has_selection_ = !text.empty();
GetRenderWidgetHost()->SelectionChanged(text, offset, range);
}
void RenderFrameHostImpl::DidReceiveFirstUserActivation() {
delegate_->DidReceiveFirstUserActivation(this);
}
void RenderFrameHostImpl::UpdateUserActivationState(
blink::mojom::UserActivationUpdateType update_type,
blink::mojom::UserActivationNotificationType notification_type) {
// Don't update UserActivationState for non-active RenderFrameHost. In case
// of BackForwardCache, this is only called for tests and it is safe to ignore
// such requests.
if (lifecycle_state_ != LifecycleState::kActive)
return;
frame_tree_node_->UpdateUserActivationState(update_type, notification_type);
}
void RenderFrameHostImpl::HadStickyUserActivationBeforeNavigationChanged(
bool value) {
frame_tree_node_->OnSetHadStickyUserActivationBeforeNavigation(value);
}
void RenderFrameHostImpl::ScrollRectToVisibleInParentFrame(
const gfx::Rect& rect_to_scroll,
blink::mojom::ScrollIntoViewParamsPtr params) {
RenderFrameProxyHost* proxy =
frame_tree_node_->render_manager()->GetProxyToParent();
if (!proxy)
return;
proxy->ScrollRectToVisible(rect_to_scroll, std::move(params));
}
void RenderFrameHostImpl::BubbleLogicalScrollInParentFrame(
blink::mojom::ScrollDirection direction,
ui::ScrollGranularity granularity) {
// Do not update the parent on behalf of inactive RenderFrameHost.
if (IsInactiveAndDisallowReactivation())
return;
RenderFrameProxyHost* proxy =
frame_tree_node()->render_manager()->GetProxyToParent();
if (!proxy) {
// Only frames with an out-of-process parent frame should be sending this
// message.
bad_message::ReceivedBadMessage(GetProcess(),
bad_message::RFH_NO_PROXY_TO_PARENT);
return;
}
proxy->GetAssociatedRemoteFrame()->BubbleLogicalScroll(direction,
granularity);
}
void RenderFrameHostImpl::RenderFallbackContentInParentProcess() {
bool is_object_type =
frame_tree_node()->current_replication_state().frame_owner_element_type ==
blink::mojom::FrameOwnerElementType::kObject;
if (!is_object_type) {
// Only object elements are expected to render their own fallback content
// and since the owner type is set at the creation time of the
// FrameTreeNode, this received IPC makes no sense here.
bad_message::ReceivedBadMessage(
GetProcess(), bad_message::RFH_CANNOT_RENDER_FALLBACK_CONTENT);
return;
}
// The ContentFrame() of the owner element in parent process could be either
// a frame or a proxy. When navigating cross-site from a frame which is same-
// site with its parent, the frame is still local (e.g., about:blank).
// However, navigating from an origin which is cross-site with parent, the
// frame of the owner is a proxy.
auto* rfh = frame_tree_node()->current_frame_host();
if (rfh->GetSiteInstance() == rfh->GetParent()->GetSiteInstance()) {
rfh->GetAssociatedLocalFrame()->RenderFallbackContent();
} else if (auto* proxy =
frame_tree_node()->render_manager()->GetProxyToParent()) {
proxy->GetAssociatedRemoteFrame()->RenderFallbackContent();
}
}
void RenderFrameHostImpl::ShowPopupMenu(
mojo::PendingRemote<blink::mojom::PopupMenuClient> popup_client,
const gfx::Rect& bounds,
int32_t item_height,
double font_size,
int32_t selected_item,
std::vector<blink::mojom::MenuItemPtr> menu_items,
bool right_aligned,
bool allow_multiple_selection) {
#if BUILDFLAG(USE_EXTERNAL_POPUP_MENU)
if (delegate()->ShowPopupMenu(this, &popup_client, bounds, item_height,
font_size, selected_item, &menu_items,
right_aligned, allow_multiple_selection)) {
return;
}
auto* view = render_view_host()->delegate_->GetDelegateView();
if (!view)
return;
gfx::Point original_point(bounds.x(), bounds.y());
gfx::Point transformed_point =
static_cast<RenderWidgetHostViewBase*>(GetView())
->TransformPointToRootCoordSpace(original_point);
gfx::Rect transformed_bounds(transformed_point.x(), transformed_point.y(),
bounds.width(), bounds.height());
view->ShowPopupMenu(this, std::move(popup_client), transformed_bounds,
item_height, font_size, selected_item,
std::move(menu_items), right_aligned,
allow_multiple_selection);
#endif
}
void RenderFrameHostImpl::DidLoadResourceFromMemoryCache(
const GURL& url,
const std::string& http_method,
const std::string& mime_type,
network::mojom::RequestDestination request_destination) {
delegate_->DidLoadResourceFromMemoryCache(this, url, http_method, mime_type,
request_destination);
}
void RenderFrameHostImpl::DidChangeFrameOwnerProperties(
const base::UnguessableToken& child_frame_token,
blink::mojom::FrameOwnerPropertiesPtr properties) {
auto* child =
FindAndVerifyChild(child_frame_token, bad_message::RFH_OWNER_PROPERTY);
if (!child)
return;
bool has_display_none_property_changed =
properties->is_display_none !=
child->frame_tree_node()->frame_owner_properties().is_display_none;
child->frame_tree_node()->set_frame_owner_properties(*properties);
child->frame_tree_node()->render_manager()->OnDidUpdateFrameOwnerProperties(
*properties);
if (has_display_none_property_changed) {
delegate_->DidChangeDisplayState(
child, properties->is_display_none /* is_display_none */);
}
}
void RenderFrameHostImpl::DidChangeOpener(
const base::Optional<base::UnguessableToken>& opener_frame_token) {
frame_tree_node_->render_manager()->DidChangeOpener(
opener_frame_token.value_or(base::UnguessableToken()), GetSiteInstance());
}
void RenderFrameHostImpl::DidChangeCSPAttribute(
const base::UnguessableToken& child_frame_token,
network::mojom::ContentSecurityPolicyPtr parsed_csp_attribute) {
auto* child =
FindAndVerifyChild(child_frame_token, bad_message::RFH_CSP_ATTRIBUTE);
if (!child)
return;
child->frame_tree_node()->set_csp_attribute(std::move(parsed_csp_attribute));
}
void RenderFrameHostImpl::DidChangeFramePolicy(
const base::UnguessableToken& child_frame_token,
const blink::FramePolicy& frame_policy) {
// Ensure that a frame can only update sandbox flags or feature policy for its
// immediate children. If this is not the case, the renderer is considered
// malicious and is killed.
RenderFrameHostImpl* child = FindAndVerifyChild(
// TODO(iclelland): Rename this message
child_frame_token, bad_message::RFH_SANDBOX_FLAGS);
if (!child)
return;
child->frame_tree_node()->SetPendingFramePolicy(frame_policy);
// Notify the RenderFrame if it lives in a different process from its parent.
// The frame's proxies in other processes also need to learn about the updated
// flags and policy, but these notifications are sent later in
// RenderFrameHostManager::CommitPendingFramePolicy(), when the frame
// navigates and the new policies take effect.
if (child->GetSiteInstance() != GetSiteInstance()) {
child->GetAssociatedLocalFrame()->DidUpdateFramePolicy(frame_policy);
}
}
void RenderFrameHostImpl::CapturePaintPreviewOfSubframe(
const gfx::Rect& clip_rect,
const base::UnguessableToken& guid) {
if (IsInactiveAndDisallowReactivation())
return;
// This should only be called on a subframe.
if (is_main_frame()) {
bad_message::ReceivedBadMessage(
GetProcess(), bad_message::RFH_SUBFRAME_CAPTURE_ON_MAIN_FRAME);
return;
}
delegate()->CapturePaintPreviewOfCrossProcessSubframe(clip_rect, guid, this);
}
void RenderFrameHostImpl::BindInterfaceProviderReceiver(
mojo::PendingReceiver<service_manager::mojom::InterfaceProvider>
interface_provider_receiver) {
DCHECK(!document_scoped_interface_provider_receiver_.is_bound());
DCHECK(interface_provider_receiver.is_valid());
document_scoped_interface_provider_receiver_.Bind(
std::move(interface_provider_receiver));
document_scoped_interface_provider_receiver_.SetFilter(
std::make_unique<ActiveURLMessageFilter>(this));
}
void RenderFrameHostImpl::BindBrowserInterfaceBrokerReceiver(
mojo::PendingReceiver<blink::mojom::BrowserInterfaceBroker> receiver) {
DCHECK(receiver.is_valid());
broker_receiver_.Bind(std::move(receiver));
broker_receiver_.SetFilter(std::make_unique<ActiveURLMessageFilter>(this));
}
void RenderFrameHostImpl::BindDomOperationControllerHostReceiver(
mojo::PendingAssociatedReceiver<mojom::DomAutomationControllerHost>
receiver) {
DCHECK(receiver.is_valid());
dom_automation_controller_receiver_.Bind(std::move(receiver));
dom_automation_controller_receiver_.SetFilter(
CreateMessageFilterForAssociatedReceiver(
mojom::DomAutomationControllerHost::Name_));
}
void RenderFrameHostImpl::SetKeepAliveTimeoutForTesting(
base::TimeDelta timeout) {
keep_alive_timeout_ = timeout;
if (keep_alive_handle_factory_)
keep_alive_handle_factory_->SetTimeout(keep_alive_timeout_);
}
void RenderFrameHostImpl::ShowCreatedWindow(int pending_widget_routing_id,
WindowOpenDisposition disposition,
const gfx::Rect& initial_rect,
bool user_gesture) {
delegate_->ShowCreatedWindow(this, pending_widget_routing_id, disposition,
initial_rect, user_gesture);
}
void RenderFrameHostImpl::UpdateState(const PageState& state) {
// TODO(creis): Verify the state's ISN matches the last committed FNE.
// Without this check, the renderer can trick the browser into using
// filenames it can't access in a future session restore.
if (!CanAccessFilesOfPageState(state)) {
bad_message::ReceivedBadMessage(
GetProcess(), bad_message::RFH_CAN_ACCESS_FILES_OF_PAGE_STATE);
return;
}
delegate_->UpdateStateForFrame(this, state);
}
void RenderFrameHostImpl::OpenURL(mojom::OpenURLParamsPtr params) {
// Verify and unpack the Mojo payload.
GURL validated_url;
scoped_refptr<network::SharedURLLoaderFactory> blob_url_loader_factory;
if (!VerifyOpenURLParams(GetSiteInstance(), params, &validated_url,
&blob_url_loader_factory)) {
return;
}
TRACE_EVENT1("navigation", "RenderFrameHostImpl::OpenURL", "url",
validated_url.possibly_invalid_spec());
frame_tree_node_->navigator().RequestOpenURL(
this, validated_url,
GlobalFrameRoutingId(GetProcess()->GetID(), params->initiator_routing_id),
params->initiator_origin, params->post_body, params->extra_headers,
params->referrer.To<content::Referrer>(), params->disposition,
params->should_replace_current_entry, params->user_gesture,
params->triggering_event_info, params->href_translate,
std::move(blob_url_loader_factory), params->impression);
}
void RenderFrameHostImpl::DidStopLoading() {
TRACE_EVENT1("navigation", "RenderFrameHostImpl::DidStopLoading",
"frame_tree_node", frame_tree_node_->frame_tree_node_id());
// This method should never be called when the frame is not loading.
// Unfortunately, it can happen if a history navigation happens during a
// BeforeUnload or Unload event.
// TODO(fdegans): Change this to a DCHECK after LoadEventProgress has been
// refactored in Blink. See crbug.com/466089
if (!is_loading_)
return;
was_discarded_ = false;
is_loading_ = false;
// If we have a PeakGpuMemoryTrack, close it as loading as stopped. It will
// asynchronously receive the statistics from the GPU process, and update
// UMA stats.
if (loading_mem_tracker_)
loading_mem_tracker_.reset();
// Only inform the FrameTreeNode of a change in load state if the load state
// of this RenderFrameHost is being tracked.
if (!IsPendingDeletion())
frame_tree_node_->DidStopLoading();
}
void RenderFrameHostImpl::GetSavableResourceLinksCallback(
blink::mojom::GetSavableResourceLinksReplyPtr reply) {
if (!reply) {
delegate_->SavableResourceLinksError(this);
return;
}
delegate_->SavableResourceLinksResponse(this, reply->resources_list,
std::move(reply->referrer),
reply->subframes);
}
void RenderFrameHostImpl::DomOperationResponse(const std::string& json_string) {
delegate_->DomOperationResponse(json_string);
}
std::unique_ptr<blink::PendingURLLoaderFactoryBundle>
RenderFrameHostImpl::CreateCrossOriginPrefetchLoaderFactoryBundle() {
network::mojom::URLLoaderFactoryParamsPtr factory_params =
URLLoaderFactoryParamsHelper::CreateForPrefetch(
this, mojo::Clone(last_committed_client_security_state_));
mojo::PendingRemote<network::mojom::URLLoaderFactory> pending_default_factory;
bool bypass_redirect_checks = false;
// Passing an empty IsolationInfo ensures the factory is not initialized with
// a IsolationInfo. This is necessary for a cross-origin prefetch factory
// because the factory must use the value provided by requests going through
// it.
bypass_redirect_checks = CreateNetworkServiceDefaultFactoryAndObserve(
std::move(factory_params),
pending_default_factory.InitWithNewPipeAndPassReceiver());
return std::make_unique<blink::PendingURLLoaderFactoryBundle>(
std::move(pending_default_factory),
blink::PendingURLLoaderFactoryBundle::SchemeMap(),
CreateURLLoaderFactoriesForIsolatedWorlds(
GetExpectedMainWorldOriginForUrlLoaderFactory(),
isolated_worlds_requiring_separate_url_loader_factory_,
mojo::Clone(last_committed_client_security_state_),
DetermineAfterCommitWhetherToForbidTrustTokenRedemption(this)),
bypass_redirect_checks);
}
base::WeakPtr<RenderFrameHostImpl> RenderFrameHostImpl::GetWeakPtr() {
return weak_ptr_factory_.GetWeakPtr();
}
void RenderFrameHostImpl::CreateNewWindow(
mojom::CreateNewWindowParamsPtr params,
CreateNewWindowCallback callback) {
DCHECK_CURRENTLY_ON(BrowserThread::UI);
TRACE_EVENT2("navigation", "RenderFrameHostImpl::CreateNewWindow",
"frame_tree_node", frame_tree_node_->frame_tree_node_id(), "url",
params->target_url.possibly_invalid_spec());
bool no_javascript_access = false;
// Filter out URLs to which navigation is disallowed from this context.
//
// Note that currently, "javascript:" URLs and empty strings (both of which
// are legal arguments to window.open) make it here; FilterURL rewrites them
// to "about:blank" -- they shouldn't be cancelled.
GetProcess()->FilterURL(false, &params->target_url);
bool effective_transient_activation_state =
params->allow_popup || frame_tree_node_->HasTransientUserActivation();
// Ignore window creation when sent from a frame that's not current or
// created.
bool can_create_window =
IsCurrent() && render_frame_created_ &&
GetContentClient()->browser()->CanCreateWindow(
this, GetLastCommittedURL(), GetMainFrame()->GetLastCommittedURL(),
last_committed_origin_, params->window_container_type,
params->target_url, params->referrer.To<Referrer>(),
params->frame_name, params->disposition, *params->features,
effective_transient_activation_state, params->opener_suppressed,
&no_javascript_access);
bool was_consumed = false;
if (can_create_window) {
// Consume activation even w/o User Activation v2, to sync other renderers
// with calling renderer.
was_consumed = frame_tree_node_->UpdateUserActivationState(
blink::mojom::UserActivationUpdateType::kConsumeTransientActivation,
blink::mojom::UserActivationNotificationType::kNone);
} else {
std::move(callback).Run(mojom::CreateNewWindowStatus::kIgnore, nullptr);
return;
}
// For Android WebView, we support a pop-up like behavior for window.open()
// even if the embedding app doesn't support multiple windows. In this case,
// window.open() will return "window" and navigate it to whatever URL was
// passed.
if (!GetOrCreateWebPreferences().supports_multiple_windows) {
// See crbug.com/1083819, we should ignore if the URL is javascript: scheme,
// previously we already filtered out javascript: scheme and replace the
// URL with |kBlockedURL|, so we check against |kBlockedURL| here.
if (params->target_url == GURL(kBlockedURL)) {
std::move(callback).Run(mojom::CreateNewWindowStatus::kIgnore, nullptr);
} else {
std::move(callback).Run(mojom::CreateNewWindowStatus::kReuse, nullptr);
}
return;
}
// This will clone the sessionStorage for namespace_id_to_clone.
StoragePartition* storage_partition = BrowserContext::GetStoragePartition(
GetSiteInstance()->GetBrowserContext(), GetSiteInstance());
DOMStorageContextWrapper* dom_storage_context =
static_cast<DOMStorageContextWrapper*>(
storage_partition->GetDOMStorageContext());
scoped_refptr<SessionStorageNamespaceImpl> cloned_namespace;
if (!params->clone_from_session_storage_namespace_id.empty()) {
cloned_namespace = SessionStorageNamespaceImpl::CloneFrom(
dom_storage_context, params->session_storage_namespace_id,
params->clone_from_session_storage_namespace_id);
} else {
cloned_namespace = SessionStorageNamespaceImpl::Create(
dom_storage_context, params->session_storage_namespace_id);
}
network::CrossOriginOpenerPolicy popup_coop;
network::CrossOriginEmbedderPolicy popup_coep;
// On popup creation, if the opener and the openers's top-level document
// are same origin, then the popup's initial empty document inherits its
// COOP policy from the opener's top-level document. See
// https://gist.github.com/annevk/6f2dd8c79c77123f39797f6bdac43f3e#model
RenderFrameHostImpl* top_level_opener = GetMainFrame();
// Verify that they are same origin.
if (top_level_opener->GetLastCommittedOrigin().IsSameOriginWith(
GetLastCommittedOrigin())) {
popup_coop = top_level_opener->cross_origin_opener_policy();
} else {
// The documents are cross origin, leave COOP of the popup to the default
// unsafe-none.
// Then set the popup to noopener if the top level COOP is same origin.
if (top_level_opener->cross_origin_opener_policy().value ==
network::mojom::CrossOriginOpenerPolicyValue::kSameOrigin) {
DCHECK(base::FeatureList::IsEnabled(
network::features::kCrossOriginOpenerPolicy));
params->opener_suppressed = true;
// The frame name should not be forwarded to a noopener popup.
// TODO(https://crbug.com/1060691) This should be applied to all
// popups opened with noopener.
params->frame_name.clear();
}
}
// The initial empty document in the popup inherits the COEP of its opener (if
// any).
if (!params->opener_suppressed)
popup_coep = cross_origin_embedder_policy();
int popup_virtual_browsing_context_group =
params->opener_suppressed
? CrossOriginOpenerPolicyReporter::NextVirtualBrowsingContextGroup()
: top_level_opener->virtual_browsing_context_group();
// If the opener is suppressed or script access is disallowed, we should
// open the window in a new BrowsingInstance, and thus a new process. That
// means the current renderer process will not be able to route messages to
// it. Because of this, we will immediately show and navigate the window
// in OnCreateNewWindowOnUI, using the params provided here.
bool is_new_browsing_instance =
params->opener_suppressed || no_javascript_access;
DCHECK(IsRenderFrameLive());
// The non-owning pointer |new_window| is valid in this stack frame since
// nothing can delete it until this thread is freed up again.
RenderFrameHostDelegate* new_window =
delegate_->CreateNewWindow(this, *params, is_new_browsing_instance,
was_consumed, cloned_namespace.get());
if (is_new_browsing_instance || !new_window) {
// Opener suppressed, Javascript access disabled, or delegate did not
// provide a handle to any windows it created. In these cases, never tell
// the renderer about the new window.
std::move(callback).Run(mojom::CreateNewWindowStatus::kIgnore, nullptr);
return;
}
RenderFrameHostImpl* main_frame = new_window->GetMainFrame();
// When the popup is created, it hasn't committed any navigation yet - its
// initial empty document should inherit the origin of its opener (the origin
// may change after the first commit). See also https://crbug.com/932067.
//
// Note that that origin of the new frame might depend on sandbox flags.
// Checking sandbox flags of the new frame should be safe at this point,
// because the flags should be already inherited by the CreateNewWindow call
// above.
main_frame->SetOriginDependentStateOfNewFrame(GetLastCommittedOrigin());
main_frame->cross_origin_opener_policy_ = popup_coop;
main_frame->cross_origin_embedder_policy_ = popup_coep;
main_frame->virtual_browsing_context_group_ =
popup_virtual_browsing_context_group;
// If inheriting coop (checking this via |opener_suppressed|) and the original
// coop page has a reporter we make sure the the newly created popup also has
// a reporter.
if (!params->opener_suppressed && GetMainFrame()->coop_reporter()) {
main_frame->set_coop_reporter(
std::make_unique<CrossOriginOpenerPolicyReporter>(
GetProcess()->GetStoragePartition(), GetLastCommittedURL(),
popup_coop));
}
if (main_frame->waiting_for_init_) {
// Need to check |waiting_for_init_| as some paths inside CreateNewWindow
// call above (eg if WebContentsDelegate::IsWebContentsCreationOverridden()
// returns true) will resume requests by calling RenderFrameHostImpl::Init.
main_frame->frame_->BlockRequests();
}
mojo::PendingRemote<service_manager::mojom::InterfaceProvider>
main_frame_interface_provider_info;
main_frame->BindInterfaceProviderReceiver(
main_frame_interface_provider_info.InitWithNewPipeAndPassReceiver());
mojo::PendingRemote<blink::mojom::BrowserInterfaceBroker>
browser_interface_broker;
main_frame->BindBrowserInterfaceBrokerReceiver(
browser_interface_broker.InitWithNewPipeAndPassReceiver());
mojo::PendingAssociatedRemote<blink::mojom::FrameWidget> blink_frame_widget;
mojo::PendingAssociatedReceiver<blink::mojom::FrameWidget>
blink_frame_widget_receiver =
blink_frame_widget.InitWithNewEndpointAndPassReceiver();
mojo::PendingAssociatedRemote<blink::mojom::FrameWidgetHost>
blink_frame_widget_host;
mojo::PendingAssociatedReceiver<blink::mojom::FrameWidgetHost>
blink_frame_widget_host_receiver =
blink_frame_widget_host.InitWithNewEndpointAndPassReceiver();
mojo::PendingAssociatedRemote<blink::mojom::Widget> blink_widget;
mojo::PendingAssociatedReceiver<blink::mojom::Widget> blink_widget_receiver =
blink_widget.InitWithNewEndpointAndPassReceiver();
mojo::PendingAssociatedRemote<blink::mojom::WidgetHost> blink_widget_host;
mojo::PendingAssociatedReceiver<blink::mojom::WidgetHost>
blink_widget_host_receiver =
blink_widget_host.InitWithNewEndpointAndPassReceiver();
// With this path, RenderViewHostImpl::CreateRenderView is never called
// because RenderView is already created on the renderer side. Thus we need to
// establish the connection here.
mojo::PendingAssociatedRemote<blink::mojom::PageBroadcast> page_broadcast;
mojo::PendingAssociatedReceiver<blink::mojom::PageBroadcast>
page_broadcast_receiver =
page_broadcast.InitWithNewEndpointAndPassReceiver();
// TODO(danakj): The main frame's RenderWidgetHost has no RenderWidgetHostView
// yet here. It seems like it should though? In the meantime we send some
// nonsense with a semi-valid but incorrect ScreenInfo (it needs a
// RenderWidgetHostView to be correct). An updates VisualProperties will get
// to the RenderWidget eventually.
blink::VisualProperties visual_properties;
main_frame->GetLocalRenderWidgetHost()->GetScreenInfo(
&visual_properties.screen_info);
main_frame->GetLocalRenderWidgetHost()->BindFrameWidgetInterfaces(
std::move(blink_frame_widget_host_receiver),
std::move(blink_frame_widget));
main_frame->GetLocalRenderWidgetHost()->BindWidgetInterfaces(
std::move(blink_widget_host_receiver), std::move(blink_widget));
main_frame->render_view_host()->BindPageBroadcast(std::move(page_broadcast));
bool wait_for_debugger =
devtools_instrumentation::ShouldWaitForDebuggerInWindowOpen();
mojom::CreateNewWindowReplyPtr reply = mojom::CreateNewWindowReply::New(
main_frame->GetRenderViewHost()->GetRoutingID(),
main_frame->GetRoutingID(), main_frame->GetFrameToken(),
main_frame->GetLocalRenderWidgetHost()->GetRoutingID(), visual_properties,
std::move(blink_frame_widget_host),
std::move(blink_frame_widget_receiver), std::move(blink_widget_host),
std::move(blink_widget_receiver), std::move(page_broadcast_receiver),
mojom::DocumentScopedInterfaceBundle::New(
std::move(main_frame_interface_provider_info),
std::move(browser_interface_broker)),
cloned_namespace->id(), main_frame->GetDevToolsFrameToken(),
wait_for_debugger);
std::move(callback).Run(mojom::CreateNewWindowStatus::kSuccess,
std::move(reply));
}
void RenderFrameHostImpl::CreatePortal(
mojo::PendingAssociatedReceiver<blink::mojom::Portal> pending_receiver,
mojo::PendingAssociatedRemote<blink::mojom::PortalClient> client,
CreatePortalCallback callback) {
if (!Portal::IsEnabled()) {
mojo::ReportBadMessage(
"blink.mojom.Portal can only be used if the Portals feature is "
"enabled.");
frame_host_associated_receiver_.reset();
return;
}
// We don't support attaching a portal inside a nested browsing context.
if (!is_main_frame()) {
mojo::ReportBadMessage(
"RFHI::CreatePortal called in a nested browsing context");
frame_host_associated_receiver_.reset();
return;
}
// TODO(crbug.com/1051639): We need to find a long term solution to when/how
// portals should work in sandboxed documents.
if (active_sandbox_flags_ != network::mojom::WebSandboxFlags::kNone) {
mojo::ReportBadMessage(
"RFHI::CreatePortal called in a sandboxed browsing context");
frame_host_associated_receiver_.reset();
return;
}
// Note that we don't check |GetLastCommittedOrigin|, since that is inherited
// by the initial empty document of a new frame.
// TODO(1008989): Once issue 1008989 is fixed we could move this check into
// |Portal::Create|.
if (!GetLastCommittedURL().SchemeIsHTTPOrHTTPS()) {
mojo::ReportBadMessage("Portal creation is restricted to the HTTP family.");
frame_host_associated_receiver_.reset();
return;
}
auto portal = std::make_unique<Portal>(this);
portal->Bind(std::move(pending_receiver), std::move(client));
auto it = portals_.insert(std::move(portal)).first;
RenderFrameProxyHost* proxy_host = (*it)->CreateProxyAndAttachPortal();
// Since the portal is newly created and has yet to commit a navigation, this
// state is trivial.
const FrameReplicationState& initial_replicated_state =
proxy_host->frame_tree_node()->current_replication_state();
DCHECK(initial_replicated_state.origin.opaque());
std::move(callback).Run(proxy_host->GetRoutingID(), initial_replicated_state,
(*it)->portal_token(), proxy_host->GetFrameToken(),
(*it)->GetDevToolsFrameToken());
}
void RenderFrameHostImpl::AdoptPortal(const blink::PortalToken& portal_token,
AdoptPortalCallback callback) {
Portal* portal = FindPortalByToken(portal_token);
if (!portal) {
mojo::ReportBadMessage("Unknown portal_token when adopting portal.");
frame_host_associated_receiver_.reset();
return;
}
DCHECK_EQ(portal->owner_render_frame_host(), this);
RenderFrameProxyHost* proxy_host = portal->CreateProxyAndAttachPortal();
std::move(callback).Run(
proxy_host->GetRoutingID(),
static_cast<RenderWidgetHostViewBase*>(proxy_host->frame_tree_node()
->render_manager()
->GetRenderWidgetHostView())
->GetFrameSinkId(),
proxy_host->frame_tree_node()->current_replication_state(),
proxy_host->GetFrameToken(), portal->GetDevToolsFrameToken());
}
void RenderFrameHostImpl::CreateNewWidget(
mojo::PendingAssociatedReceiver<blink::mojom::WidgetHost> blink_widget_host,
mojo::PendingAssociatedRemote<blink::mojom::Widget> blink_widget,
CreateNewWidgetCallback callback) {
int32_t widget_route_id = GetProcess()->GetNextRoutingID();
std::move(callback).Run(widget_route_id);
delegate_->CreateNewWidget(agent_scheduling_group_, widget_route_id,
std::move(blink_widget_host),
std::move(blink_widget));
}
void RenderFrameHostImpl::CreateNewFullscreenWidget(
mojo::PendingAssociatedReceiver<blink::mojom::WidgetHost> blink_widget_host,
mojo::PendingAssociatedRemote<blink::mojom::Widget> blink_widget,
CreateNewFullscreenWidgetCallback callback) {
int32_t widget_route_id = GetProcess()->GetNextRoutingID();
std::move(callback).Run(widget_route_id);
delegate_->CreateNewFullscreenWidget(agent_scheduling_group_, widget_route_id,
std::move(blink_widget_host),
std::move(blink_widget));
}
void RenderFrameHostImpl::IssueKeepAliveHandle(
mojo::PendingReceiver<mojom::KeepAliveHandle> receiver) {
DCHECK_CURRENTLY_ON(BrowserThread::UI);
if (GetProcess()->IsKeepAliveRefCountDisabled())
return;
if (base::FeatureList::IsEnabled(network::features::kDisableKeepaliveFetch)) {
return;
}
if (!keep_alive_handle_factory_) {
keep_alive_handle_factory_ =
std::make_unique<KeepAliveHandleFactory>(GetProcess());
keep_alive_handle_factory_->SetTimeout(keep_alive_timeout_);
}
keep_alive_handle_factory_->Create(std::move(receiver));
}
// TODO(ahemery): Move checks to mojo bad message reporting.
void RenderFrameHostImpl::BeginNavigation(
mojom::CommonNavigationParamsPtr common_params,
mojom::BeginNavigationParamsPtr begin_params,
mojo::PendingRemote<blink::mojom::BlobURLToken> blob_url_token,
mojo::PendingAssociatedRemote<mojom::NavigationClient> navigation_client,
mojo::PendingRemote<blink::mojom::NavigationInitiator>
navigation_initiator) {
if (frame_tree_node_->render_manager()->is_attaching_inner_delegate()) {
// Avoid starting any new navigations since this frame is in the process of
// attaching an inner delegate.
return;
}
if (IsInactiveAndDisallowReactivation())
return;
TRACE_EVENT2("navigation", "RenderFrameHostImpl::BeginNavigation",
"frame_tree_node", frame_tree_node_->frame_tree_node_id(), "url",
common_params->url.possibly_invalid_spec());
DCHECK(navigation_client.is_valid());
mojom::CommonNavigationParamsPtr validated_params = common_params.Clone();
if (!VerifyBeginNavigationCommonParams(GetSiteInstance(), &*validated_params))
return;
// If the request is bearing Trust Tokens parameters:
// - it must not be a main-frame navigation, and
// - for certain Trust Tokens operations, the frame's parent needs the
// trust-token-redemption Feature Policy feature.
if (begin_params->trust_token_params && !GetParent()) {
mojo::ReportBadMessage("RFHI: Trust Token params in main frame nav");
return;
}
if (begin_params->trust_token_params &&
ParentNeedsTrustTokenFeaturePolicy(*begin_params)) {
RenderFrameHostImpl* parent = GetParent();
if (!parent->IsFeatureEnabled(
blink::mojom::FeaturePolicyFeature::kTrustTokenRedemption)) {
mojo::ReportBadMessage(
"RFHI: Mandatory Trust Tokens Feature Policy feature is absent");
return;
}
}
GetProcess()->FilterURL(true, &begin_params->searchable_form_url);
// If the request was for a blob URL, but the validated URL is no longer a
// blob URL, reset the blob_url_token to prevent hitting the ReportBadMessage
// below, and to make sure we don't incorrectly try to use the blob_url_token.
if (common_params->url.SchemeIsBlob() &&
!validated_params->url.SchemeIsBlob()) {
blob_url_token = mojo::NullRemote();
}
if (blob_url_token && !validated_params->url.SchemeIsBlob()) {
mojo::ReportBadMessage("Blob URL Token, but not a blob: URL");
return;
}
scoped_refptr<network::SharedURLLoaderFactory> blob_url_loader_factory;
if (blob_url_token) {
blob_url_loader_factory =
ChromeBlobStorageContext::URLLoaderFactoryForToken(
GetStoragePartition(), std::move(blob_url_token));
}
// If the request was for a blob URL, but no blob_url_token was passed in this
// is not necessarily an error. Renderer initiated reloads for example are one
// situation where a renderer currently doesn't have an easy way of resolving
// the blob URL. For those situations resolve the blob URL here, as we don't
// care about ordering with other blob URL manipulation anyway.
if (validated_params->url.SchemeIsBlob() && !blob_url_loader_factory) {
blob_url_loader_factory = ChromeBlobStorageContext::URLLoaderFactoryForUrl(
GetStoragePartition(), validated_params->url);
}
if (waiting_for_init_) {
pending_navigate_ = std::make_unique<PendingNavigation>(
std::move(validated_params), std::move(begin_params),
std::move(blob_url_loader_factory), std::move(navigation_client),
std::move(navigation_initiator));
return;
}
frame_tree_node()->navigator().OnBeginNavigation(
frame_tree_node(), std::move(validated_params), std::move(begin_params),
std::move(blob_url_loader_factory), std::move(navigation_client),
std::move(navigation_initiator), EnsurePrefetchedSignedExchangeCache(),
MaybeCreateWebBundleHandleTracker());
}
void RenderFrameHostImpl::SubresourceResponseStarted(
const GURL& url,
net::CertStatus cert_status) {
delegate_->SubresourceResponseStarted(url, cert_status);
}
void RenderFrameHostImpl::ResourceLoadComplete(
blink::mojom::ResourceLoadInfoPtr resource_load_info) {
GlobalRequestID global_request_id;
const bool is_frame_request =
blink::IsRequestDestinationFrame(resource_load_info->request_destination);
if (main_frame_request_ids_.first == resource_load_info->request_id) {
global_request_id = main_frame_request_ids_.second;
} else if (is_frame_request) {
// The load complete message for the main resource arrived before
// |DidCommitProvisionalLoad()|. We save the load info so
// |ResourceLoadComplete()| can be called later in
// |DidCommitProvisionalLoad()| when we can map to the global request ID.
deferred_main_frame_load_info_ = std::move(resource_load_info);
return;
}
delegate_->ResourceLoadComplete(this, global_request_id,
std::move(resource_load_info));
}
void RenderFrameHostImpl::HandleAXEvents(
const std::vector<ui::AXTreeUpdate>& updates,
const std::vector<ui::AXEvent>& events,
int32_t reset_token,
HandleAXEventsCallback callback) {
// Don't process this IPC if either we're waiting on a reset and this IPC
// doesn't have the matching token ID, or if we're not waiting on a reset but
// this message includes a reset token.
if (accessibility_reset_token_ != reset_token) {
std::move(callback).Run();
return;
}
accessibility_reset_token_ = 0;
RenderWidgetHostViewBase* view = GetViewForAccessibility();
ui::AXMode accessibility_mode = delegate_->GetAccessibilityMode();
if (accessibility_mode.is_mode_off() || !view ||
IsInactiveAndDisallowReactivation()) {
std::move(callback).Run();
return;
}
if (accessibility_mode.has_mode(ui::AXMode::kNativeAPIs))
GetOrCreateBrowserAccessibilityManager();
AXEventNotificationDetails details;
details.ax_tree_id = GetAXTreeID();
details.events = events;
details.updates.resize(updates.size());
for (size_t i = 0; i < updates.size(); ++i) {
details.updates[i] = updates[i];
if (updates[i].has_tree_data) {
ax_tree_data_ = updates[i].tree_data;
details.updates[i].tree_data = GetAXTreeData();
}
}
if (accessibility_mode.has_mode(ui::AXMode::kNativeAPIs))
SendAccessibilityEventsToManager(details);
delegate_->AccessibilityEventReceived(details);
// For testing only.
if (!accessibility_testing_callback_.is_null()) {
if (details.events.empty()) {
// Objects were marked dirty but no events were provided.
// The callback must still run, otherwise dump event tests can hang.
accessibility_testing_callback_.Run(this, ax::mojom::Event::kNone, 0);
} else {
// Call testing callback functions for each event to fire.
for (auto& event : details.events) {
if (static_cast<int>(event.event_type) < 0)
continue;
accessibility_testing_callback_.Run(this, event.event_type, event.id);
}
}
}
// Always send an ACK or the renderer can be in a bad state.
std::move(callback).Run();
}
void RenderFrameHostImpl::HandleAXLocationChanges(
std::vector<mojom::LocationChangesPtr> changes) {
if (accessibility_reset_token_ || IsInactiveAndDisallowReactivation())
return;
RenderWidgetHostViewBase* view = static_cast<RenderWidgetHostViewBase*>(
render_view_host_->GetWidget()->GetView());
if (view) {
ui::AXMode accessibility_mode = delegate_->GetAccessibilityMode();
if (accessibility_mode.has_mode(ui::AXMode::kNativeAPIs)) {
BrowserAccessibilityManager* manager =
GetOrCreateBrowserAccessibilityManager();
if (manager)
manager->OnLocationChanges(changes);
}
// Send the updates to the automation extension API.
std::vector<AXLocationChangeNotificationDetails> details;
details.reserve(changes.size());
for (auto& change : changes) {
AXLocationChangeNotificationDetails detail;
detail.id = change->id;
detail.ax_tree_id = GetAXTreeID();
detail.new_location = change->new_location;
details.push_back(detail);
}
delegate_->AccessibilityLocationChangesReceived(details);
}
}
media::MediaMetricsProvider::RecordAggregateWatchTimeCallback
RenderFrameHostImpl::GetRecordAggregateWatchTimeCallback() {
return delegate_->GetRecordAggregateWatchTimeCallback();
}
void RenderFrameHostImpl::ResetWaitingState() {
// We don't allow resetting waiting state when the RenderFrameHost is either
// in BackForwardCache or in pending deletion state, as we don't allow
// navigations from either of these two states.
DCHECK(!IsInBackForwardCache());
DCHECK(!IsPendingDeletion());
// Whenever we reset the RFH state, we should not be waiting for beforeunload
// or close acks. We clear them here to be safe, since they can cause
// navigations to be ignored in DidCommitProvisionalLoad.
if (is_waiting_for_beforeunload_completion_) {
is_waiting_for_beforeunload_completion_ = false;
if (beforeunload_timeout_)
beforeunload_timeout_->Stop();
has_shown_beforeunload_dialog_ = false;
beforeunload_pending_replies_.clear();
}
send_before_unload_start_time_ = base::TimeTicks();
render_view_host_->is_waiting_for_page_close_completion_ = false;
}
CanCommitStatus RenderFrameHostImpl::CanCommitOriginAndUrl(
const url::Origin& origin,
const GURL& url) {
// If the --disable-web-security flag is specified, all bets are off and the
// renderer process can send any origin it wishes.
if (base::CommandLine::ForCurrentProcess()->HasSwitch(
switches::kDisableWebSecurity)) {
return CanCommitStatus::CAN_COMMIT_ORIGIN_AND_URL;
}
// Renderer-debug URLs can never be committed.
if (IsRendererDebugURL(url)) {
LogCanCommitOriginAndUrlFailureReason("is_renderer_debug_url");
return CanCommitStatus::CANNOT_COMMIT_URL;
}
// Verify that if this RenderFrameHost is for a WebUI it is not committing a
// URL which is not allowed in a WebUI process.
if (!Navigator::CheckWebUIRendererDoesNotDisplayNormalURL(
this, url,
/* is_renderer_initiated_check */ true)) {
return CanCommitStatus::CANNOT_COMMIT_URL;
}
// MHTML subframes can supply URLs at commit time that do not match the
// process lock. For example, it can be either "cid:..." or arbitrary URL at
// which the frame was at the time of generating the MHTML
// (e.g. "http://localhost"). In such cases, don't verify the URL, but require
// the URL to commit in the process of the main frame.
if (!frame_tree_node()->IsMainFrame()) {
RenderFrameHostImpl* main_frame = GetMainFrame();
if (main_frame->is_mhtml_document()) {
if (IsSameSiteInstance(main_frame))
return CanCommitStatus::CAN_COMMIT_ORIGIN_AND_URL;
// If an MHTML subframe commits in a different process (even one that
// appears correct for the subframe's URL), then we aren't correctly
// loading it from the archive and should kill the renderer.
base::debug::SetCrashKeyString(
base::debug::AllocateCrashKeyString(
"oopif_in_mhtml_page", base::debug::CrashKeySize::Size32),
is_mhtml_document() ? "is_mhtml_doc" : "not_mhtml_doc");
LogCanCommitOriginAndUrlFailureReason("oopif_in_mhtml_page");
return CanCommitStatus::CANNOT_COMMIT_URL;
}
}
// Give the client a chance to disallow URLs from committing.
if (!GetContentClient()->browser()->CanCommitURL(GetProcess(), url)) {
LogCanCommitOriginAndUrlFailureReason(
"content_client_disallowed_commit_url");
return CanCommitStatus::CANNOT_COMMIT_URL;
}
auto* policy = ChildProcessSecurityPolicyImpl::GetInstance();
const CanCommitStatus can_commit_status = policy->CanCommitOriginAndUrl(
GetProcess()->GetID(), GetSiteInstance()->GetIsolationContext(), origin,
url);
if (can_commit_status != CanCommitStatus::CAN_COMMIT_ORIGIN_AND_URL) {
LogCanCommitOriginAndUrlFailureReason("cpspi_disallowed_commit");
return can_commit_status;
}
const auto origin_tuple_or_precursor_tuple =
origin.GetTupleOrPrecursorTupleIfOpaque();
if (origin_tuple_or_precursor_tuple.IsValid()) {
// Verify that the origin/precursor is allowed to commit in this process.
// Note: This also handles non-standard cases for |url|, such as
// about:blank, data, and blob URLs.
// Renderer-debug URLs can never be committed.
if (IsRendererDebugURL(origin_tuple_or_precursor_tuple.GetURL())) {
LogCanCommitOriginAndUrlFailureReason(
"origin_or_precursor_is_renderer_debug_url");
return CanCommitStatus::CANNOT_COMMIT_ORIGIN;
}
// Give the client a chance to disallow origin URLs from committing.
// TODO(acolwell): Fix this code to work with opaque origins. Currently
// some opaque origin precursors, like chrome-extension schemes, can trigger
// the commit to fail. These need to be investigated.
if (!origin.opaque() && !GetContentClient()->browser()->CanCommitURL(
GetProcess(), origin.GetURL())) {
LogCanCommitOriginAndUrlFailureReason(
"content_client_disallowed_commit_origin");
return CanCommitStatus::CANNOT_COMMIT_ORIGIN;
}
}
return CanCommitStatus::CAN_COMMIT_ORIGIN_AND_URL;
}
void RenderFrameHostImpl::Stop() {
TRACE_EVENT1("navigation", "RenderFrameHostImpl::Stop", "frame_tree_node",
frame_tree_node_->frame_tree_node_id());
GetAssociatedLocalFrame()->StopLoading();
}
void RenderFrameHostImpl::DispatchBeforeUnload(BeforeUnloadType type,
bool is_reload) {
bool for_navigation =
type == BeforeUnloadType::BROWSER_INITIATED_NAVIGATION ||
type == BeforeUnloadType::RENDERER_INITIATED_NAVIGATION;
bool for_inner_delegate_attach =
type == BeforeUnloadType::INNER_DELEGATE_ATTACH;
DCHECK(for_navigation || for_inner_delegate_attach || !is_reload);
// TAB_CLOSE and DISCARD should only dispatch beforeunload on main frames.
DCHECK(type == BeforeUnloadType::BROWSER_INITIATED_NAVIGATION ||
type == BeforeUnloadType::RENDERER_INITIATED_NAVIGATION ||
type == BeforeUnloadType::INNER_DELEGATE_ATTACH ||
frame_tree_node_->IsMainFrame());
if (!for_navigation) {
// Cancel any pending navigations, to avoid their navigation commit/fail
// event from wiping out the is_waiting_for_beforeunload_completion_ state.
if (frame_tree_node_->navigation_request() &&
frame_tree_node_->navigation_request()->IsNavigationStarted()) {
frame_tree_node_->navigation_request()->set_net_error(net::ERR_ABORTED);
}
frame_tree_node_->ResetNavigationRequest(false);
}
// In renderer-initiated navigations, don't check for beforeunload in the
// navigating frame, as it has already run beforeunload before it sent the
// BeginNavigation IPC.
bool check_subframes_only =
type == BeforeUnloadType::RENDERER_INITIATED_NAVIGATION;
if (!ShouldDispatchBeforeUnload(check_subframes_only)) {
// When running beforeunload for navigations, ShouldDispatchBeforeUnload()
// is checked earlier and we would only get here if it had already returned
// true.
DCHECK(!for_navigation);
// Dispatch the ACK to prevent re-entrancy.
base::OnceClosure task = base::BindOnce(
[](base::WeakPtr<RenderFrameHostImpl> self) {
if (!self)
return;
self->frame_tree_node_->render_manager()->BeforeUnloadCompleted(
true, base::TimeTicks::Now());
},
weak_ptr_factory_.GetWeakPtr());
base::ThreadTaskRunnerHandle::Get()->PostTask(FROM_HERE, std::move(task));
return;
}
TRACE_EVENT_NESTABLE_ASYNC_BEGIN1(
"navigation", "RenderFrameHostImpl BeforeUnload", TRACE_ID_LOCAL(this),
"&RenderFrameHostImpl", static_cast<void*>(this));
// This may be called more than once (if the user clicks the tab close button
// several times, or if they click the tab close button then the browser close
// button), and we only send the message once.
if (is_waiting_for_beforeunload_completion_) {
// Some of our close messages could be for the tab, others for cross-site
// transitions. We always want to think it's for closing the tab if any
// of the messages were, since otherwise it might be impossible to close
// (if there was a cross-site "close" request pending when the user clicked
// the close button). We want to keep the "for cross site" flag only if
// both the old and the new ones are also for cross site.
unload_ack_is_for_navigation_ =
unload_ack_is_for_navigation_ && for_navigation;
} else {
// Start the hang monitor in case the renderer hangs in the beforeunload
// handler.
is_waiting_for_beforeunload_completion_ = true;
beforeunload_dialog_request_cancels_unload_ = false;
unload_ack_is_for_navigation_ = for_navigation;
send_before_unload_start_time_ = base::TimeTicks::Now();
if (render_view_host_->GetDelegate()->IsJavaScriptDialogShowing()) {
// If there is a JavaScript dialog up, don't bother sending the renderer
// the unload event because it is known unresponsive, waiting for the
// reply from the dialog. If this incoming request is for a DISCARD be
// sure to reply with |proceed = false|, because the presence of a dialog
// indicates that the page can't be discarded.
SimulateBeforeUnloadCompleted(type != BeforeUnloadType::DISCARD);
} else {
// Start a timer that will be shared by all frames that need to run
// beforeunload in the current frame's subtree.
if (beforeunload_timeout_)
beforeunload_timeout_->Start(beforeunload_timeout_delay_);
beforeunload_pending_replies_.clear();
beforeunload_dialog_request_cancels_unload_ =
(type == BeforeUnloadType::DISCARD);
// Run beforeunload in this frame and its cross-process descendant
// frames, in parallel.
CheckOrDispatchBeforeUnloadForSubtree(check_subframes_only,
true /* send_ipc */, is_reload);
}
}
}
bool RenderFrameHostImpl::CheckOrDispatchBeforeUnloadForSubtree(
bool subframes_only,
bool send_ipc,
bool is_reload) {
bool found_beforeunload = false;
for (FrameTreeNode* node : frame_tree()->SubtreeNodes(frame_tree_node_)) {
RenderFrameHostImpl* rfh = node->current_frame_host();
// If |subframes_only| is true, skip this frame and its same-site
// descendants. This happens for renderer-initiated navigations, where
// these frames have already run beforeunload.
if (subframes_only && rfh->GetSiteInstance() == GetSiteInstance())
continue;
// No need to run beforeunload if the RenderFrame isn't live.
if (!rfh->IsRenderFrameLive())
continue;
// Only run beforeunload in frames that have registered a beforeunload
// handler.
bool should_run_beforeunload = rfh->has_before_unload_handler_;
// TODO(alexmos): Many tests, as well as some DevTools cases, currently
// assume that beforeunload for a navigating/closing frame is always sent
// to the renderer. For now, keep this assumption by checking |rfh ==
// this|. In the future, this condition should be removed, and beforeunload
// should only be sent when a handler is registered. For subframes of a
// navigating/closing frame, this assumption was never present, so
// subframes are included only if they have registered a beforeunload
// handler.
if (rfh == this)
should_run_beforeunload = true;
if (!should_run_beforeunload)
continue;
// If we're only checking whether there's at least one frame with
// beforeunload, then we've just found one, so we can return now.
found_beforeunload = true;
if (!send_ipc)
return true;
// Otherwise, figure out whether we need to send the IPC, or whether this
// beforeunload was already triggered by an ancestor frame's IPC.
// Only send beforeunload to local roots, and let Blink handle any
// same-site frames under them. That is, if a frame has a beforeunload
// handler, ask its local root to run it. If we've already sent the message
// to that local root, skip this frame. For example, in A1(A2,A3), if A2
// and A3 contain beforeunload handlers, and all three frames are
// same-site, we ask A1 to run beforeunload for all three frames, and only
// ask it once.
while (!rfh->is_local_root() && rfh != this)
rfh = rfh->GetParent();
if (base::Contains(beforeunload_pending_replies_, rfh))
continue;
// For a case like A(B(A)), it's not necessary to send an IPC for the
// innermost frame, as Blink will walk all same-site (local)
// descendants. Detect cases like this and skip them.
bool has_same_site_ancestor = false;
for (auto* added_rfh : beforeunload_pending_replies_) {
if (rfh->IsDescendantOf(added_rfh) &&
rfh->GetSiteInstance() == added_rfh->GetSiteInstance()) {
has_same_site_ancestor = true;
break;
}
}
if (has_same_site_ancestor)
continue;
// Add |rfh| to the list of frames that need to receive beforeunload
// ACKs.
beforeunload_pending_replies_.insert(rfh);
SendBeforeUnload(is_reload, rfh->GetWeakPtr());
}
return found_beforeunload;
}
void RenderFrameHostImpl::SimulateBeforeUnloadCompleted(bool proceed) {
DCHECK(is_waiting_for_beforeunload_completion_);
base::TimeTicks approx_renderer_start_time = send_before_unload_start_time_;
// Dispatch the ACK to prevent re-entrancy.
base::ThreadTaskRunnerHandle::Get()->PostTask(
FROM_HERE,
base::BindOnce(&RenderFrameHostImpl::ProcessBeforeUnloadCompleted,
weak_ptr_factory_.GetWeakPtr(), proceed,
true /* treat_as_final_completion_callback */,
approx_renderer_start_time, base::TimeTicks::Now()));
}
bool RenderFrameHostImpl::ShouldDispatchBeforeUnload(
bool check_subframes_only) {
return CheckOrDispatchBeforeUnloadForSubtree(
check_subframes_only, false /* send_ipc */, false /* is_reload */);
}
void RenderFrameHostImpl::SetBeforeUnloadTimeoutDelayForTesting(
const base::TimeDelta& timeout) {
beforeunload_timeout_delay_ = timeout;
}
void RenderFrameHostImpl::StartPendingDeletionOnSubtree() {
ResetNavigationsForPendingDeletion();
DCHECK(IsPendingDeletion());
for (std::unique_ptr<FrameTreeNode>& child_frame : children_) {
for (FrameTreeNode* node : frame_tree()->SubtreeNodes(child_frame.get())) {
RenderFrameHostImpl* child = node->current_frame_host();
if (child->IsPendingDeletion())
continue;
// Blink handles deletion of all same-process descendants, running their
// unload handler if necessary. So delegate sending IPC on the topmost
// ancestor using the same process.
RenderFrameHostImpl* local_ancestor = child;
for (auto* rfh = child->parent_; rfh != parent_; rfh = rfh->parent_) {
if (rfh->GetSiteInstance() == child->GetSiteInstance())
local_ancestor = rfh;
}
local_ancestor->DeleteRenderFrame(FrameDeleteIntention::kNotMainFrame);
if (local_ancestor != child) {
LifecycleState child_lifecycle_state =
child->has_unload_handlers()
? LifecycleState::kRunningUnloadHandlers
: LifecycleState::kReadyToBeDeleted;
child->SetLifecycleState(child_lifecycle_state);
}
node->frame_tree()->FrameUnloading(node);
}
}
}
void RenderFrameHostImpl::PendingDeletionCheckCompleted() {
if (lifecycle_state_ == LifecycleState::kReadyToBeDeleted &&
children_.empty()) {
if (is_waiting_for_unload_ack_)
OnUnloaded();
else
parent_->RemoveChild(frame_tree_node_);
}
}
void RenderFrameHostImpl::PendingDeletionCheckCompletedOnSubtree() {
if (children_.empty()) {
PendingDeletionCheckCompleted();
return;
}
// Collect children first before calling PendingDeletionCheckCompleted() on
// them, because it may delete them.
std::vector<RenderFrameHostImpl*> children_rfh;
for (std::unique_ptr<FrameTreeNode>& child : children_)
children_rfh.push_back(child->current_frame_host());
for (RenderFrameHostImpl* child_rfh : children_rfh)
child_rfh->PendingDeletionCheckCompletedOnSubtree();
}
void RenderFrameHostImpl::ResetNavigationsForPendingDeletion() {
for (auto& child : children_)
child->current_frame_host()->ResetNavigationsForPendingDeletion();
ResetNavigationRequests();
frame_tree_node_->ResetNavigationRequest(false);
frame_tree_node_->render_manager()->CleanUpNavigation();
}
void RenderFrameHostImpl::OnUnloadTimeout() {
DCHECK(IsPendingDeletion());
parent_->RemoveChild(frame_tree_node_);
}
void RenderFrameHostImpl::UpdateOpener() {
TRACE_EVENT1("navigation", "RenderFrameHostImpl::UpdateOpener",
"frame_tree_node", frame_tree_node_->frame_tree_node_id());
// This frame (the frame whose opener is being updated) might not have had
// proxies for the new opener chain in its SiteInstance. Make sure they
// exist.
if (frame_tree_node_->opener()) {
frame_tree_node_->opener()->render_manager()->CreateOpenerProxies(
GetSiteInstance(), frame_tree_node_);
}
auto opener_frame_token =
frame_tree_node_->render_manager()->GetOpenerFrameToken(
GetSiteInstance());
GetAssociatedLocalFrame()->UpdateOpener(opener_frame_token);
}
void RenderFrameHostImpl::SetFocusedFrame() {
GetAssociatedLocalFrame()->Focus();
}
void RenderFrameHostImpl::AdvanceFocus(blink::mojom::FocusType type,
RenderFrameProxyHost* source_proxy) {
DCHECK(!source_proxy ||
(source_proxy->GetProcess()->GetID() == GetProcess()->GetID()));
base::Optional<base::UnguessableToken> frame_token;
if (source_proxy)
frame_token = source_proxy->GetFrameToken();
GetAssociatedLocalFrame()->AdvanceFocusInFrame(type, frame_token);
}
void RenderFrameHostImpl::JavaScriptDialogClosed(
JavaScriptDialogCallback dialog_closed_callback,
bool success,
const base::string16& user_input) {
GetProcess()->SetBlocked(false);
std::move(dialog_closed_callback).Run(success, user_input);
// If executing as part of beforeunload event handling, there may have been
// timers stopped in this frame or a frame up in the frame hierarchy. Restart
// any timers that were stopped in OnRunBeforeUnloadConfirm().
for (RenderFrameHostImpl* frame = this; frame; frame = frame->GetParent()) {
if (frame->is_waiting_for_beforeunload_completion_ &&
frame->beforeunload_timeout_) {
frame->beforeunload_timeout_->Start(beforeunload_timeout_delay_);
}
}
}
bool RenderFrameHostImpl::ShouldDispatchPagehideAndVisibilitychangeDuringCommit(
RenderFrameHostImpl* old_frame_host,
const GURL& dest_url) {
// Only return true if this is a same-site navigation and we did a proactive
// BrowsingInstance swap but we're reusing the old page's renderer process.
DCHECK(old_frame_host);
if (old_frame_host->GetSiteInstance()->IsRelatedSiteInstance(
GetSiteInstance())) {
return false;
}
if (old_frame_host->GetProcess() != GetProcess()) {
return false;
}
if (!old_frame_host->IsNavigationSameSite(dest_url)) {
return false;
}
DCHECK(frame_tree_node_->IsMainFrame());
DCHECK_NE(old_frame_host, this);
DCHECK_NE(old_frame_host->GetSiteInstance(), GetSiteInstance());
return true;
}
void RenderFrameHostImpl::CommitNavigation(
NavigationRequest* navigation_request,
mojom::CommonNavigationParamsPtr common_params,
mojom::CommitNavigationParamsPtr commit_params,
network::mojom::URLResponseHeadPtr response_head,
mojo::ScopedDataPipeConsumerHandle response_body,
network::mojom::URLLoaderClientEndpointsPtr url_loader_client_endpoints,
bool is_view_source,
base::Optional<SubresourceLoaderParams> subresource_loader_params,
base::Optional<std::vector<blink::mojom::TransferrableURLLoaderPtr>>
subresource_overrides,
blink::mojom::ServiceWorkerContainerInfoForClientPtr container_info,
const base::UnguessableToken& devtools_navigation_token,
std::unique_ptr<WebBundleHandle> web_bundle_handle) {
TRACE_EVENT2("navigation", "RenderFrameHostImpl::CommitNavigation",
"frame_tree_node", frame_tree_node_->frame_tree_node_id(), "url",
common_params->url.possibly_invalid_spec());
DCHECK(!IsRendererDebugURL(common_params->url));
DCHECK(navigation_request);
bool is_same_document =
NavigationTypeUtils::IsSameDocument(common_params->navigation_type);
bool is_mhtml_iframe = navigation_request->IsForMhtmlSubframe();
// A |response| and a |url_loader_client_endpoints| must always be provided,
// except for edge cases, where another way to load the document exist.
DCHECK((response_head && url_loader_client_endpoints) ||
common_params->url.SchemeIs(url::kDataScheme) || is_same_document ||
!IsURLHandledByNetworkStack(common_params->url) || is_mhtml_iframe);
// All children of MHTML documents must be MHTML documents.
// As a defensive measure, crash the browser if something went wrong.
if (!frame_tree_node()->IsMainFrame()) {
RenderFrameHostImpl* root = GetMainFrame();
if (root->is_mhtml_document_ &&
!common_params->url.SchemeIs(url::kDataScheme)) {
bool loaded_from_outside_the_archive =
response_head || url_loader_client_endpoints;
CHECK(!loaded_from_outside_the_archive);
CHECK(is_mhtml_iframe);
CHECK_EQ(GetSiteInstance(), root->GetSiteInstance());
CHECK_EQ(GetProcess(), root->GetProcess());
} else {
DCHECK(!is_mhtml_iframe);
}
}
bool is_srcdoc = common_params->url.IsAboutSrcdoc();
if (is_srcdoc) {
// Main frame srcdoc navigation are meaningless. They are blocked whenever a
// navigation attempt is made. It shouldn't reach CommitNavigation.
CHECK(!frame_tree_node_->IsMainFrame());
// An about:srcdoc document is always same SiteInstance with its parent.
// Otherwise, it won't be able to load. The parent's document contains the
// iframe and its srcdoc attribute.
CHECK_EQ(GetSiteInstance(), parent_->GetSiteInstance());
}
// TODO(https://crbug.com/888079): Compute the Origin to commit here.
// If this is an attempt to commit a URL in an incompatible process, capture a
// crash dump to diagnose why it is occurring.
// TODO(creis): Remove this check after we've gathered enough information to
// debug issues with browser-side security checks. https://crbug.com/931895.
auto* policy = ChildProcessSecurityPolicyImpl::GetInstance();
const ProcessLock process_lock = GetSiteInstance()->GetProcessLock();
if (process_lock != ProcessLock::CreateForErrorPage() &&
common_params->url.IsStandard() &&
!policy->CanAccessDataForOrigin(GetProcess()->GetID(),
common_params->url) &&
!is_mhtml_iframe) {
base::debug::SetCrashKeyString(
base::debug::AllocateCrashKeyString("lock_url",
base::debug::CrashKeySize::Size64),
process_lock.ToString());
base::debug::SetCrashKeyString(
base::debug::AllocateCrashKeyString("commit_origin",
base::debug::CrashKeySize::Size64),
common_params->url.GetOrigin().spec());
base::debug::SetCrashKeyString(
base::debug::AllocateCrashKeyString("is_main_frame",
base::debug::CrashKeySize::Size32),
frame_tree_node_->IsMainFrame() ? "true" : "false");
NOTREACHED() << "Commiting in incompatible process for URL: "
<< process_lock.lock_url() << " lock vs "
<< common_params->url.GetOrigin();
base::debug::DumpWithoutCrashing();
}
const bool is_first_navigation = !has_committed_any_navigation_;
has_committed_any_navigation_ = true;
// If this is NOT for same-document navigation, existing |web_bundle_handle_|
// should be reset to the new one. Otherwise the existing one should be kept
// around so that the subresource requests keep being served from the
// WebBundleURLLoaderFactory held by the handle.
if (!is_same_document)
web_bundle_handle_ = std::move(web_bundle_handle);
UpdatePermissionsForNavigation(*common_params, *commit_params);
// Get back to a clean state, in case we start a new navigation without
// completing an unload handler.
ResetWaitingState();
// The renderer can exit view source mode when any error or cancellation
// happen. When reusing the same renderer, overwrite to recover the mode.
if (is_view_source && IsCurrent()) {
DCHECK(!GetParent());
GetAssociatedLocalFrame()->EnableViewSourceMode();
}
// TODO(lfg): The renderer is not able to handle a null response, so the
// browser provides an empty response instead. See the DCHECK in the beginning
// of this method for the edge cases where a response isn't provided.
network::mojom::URLResponseHeadPtr head =
response_head ? std::move(response_head)
: network::mojom::URLResponseHead::New();
// TODO(crbug.com/979296): Consider changing this code to copy an origin
// instead of creating one from a URL which lacks opacity information.
url::Origin main_world_origin_for_url_loader_factory =
navigation_request->GetOriginForURLLoaderFactory();
// IsolationInfo should be filled before the URLLoaderFactory for
// sub-resources is created. Only update for cross document navigations since
// for opaque origin same document navigations, a new origin should not be
// created as that would be different from the original.
if (!is_same_document) {
isolation_info_ = ComputeIsolationInfoInternal(
main_world_origin_for_url_loader_factory,
net::IsolationInfo::RedirectMode::kUpdateNothing);
}
DCHECK(!isolation_info_.IsEmpty());
if (navigation_request->appcache_handle()) {
// AppCache may create a subresource URLLoaderFactory later, so make sure it
// has the correct origin to use when calling
// ContentBrowserClient::WillCreateURLLoaderFactory().
navigation_request->appcache_handle()
->host()
->set_origin_for_url_loader_factory(
main_world_origin_for_url_loader_factory);
}
std::unique_ptr<blink::PendingURLLoaderFactoryBundle>
subresource_loader_factories;
if ((!is_same_document || is_first_navigation) && !is_srcdoc) {
recreate_default_url_loader_factory_after_network_service_crash_ = false;
subresource_loader_factories =
std::make_unique<blink::PendingURLLoaderFactoryBundle>();
BrowserContext* browser_context = GetSiteInstance()->GetBrowserContext();
// NOTE: On Network Service navigations, we want to ensure that a frame is
// given everything it will need to load any accessible subresources. We
// however only do this for cross-document navigations, because the
// alternative would be redundant effort.
if (subresource_loader_params &&
subresource_loader_params->pending_appcache_loader_factory.is_valid()) {
// If the caller has supplied a factory for AppCache, use it.
mojo::Remote<network::mojom::URLLoaderFactory> appcache_remote(std::move(
subresource_loader_params->pending_appcache_loader_factory));
mojo::PendingRemote<network::mojom::URLLoaderFactory>
appcache_proxied_remote;
auto appcache_proxied_receiver =
appcache_proxied_remote.InitWithNewPipeAndPassReceiver();
bool use_proxy =
GetContentClient()->browser()->WillCreateURLLoaderFactory(
browser_context, this, GetProcess()->GetID(),
ContentBrowserClient::URLLoaderFactoryType::kDocumentSubResource,
main_world_origin_for_url_loader_factory,
base::nullopt /* navigation_id */, &appcache_proxied_receiver,
nullptr /* header_client */, nullptr /* bypass_redirect_checks */,
nullptr /* disable_secure_dns */, nullptr /* factory_override */);
if (use_proxy) {
appcache_remote->Clone(std::move(appcache_proxied_receiver));
appcache_remote.reset();
appcache_remote.Bind(std::move(appcache_proxied_remote));
}
subresource_loader_factories->pending_appcache_factory() =
appcache_remote.Unbind();
}
non_network_uniquely_owned_factories_.clear();
ContentBrowserClient::NonNetworkURLLoaderFactoryMap non_network_factories;
// Set up the default factory.
mojo::PendingRemote<network::mojom::URLLoaderFactory>
pending_default_factory;
// See if this is for WebUI.
std::string scheme = common_params->url.scheme();
const auto& webui_schemes = URLDataManagerBackend::GetWebUISchemes();
if (base::Contains(webui_schemes, scheme)) {
mojo::PendingRemote<network::mojom::URLLoaderFactory> factory_for_webui;
auto factory_receiver =
factory_for_webui.InitWithNewPipeAndPassReceiver();
GetContentClient()->browser()->WillCreateURLLoaderFactory(
browser_context, this, GetProcess()->GetID(),
ContentBrowserClient::URLLoaderFactoryType::kDocumentSubResource,
main_world_origin_for_url_loader_factory,
base::nullopt /* navigation_id */, &factory_receiver,
nullptr /* header_client */, nullptr /* bypass_redirect_checks */,
nullptr /* disable_secure_dns */, nullptr /* factory_override */);
CreateWebUIURLLoaderBinding(frame_tree_node(), scheme,
std::move(factory_receiver));
// If the renderer has webui bindings, then don't give it access to
// network loader for security reasons.
// http://crbug.com/829412: make an exception for a small whitelist
// of WebUIs that need to be fixed to not make network requests in JS.
if ((enabled_bindings_ & kWebUIBindingsPolicyMask) &&
!GetContentClient()->browser()->IsWebUIAllowedToMakeNetworkRequests(
url::Origin::Create(common_params->url.GetOrigin()))) {
pending_default_factory = std::move(factory_for_webui);
// WebUIURLLoaderFactory will kill the renderer if it sees a request
// with a non-chrome scheme. Register a URLLoaderFactory for the about
// scheme so about:blank doesn't kill the renderer.
non_network_factories[url::kAboutScheme] =
AboutURLLoaderFactory::Create();
} else {
// This is a webui scheme that doesn't have webui bindings. Give it
// access to the network loader as it might require it.
subresource_loader_factories->pending_scheme_specific_factories()
.emplace(scheme, std::move(factory_for_webui));
}
}
if (!pending_default_factory) {
// Otherwise default to a Network Service-backed loader from the
// appropriate NetworkContext.
// TODO(clamy): Always use the NavigationRequest's ClientSecurityState
// when all interstitials are committed and we are guaranteed to have a
// NavigationRequest in this function.
recreate_default_url_loader_factory_after_network_service_crash_ = true;
CrossOriginEmbedderPolicyReporter* const coep_reporter =
navigation_request->coep_reporter();
mojo::PendingRemote<network::mojom::CrossOriginEmbedderPolicyReporter>
coep_reporter_remote;
if (coep_reporter) {
coep_reporter->Clone(
coep_reporter_remote.InitWithNewPipeAndPassReceiver());
}
bool bypass_redirect_checks =
CreateNetworkServiceDefaultFactoryAndObserve(
CreateURLLoaderFactoryParamsForMainWorld(
main_world_origin_for_url_loader_factory,
mojo::Clone(navigation_request->client_security_state()),
std::move(coep_reporter_remote),
DetermineWhetherToForbidTrustTokenRedemption(
GetParent(), *commit_params,
main_world_origin_for_url_loader_factory),
"RFHI::CommitNavigation"),
pending_default_factory.InitWithNewPipeAndPassReceiver());
subresource_loader_factories->set_bypass_redirect_checks(
bypass_redirect_checks);
}
bool navigation_to_web_bundle = false;
if (web_bundle_handle_ && web_bundle_handle_->IsReadyForLoading()) {
navigation_to_web_bundle = true;
mojo::Remote<network::mojom::URLLoaderFactory> fallback_factory(
std::move(pending_default_factory));
web_bundle_handle_->CreateURLLoaderFactory(
pending_default_factory.InitWithNewPipeAndPassReceiver(),
std::move(fallback_factory));
DCHECK(web_bundle_handle_->navigation_info());
commit_params->web_bundle_physical_url =
web_bundle_handle_->navigation_info()->source().url();
if (web_bundle_handle_->claimed_url().is_valid()) {
commit_params->web_bundle_claimed_url =
web_bundle_handle_->claimed_url();
}
}
DCHECK(pending_default_factory);
subresource_loader_factories->pending_default_factory() =
std::move(pending_default_factory);
// Only file resources and about:blank with an initiator that can load files
// can load file subresources.
//
// Other URLs like about:srcdoc might be able load files, but only because
// they will inherit loaders from their parents instead of the ones
// provided by the browser process here.
// TODO(crbug.com/949510): Make about:srcdoc also use this path instead of
// inheriting loaders from the parent.
//
// For loading Web Bundle files, we don't set FileURLLoaderFactory.
// Because loading local files from a Web Bundle file is prohibited.
//
// TODO(crbug.com/888079): In the future, use
// GetOriginForURLLoaderFactory/GetOriginToCommit.
if ((common_params->url.SchemeIsFile() ||
(common_params->url.IsAboutBlank() &&
common_params->initiator_origin &&
common_params->initiator_origin->scheme() == url::kFileScheme)) &&
!navigation_to_web_bundle) {
// USER_BLOCKING because this scenario is exactly one of the examples
// given by the doc comment for USER_BLOCKING: Loading and rendering a web
// page after the user clicks a link.
base::TaskPriority file_factory_priority =
base::TaskPriority::USER_BLOCKING;
non_network_factories.emplace(
url::kFileScheme,
FileURLLoaderFactory::Create(
browser_context->GetPath(),
browser_context->GetSharedCorsOriginAccessList(),
file_factory_priority));
}
#if defined(OS_ANDROID)
if (common_params->url.SchemeIs(url::kContentScheme)) {
// Only content:// URLs can load content:// subresources
non_network_factories.emplace(url::kContentScheme,
ContentURLLoaderFactory::Create());
}
#endif
auto* partition =
static_cast<StoragePartitionImpl*>(BrowserContext::GetStoragePartition(
browser_context, GetSiteInstance()));
non_network_factories.emplace(
url::kFileSystemScheme, CreateFileSystemURLLoaderFactory(
GetProcess()->GetID(), GetFrameTreeNodeId(),
partition->GetFileSystemContext(),
partition->GetPartitionDomain()));
non_network_factories.emplace(url::kDataScheme,
DataURLLoaderFactory::Create());
GetContentClient()
->browser()
->RegisterNonNetworkSubresourceURLLoaderFactories(
GetProcess()->GetID(), routing_id_,
&non_network_uniquely_owned_factories_, &non_network_factories);
for (auto& factory : non_network_uniquely_owned_factories_) {
mojo::PendingRemote<network::mojom::URLLoaderFactory>
pending_factory_proxy;
mojo::PendingReceiver<network::mojom::URLLoaderFactory> factory_receiver =
pending_factory_proxy.InitWithNewPipeAndPassReceiver();
WillCreateURLLoaderFactory(main_world_origin_for_url_loader_factory,
&factory_receiver);
factory.second->Clone(std::move(factory_receiver));
subresource_loader_factories->pending_scheme_specific_factories().emplace(
factory.first, std::move(pending_factory_proxy));
}
for (auto& factory : non_network_factories) {
mojo::PendingRemote<network::mojom::URLLoaderFactory>
pending_factory_proxy;
mojo::PendingReceiver<network::mojom::URLLoaderFactory> factory_receiver =
pending_factory_proxy.InitWithNewPipeAndPassReceiver();
WillCreateURLLoaderFactory(main_world_origin_for_url_loader_factory,
&factory_receiver);
mojo::Remote<network::mojom::URLLoaderFactory> remote(
std::move(factory.second));
remote->Clone(std::move(factory_receiver));
subresource_loader_factories->pending_scheme_specific_factories().emplace(
factory.first, std::move(pending_factory_proxy));
}
// TODO(clamy): Always use the NavigationRequest's ClientSecurityState
// when all interstitials are committed and we are guaranteed to have a
// NavigationRequest in this function.
subresource_loader_factories->pending_isolated_world_factories() =
CreateURLLoaderFactoriesForIsolatedWorlds(
main_world_origin_for_url_loader_factory,
isolated_worlds_requiring_separate_url_loader_factory_,
mojo::Clone(navigation_request->client_security_state()),
DetermineWhetherToForbidTrustTokenRedemption(
GetParent(), *commit_params,
main_world_origin_for_url_loader_factory));
}
// It is imperative that cross-document navigations always provide a set of
// subresource ULFs.
DCHECK(is_same_document || !is_first_navigation || is_srcdoc ||
subresource_loader_factories);
if (is_same_document) {
bool should_replace_current_entry =
common_params->should_replace_current_entry;
DCHECK(same_document_navigation_request_);
GetNavigationControl()->CommitSameDocumentNavigation(
std::move(common_params), std::move(commit_params),
base::BindOnce(&RenderFrameHostImpl::OnSameDocumentCommitProcessed,
base::Unretained(this),
same_document_navigation_request_->GetNavigationId(),
should_replace_current_entry));
} else {
// Pass the controller service worker info if we have one.
blink::mojom::ControllerServiceWorkerInfoPtr controller;
mojo::PendingAssociatedRemote<blink::mojom::ServiceWorkerObject>
remote_object;
blink::mojom::ServiceWorkerState sent_state;
if (subresource_loader_params &&
subresource_loader_params->controller_service_worker_info) {
controller =
std::move(subresource_loader_params->controller_service_worker_info);
if (controller->object_info) {
controller->object_info->receiver =
remote_object.InitWithNewEndpointAndPassReceiver();
sent_state = controller->object_info->state;
}
}
std::unique_ptr<blink::PendingURLLoaderFactoryBundle>
factory_bundle_for_prefetch;
mojo::PendingRemote<network::mojom::URLLoaderFactory>
prefetch_loader_factory;
if (subresource_loader_factories) {
// Clone the factory bundle for prefetch.
auto bundle = base::MakeRefCounted<blink::URLLoaderFactoryBundle>(
std::move(subresource_loader_factories));
subresource_loader_factories = CloneFactoryBundle(bundle);
factory_bundle_for_prefetch = CloneFactoryBundle(bundle);
}
if (factory_bundle_for_prefetch) {
if (prefetched_signed_exchange_cache_) {
prefetched_signed_exchange_cache_->RecordHistograms();
// Reset |prefetched_signed_exchange_cache_|, not to reuse the cached
// signed exchange which was prefetched in the previous page.
prefetched_signed_exchange_cache_.reset();
}
// Also set-up URLLoaderFactory for prefetch using the same loader
// factories. TODO(kinuko): Consider setting this up only when prefetch
// is used. Currently we have this here to make sure we have non-racy
// situation (https://crbug.com/849929).
auto* storage_partition = static_cast<StoragePartitionImpl*>(
BrowserContext::GetStoragePartition(
GetSiteInstance()->GetBrowserContext(), GetSiteInstance()));
storage_partition->GetPrefetchURLLoaderService()->GetFactory(
prefetch_loader_factory.InitWithNewPipeAndPassReceiver(),
frame_tree_node_->frame_tree_node_id(),
std::move(factory_bundle_for_prefetch),
weak_ptr_factory_.GetWeakPtr(),
EnsurePrefetchedSignedExchangeCache());
}
mojom::NavigationClient* navigation_client =
navigation_request->GetCommitNavigationClient();
// Record the metrics about the state of the old main frame at the moment
// when we navigate away from it as it matters for whether the page
// is eligible for being put into back-forward cache.
//
// Ideally we would do this when we are just about to swap out the old
// render frame and swap in the new one, but we can't do this for
// same-process navigations yet as we are reusing the RenderFrameHost and
// as the local frame navigates it overrides the values that we are
// interested in. The cross-process navigation case is handled in
// RenderFrameHostManager::UnloadOldFrame.
//
// Here we are recording the metrics for same-process navigations at the
// point just before the navigation commits.
// TODO(altimin, crbug.com/933147): Remove this logic after we are done with
// implementing back-forward cache.
if (!GetParent() && frame_tree_node_->current_frame_host() == this) {
if (NavigationEntryImpl* last_committed_entry =
NavigationEntryImpl::FromNavigationEntry(
frame_tree()->controller()->GetLastCommittedEntry())) {
if (last_committed_entry->back_forward_cache_metrics()) {
last_committed_entry->back_forward_cache_metrics()
->RecordFeatureUsage(this);
}
}
}
// about:srcdoc "inherits" loaders from its parent in the renderer process,
// There are no need to provide new ones here.
// TODO(arthursonzogni): What about about:blank URLs?
// TODO(arthursonzogni): What about data-URLs?
//
// Note: Inheriting loaders could be done in the browser process, but we
// aren't confident there are enough reliable information in the
// browser process to always make the correct decision. "Inheriting"
// in the renderer process is slightly less problematic in that it
// guarantees the renderer won't have higher privileges than it
// originally had (since it will inherit loader factories it already
// had access to).
if (is_srcdoc) {
DCHECK(!subresource_loader_factories);
DCHECK(!subresource_overrides);
DCHECK(!prefetch_loader_factory);
}
// If a network request was made, update the Previews state.
if (IsURLHandledByNetworkStack(common_params->url))
last_navigation_previews_state_ = common_params->previews_state;
dom_content_loaded_ = false;
SendCommitNavigation(
navigation_client, navigation_request, std::move(common_params),
std::move(commit_params), std::move(head), std::move(response_body),
std::move(url_loader_client_endpoints),
std::move(subresource_loader_factories),
std::move(subresource_overrides), std::move(controller),
std::move(container_info), std::move(prefetch_loader_factory),
devtools_navigation_token);
// |remote_object| is an associated interface ptr, so calls can't be made on
// it until its request endpoint is sent. Now that the request endpoint was
// sent, it can be used, so add it to ServiceWorkerObjectHost.
if (remote_object.is_valid()) {
RunOrPostTaskOnThread(
FROM_HERE, ServiceWorkerContext::GetCoreThreadId(),
base::BindOnce(
&ServiceWorkerObjectHost::AddRemoteObjectPtrAndUpdateState,
subresource_loader_params->controller_service_worker_object_host,
std::move(remote_object), sent_state));
}
}
is_loading_ = true;
}
void RenderFrameHostImpl::FailedNavigation(
NavigationRequest* navigation_request,
const mojom::CommonNavigationParams& common_params,
const mojom::CommitNavigationParams& commit_params,
bool has_stale_copy_in_cache,
int error_code,
const base::Optional<std::string>& error_page_content) {
TRACE_EVENT2("navigation", "RenderFrameHostImpl::FailedNavigation",
"frame_tree_node", frame_tree_node_->frame_tree_node_id(),
"error", error_code);
DCHECK(navigation_request);
// Update renderer permissions even for failed commits, so that for example
// the URL bar correctly displays privileged URLs instead of filtering them.
UpdatePermissionsForNavigation(common_params, commit_params);
// Get back to a clean state, in case a new navigation started without
// completing an unload handler.
ResetWaitingState();
// Error page will commit in an opaque origin.
//
// TODO(lukasza): https://crbug.com/888079: Use this origin when committing
// later on.
url::Origin error_page_origin = url::Origin();
isolation_info_ = net::IsolationInfo::CreateTransient();
std::unique_ptr<blink::PendingURLLoaderFactoryBundle>
subresource_loader_factories;
mojo::PendingRemote<network::mojom::URLLoaderFactory> default_factory_remote;
bool bypass_redirect_checks = CreateNetworkServiceDefaultFactoryAndObserve(
CreateURLLoaderFactoryParamsForMainWorld(
error_page_origin,
mojo::Clone(navigation_request->client_security_state()),
/*coep_reporter=*/mojo::NullRemote(),
network::mojom::TrustTokenRedemptionPolicy::kForbid,
"RFHI::FailedNavigation"),
default_factory_remote.InitWithNewPipeAndPassReceiver());
subresource_loader_factories =
std::make_unique<blink::PendingURLLoaderFactoryBundle>(
std::move(default_factory_remote),
blink::PendingURLLoaderFactoryBundle::SchemeMap(),
blink::PendingURLLoaderFactoryBundle::OriginMap(),
bypass_redirect_checks);
mojom::NavigationClient* navigation_client =
navigation_request->GetCommitNavigationClient();
SendCommitFailedNavigation(
navigation_client, navigation_request, common_params.Clone(),
commit_params.Clone(), has_stale_copy_in_cache, error_code,
error_page_content, std::move(subresource_loader_factories));
// An error page is expected to commit, hence why is_loading_ is set to true.
is_loading_ = true;
dom_content_loaded_ = false;
has_committed_any_navigation_ = true;
DCHECK(navigation_request && navigation_request->IsNavigationStarted() &&
navigation_request->GetNetErrorCode() != net::OK);
}
void RenderFrameHostImpl::HandleRendererDebugURL(const GURL& url) {
DCHECK(IsRendererDebugURL(url));
// Several tests expect a load of Chrome Debug URLs to send a DidStopLoading
// notification, so set is loading to true here to properly surface it when
// the renderer process is done handling the URL.
// TODO(clamy): Remove the test dependency on this behavior.
if (!url.SchemeIs(url::kJavaScriptScheme)) {
bool was_loading = frame_tree()->IsLoading();
is_loading_ = true;
frame_tree_node()->DidStartLoading(true, was_loading);
}
GetNavigationControl()->HandleRendererDebugURL(url);
// Ensure that the renderer process is marked as used after processing a
// renderer debug URL, since this process is now unsafe to be reused by sites
// that require a dedicated process. Usually this happens at ready-to-commit
// (NavigationRequest::OnResponseStarted) time for regular navigations, but
// renderer debug URLs don't go through that path. This matters for initial
// navigations to renderer debug URLs. See https://crbug.com/1074108.
GetProcess()->SetIsUsed();
}
void RenderFrameHostImpl::SetUpMojoIfNeeded() {
if (associated_registry_.get())
return;
associated_registry_ = std::make_unique<blink::AssociatedInterfaceRegistry>();
auto bind_frame_host_receiver =
[](RenderFrameHostImpl* impl,
mojo::PendingAssociatedReceiver<mojom::FrameHost> receiver) {
impl->frame_host_associated_receiver_.Bind(std::move(receiver));
impl->frame_host_associated_receiver_.SetFilter(
impl->CreateMessageFilterForAssociatedReceiver(
mojom::FrameHost::Name_));
};
associated_registry_->AddInterface(
base::BindRepeating(bind_frame_host_receiver, base::Unretained(this)));
associated_registry_->AddInterface(base::BindRepeating(
[](RenderFrameHostImpl* impl,
mojo::PendingAssociatedReceiver<
blink::mojom::BackForwardCacheControllerHost> receiver) {
impl->back_forward_cache_controller_host_associated_receiver_.Bind(
std::move(receiver));
impl->back_forward_cache_controller_host_associated_receiver_.SetFilter(
CreateMessageFilterForAssociatedReceiverImpl(
impl, blink::mojom::BackForwardCacheControllerHost::Name_,
BackForwardCacheImpl::kMessagePolicyNone));
},
base::Unretained(this)));
associated_registry_->AddInterface(base::BindRepeating(
[](RenderFrameHostImpl* self,
mojo::PendingAssociatedReceiver<blink::mojom::PortalHost> receiver) {
Portal::BindPortalHostReceiver(self, std::move(receiver));
},
base::Unretained(this)));
associated_registry_->AddInterface(base::BindRepeating(
[](RenderFrameHostImpl* impl,
mojo::PendingAssociatedReceiver<blink::mojom::LocalFrameHost>
receiver) {
impl->local_frame_host_receiver_.Bind(std::move(receiver));
impl->local_frame_host_receiver_.SetFilter(
impl->CreateMessageFilterForAssociatedReceiver(
blink::mojom::LocalFrameHost::Name_));
},
base::Unretained(this)));
if (frame_tree_node_->IsMainFrame()) {
associated_registry_->AddInterface(base::BindRepeating(
[](RenderFrameHostImpl* impl,
mojo::PendingAssociatedReceiver<blink::mojom::LocalMainFrameHost>
receiver) {
impl->local_main_frame_host_receiver_.Bind(std::move(receiver));
impl->local_main_frame_host_receiver_.SetFilter(
impl->CreateMessageFilterForAssociatedReceiver(
blink::mojom::LocalMainFrameHost::Name_));
},
base::Unretained(this)));
associated_registry_->AddInterface(base::BindRepeating(
[](RenderFrameHostImpl* impl,
mojo::PendingAssociatedReceiver<
blink::mojom::ManifestUrlChangeObserver> receiver) {
ManifestManagerHost::GetOrCreateForCurrentDocument(impl)
->BindObserver(std::move(receiver));
},
base::Unretained(this)));
}
associated_registry_->AddInterface(base::BindRepeating(
[](RenderFrameHostImpl* impl,
mojo::PendingAssociatedReceiver<mojom::RenderAccessibilityHost>
receiver) {
impl->render_accessibility_host_receiver_.Bind(std::move(receiver));
impl->render_accessibility_host_receiver_.SetFilter(
impl->CreateMessageFilterForAssociatedReceiver(
mojom::RenderAccessibilityHost::Name_));
},
base::Unretained(this)));
// TODO(crbug.com/1047354): How to avoid binding if the
// BINDINGS_POLICY_DOM_AUTOMATION policy is not set?
associated_registry_->AddInterface(base::BindRepeating(
[](RenderFrameHostImpl* impl,
mojo::PendingAssociatedReceiver<mojom::DomAutomationControllerHost>
receiver) {
impl->BindDomOperationControllerHostReceiver(std::move(receiver));
},
base::Unretained(this)));
file_system_manager_.reset(new FileSystemManagerImpl(
GetProcess()->GetID(),
GetProcess()->GetStoragePartition()->GetFileSystemContext(),
ChromeBlobStorageContext::GetFor(GetProcess()->GetBrowserContext())));
mojo::PendingRemote<mojom::FrameFactory> frame_factory;
GetProcess()->BindReceiver(frame_factory.InitWithNewPipeAndPassReceiver());
mojo::Remote<mojom::FrameFactory>(std::move(frame_factory))
->CreateFrame(routing_id_, frame_.BindNewPipeAndPassReceiver());
// TODO(http://crbug.com/1014212): Change to DCHECK.
CHECK(frame_);
mojo::PendingRemote<service_manager::mojom::InterfaceProvider>
remote_interfaces;
frame_->GetInterfaceProvider(
remote_interfaces.InitWithNewPipeAndPassReceiver());
remote_interfaces_ = std::make_unique<service_manager::InterfaceProvider>();
remote_interfaces_->Bind(std::move(remote_interfaces));
// Called to bind the receiver for this interface to the local frame. We need
// to eagarly bind here because binding happens at normal priority on the main
// thread and future calls to this interface need to be high priority.
GetHighPriorityLocalFrame();
}
void RenderFrameHostImpl::InvalidateMojoConnection() {
frame_.reset();
frame_bindings_control_.reset();
frame_host_associated_receiver_.reset();
local_frame_.reset();
local_main_frame_.reset();
high_priority_local_frame_.reset();
navigation_control_.reset();
find_in_page_.reset();
render_accessibility_.reset();
// Disconnect with ImageDownloader Mojo service in Blink.
mojo_image_downloader_.reset();
// The geolocation service and sensor provider proxy may attempt to cancel
// permission requests so they must be reset before the routing_id mapping is
// removed.
geolocation_service_.reset();
sensor_provider_proxy_.reset();
render_accessibility_host_receiver_.reset();
local_frame_host_receiver_.reset();
local_main_frame_host_receiver_.reset();
associated_registry_.reset();
}
bool RenderFrameHostImpl::IsFocused() {
if (!GetRenderWidgetHost()->is_focused() || !frame_tree_->GetFocusedFrame())
return false;
RenderFrameHostImpl* focused_rfh =
frame_tree_->GetFocusedFrame()->current_frame_host();
return focused_rfh == this || focused_rfh->IsDescendantOf(this);
}
bool RenderFrameHostImpl::CreateWebUI(const GURL& dest_url,
int entry_bindings) {
// Verify expectation that WebUI should not be created for error pages.
DCHECK_NE(GetSiteInstance()->GetSiteInfo(), SiteInfo::CreateForErrorPage());
WebUI::TypeID new_web_ui_type =
WebUIControllerFactoryRegistry::GetInstance()->GetWebUIType(
GetSiteInstance()->GetBrowserContext(), dest_url);
CHECK_NE(new_web_ui_type, WebUI::kNoWebUI);
// If |web_ui_| already exists, there is no need to create a new one. However,
// it is useful to verify that its type hasn't changed. Site isolation
// guarantees that RenderFrameHostImpl will be changed if the WebUI type
// differs.
if (web_ui_) {
CHECK_EQ(new_web_ui_type, web_ui_type_);
return false;
}
web_ui_ = delegate_->CreateWebUIForRenderFrameHost(this, dest_url);
if (!web_ui_)
return false;
// If we have assigned (zero or more) bindings to the NavigationEntry in
// the past, make sure we're not granting it different bindings than it
// had before. If so, note it and don't give it any bindings, to avoid a
// potential privilege escalation.
if (entry_bindings != FrameNavigationEntry::kInvalidBindings &&
web_ui_->GetBindings() != entry_bindings) {
RecordAction(base::UserMetricsAction("ProcessSwapBindingsMismatch_RVHM"));
ClearWebUI();
return false;
}
// It is not expected for GuestView to be able to navigate to WebUI.
DCHECK(!GetProcess()->IsForGuestsOnly());
web_ui_type_ = new_web_ui_type;
// WebUIs need the ability to request certain schemes.
for (const auto& scheme : web_ui_->GetRequestableSchemes()) {
ChildProcessSecurityPolicyImpl::GetInstance()->GrantRequestScheme(
GetProcess()->GetID(), scheme);
}
// Since this is new WebUI instance, this RenderFrameHostImpl should not
// have had any bindings. Verify that and grant the required bindings.
DCHECK_EQ(0, GetEnabledBindings());
AllowBindings(web_ui_->GetBindings());
return true;
}
void RenderFrameHostImpl::ClearWebUI() {
web_ui_type_ = WebUI::kNoWebUI;
web_ui_.reset();
}
const mojo::Remote<blink::mojom::ImageDownloader>&
RenderFrameHostImpl::GetMojoImageDownloader() {
if (!mojo_image_downloader_.is_bound() && GetRemoteInterfaces()) {
GetRemoteInterfaces()->GetInterface(
mojo_image_downloader_.BindNewPipeAndPassReceiver());
}
return mojo_image_downloader_;
}
const mojo::AssociatedRemote<blink::mojom::FindInPage>&
RenderFrameHostImpl::GetFindInPage() {
if (!find_in_page_)
GetRemoteAssociatedInterfaces()->GetInterface(&find_in_page_);
return find_in_page_;
}
const mojo::AssociatedRemote<blink::mojom::LocalFrame>&
RenderFrameHostImpl::GetAssociatedLocalFrame() {
if (!local_frame_)
GetRemoteAssociatedInterfaces()->GetInterface(&local_frame_);
return local_frame_;
}
blink::mojom::LocalMainFrame*
RenderFrameHostImpl::GetAssociatedLocalMainFrame() {
DCHECK(frame_tree_node_->IsMainFrame());
if (!local_main_frame_)
GetRemoteAssociatedInterfaces()->GetInterface(&local_main_frame_);
return local_main_frame_.get();
}
const mojo::Remote<blink::mojom::HighPriorityLocalFrame>&
RenderFrameHostImpl::GetHighPriorityLocalFrame() {
if (!high_priority_local_frame_.is_bound()) {
GetRemoteInterfaces()->GetInterface(
high_priority_local_frame_.BindNewPipeAndPassReceiver());
}
return high_priority_local_frame_;
}
const mojo::AssociatedRemote<mojom::FrameBindingsControl>&
RenderFrameHostImpl::GetFrameBindingsControl() {
if (!frame_bindings_control_)
GetRemoteAssociatedInterfaces()->GetInterface(&frame_bindings_control_);
return frame_bindings_control_;
}
void RenderFrameHostImpl::ResetLoadingState() {
if (is_loading()) {
// When pending deletion, just set the loading state to not loading.
// Otherwise, DidStopLoading will take care of that, as well as sending
// notification to the FrameTreeNode about the change in loading state.
if (IsPendingDeletion() || IsInBackForwardCache())
is_loading_ = false;
else
DidStopLoading();
}
}
void RenderFrameHostImpl::ClearFocusedElement() {
has_focused_editable_element_ = false;
GetAssociatedLocalFrame()->ClearFocusedElement();
}
void RenderFrameHostImpl::BlockRequestsForFrame() {
DCHECK_CURRENTLY_ON(BrowserThread::UI);
ForEachFrame(this,
base::BindRepeating([](RenderFrameHostImpl* render_frame_host) {
if (render_frame_host->frame_)
render_frame_host->frame_->BlockRequests();
}));
}
void RenderFrameHostImpl::ResumeBlockedRequestsForFrame() {
ForEachFrame(this,
base::BindRepeating([](RenderFrameHostImpl* render_frame_host) {
if (render_frame_host->frame_)
render_frame_host->frame_->ResumeBlockedRequests();
}));
}
void RenderFrameHostImpl::CancelBlockedRequestsForFrame() {
DCHECK_CURRENTLY_ON(BrowserThread::UI);
ForEachFrame(this,
base::BindRepeating([](RenderFrameHostImpl* render_frame_host) {
if (render_frame_host->frame_)
render_frame_host->frame_->CancelBlockedRequests();
}));
}
void RenderFrameHostImpl::BindDevToolsAgent(
mojo::PendingAssociatedRemote<blink::mojom::DevToolsAgentHost> host,
mojo::PendingAssociatedReceiver<blink::mojom::DevToolsAgent> receiver) {
GetNavigationControl()->BindDevToolsAgent(std::move(host),
std::move(receiver));
}
bool RenderFrameHostImpl::IsSameSiteInstance(
RenderFrameHostImpl* other_render_frame_host) {
// As a sanity check, make sure the frame belongs to the same BrowserContext.
CHECK_EQ(GetSiteInstance()->GetBrowserContext(),
other_render_frame_host->GetSiteInstance()->GetBrowserContext());
return GetSiteInstance() == other_render_frame_host->GetSiteInstance();
}
void RenderFrameHostImpl::UpdateAccessibilityMode() {
// Don't update accessibility mode for a frame that hasn't been created yet.
if (!IsRenderFrameCreated())
return;
ui::AXMode ax_mode = delegate_->GetAccessibilityMode();
if (!ax_mode.has_mode(ui::AXMode::kWebContents)) {
// Resetting the Remote signals the renderer to shutdown accessibility
// in the renderer.
render_accessibility_.reset();
return;
}
if (!render_accessibility_) {
// Render accessibility is not enabled yet, so bind the interface first.
GetRemoteAssociatedInterfaces()->GetInterface(&render_accessibility_);
}
render_accessibility_->SetMode(ax_mode.mode());
}
void RenderFrameHostImpl::RequestAXTreeSnapshot(AXTreeSnapshotCallback callback,
ui::AXMode ax_mode) {
// TODO(https://crbug.com/859110): Remove once frame_ can no longer be null.
if (!IsRenderFrameLive())
return;
frame_->SnapshotAccessibilityTree(
ax_mode.mode(),
base::BindOnce(&RenderFrameHostImpl::RequestAXTreeSnapshotCallback,
weak_ptr_factory_.GetWeakPtr(), std::move(callback)));
}
void RenderFrameHostImpl::GetSavableResourceLinksFromRenderer() {
if (!IsRenderFrameLive())
return;
GetAssociatedLocalFrame()->GetSavableResourceLinks(
base::BindOnce(&RenderFrameHostImpl::GetSavableResourceLinksCallback,
weak_ptr_factory_.GetWeakPtr()));
}
void RenderFrameHostImpl::SetAccessibilityCallbackForTesting(
const AccessibilityCallbackForTesting& callback) {
accessibility_testing_callback_ = callback;
}
void RenderFrameHostImpl::UpdateAXTreeData() {
ui::AXMode accessibility_mode = delegate_->GetAccessibilityMode();
if (accessibility_mode.is_mode_off() || IsInactiveAndDisallowReactivation()) {
return;
}
AXEventNotificationDetails detail;
detail.ax_tree_id = GetAXTreeID();
detail.updates.resize(1);
detail.updates[0].has_tree_data = true;
detail.updates[0].tree_data = GetAXTreeData();
SendAccessibilityEventsToManager(detail);
delegate_->AccessibilityEventReceived(detail);
}
BrowserAccessibilityManager*
RenderFrameHostImpl::GetOrCreateBrowserAccessibilityManager() {
RenderWidgetHostViewBase* view = GetViewForAccessibility();
if (view && !browser_accessibility_manager_ &&
!no_create_browser_accessibility_manager_for_testing_) {
browser_accessibility_manager_.reset(
view->CreateBrowserAccessibilityManager(this, is_main_frame()));
}
return browser_accessibility_manager_.get();
}
void RenderFrameHostImpl::ActivateFindInPageResultForAccessibility(
int request_id) {
ui::AXMode accessibility_mode = delegate_->GetAccessibilityMode();
if (accessibility_mode.has_mode(ui::AXMode::kNativeAPIs)) {
BrowserAccessibilityManager* manager =
GetOrCreateBrowserAccessibilityManager();
if (manager)
manager->ActivateFindInPageResult(request_id);
}
}
void RenderFrameHostImpl::InsertVisualStateCallback(
VisualStateCallback callback) {
GetRenderWidgetHost()->InsertVisualStateCallback(std::move(callback));
}
bool RenderFrameHostImpl::IsRenderFrameCreated() {
return render_frame_created_;
}
bool RenderFrameHostImpl::IsRenderFrameLive() {
bool is_live =
GetProcess()->IsInitializedAndNotDead() && render_frame_created_;
// Sanity check: the RenderView should always be live if the RenderFrame is.
DCHECK(!is_live || render_view_host_->IsRenderViewLive());
return is_live;
}
bool RenderFrameHostImpl::IsCurrent() {
RenderFrameHostImpl* rfh = this;
// Check this RenderFrameHost and all its ancestors to see if they are the
// current ones in their respective FrameTreeNodes.
// It is important to check for all ancestors as when navigation commits a new
// RenderFrameHost may replace one of the parents, swapping out the old with
// its entire subtree but |this| will still be a current one in its
// FrameTreeNode.
while (rfh) {
if (rfh->frame_tree_node()->current_frame_host() != rfh)
return false;
rfh = rfh->GetParent();
}
return true;
}
size_t RenderFrameHostImpl::GetProxyCount() {
if (!IsCurrent())
return 0;
return frame_tree_node_->render_manager()->GetProxyCount();
}
bool RenderFrameHostImpl::HasSelection() {
return has_selection_;
}
RenderFrameHostImpl* RenderFrameHostImpl::GetMainFrame() {
// Iteration over the GetParent() chain is used below, because returning
// |frame_tree()->root()->current_frame_host()| might
// give an incorrect result after |this| has been detached from the frame
// tree.
RenderFrameHostImpl* main_frame = this;
while (main_frame->GetParent())
main_frame = main_frame->GetParent();
return main_frame;
}
bool RenderFrameHostImpl::CanAccessFilesOfPageState(const PageState& state) {
return ChildProcessSecurityPolicyImpl::GetInstance()->CanReadAllFiles(
GetProcess()->GetID(), state.GetReferencedFiles());
}
void RenderFrameHostImpl::GrantFileAccessFromPageState(const PageState& state) {
GrantFileAccess(GetProcess()->GetID(), state.GetReferencedFiles());
}
void RenderFrameHostImpl::GrantFileAccessFromResourceRequestBody(
const network::ResourceRequestBody& body) {
GrantFileAccess(GetProcess()->GetID(), body.GetReferencedFiles());
}
void RenderFrameHostImpl::UpdatePermissionsForNavigation(
const mojom::CommonNavigationParams& common_params,
const mojom::CommitNavigationParams& commit_params) {
// Browser plugin guests are not allowed to navigate outside web-safe schemes,
// so do not grant them the ability to commit additional URLs.
if (!GetProcess()->IsForGuestsOnly()) {
ChildProcessSecurityPolicyImpl::GetInstance()->GrantCommitURL(
GetProcess()->GetID(), common_params.url);
if (NavigationRequest::IsLoadDataWithBaseURL(common_params)) {
// When there's a base URL specified for the data URL, we also need to
// grant access to the base URL. This allows file: and other unexpected
// schemes to be accepted at commit time and during CORS checks (e.g., for
// font requests).
ChildProcessSecurityPolicyImpl::GetInstance()->GrantCommitURL(
GetProcess()->GetID(), common_params.base_url_for_data_url);
}
}
// We may be returning to an existing NavigationEntry that had been granted
// file access. If this is a different process, we will need to grant the
// access again. Abuse is prevented, because the files listed in the page
// state are validated earlier, when they are received from the renderer (in
// RenderFrameHostImpl::CanAccessFilesOfPageState).
if (commit_params.page_state.IsValid())
GrantFileAccessFromPageState(commit_params.page_state);
// We may be here after transferring navigation to a different renderer
// process. In this case, we need to ensure that the new renderer retains
// ability to access files that the old renderer could access. Abuse is
// prevented, because the files listed in ResourceRequestBody are validated
// earlier, when they are received from the renderer.
if (common_params.post_data)
GrantFileAccessFromResourceRequestBody(*common_params.post_data);
}
mojo::AssociatedRemote<mojom::NavigationClient>
RenderFrameHostImpl::GetNavigationClientFromInterfaceProvider() {
mojo::AssociatedRemote<mojom::NavigationClient> navigation_client_remote;
GetRemoteAssociatedInterfaces()->GetInterface(&navigation_client_remote);
return navigation_client_remote;
}
void RenderFrameHostImpl::NavigationRequestCancelled(
NavigationRequest* navigation_request) {
OnCrossDocumentCommitProcessed(navigation_request,
blink::mojom::CommitResult::Aborted);
}
url::Origin
RenderFrameHostImpl::GetExpectedMainWorldOriginForUrlLoaderFactory() {
// Find the most recent NavigationRequest that has triggered a Commit IPC to
// the renderer process. Once the renderer process handles the IPC, it may
// possibly change the origin from |last_committed_origin_| to another origin.
NavigationRequest* found_request = nullptr;
for (const auto& it : navigation_requests_) {
NavigationRequest* candidate = it.first;
DCHECK_EQ(candidate, it.second.get());
if (candidate->state() < NavigationRequest::READY_TO_COMMIT)
continue;
if (candidate->state() >= NavigationRequest::DID_COMMIT)
continue;
if (!found_request ||
found_request->NavigationStart() < candidate->NavigationStart()) {
found_request = candidate;
}
}
// If there are no pending navigation requests then the URLLoaderFactory sent
// now to the renderer process will end up being used by
// |last_committed_origin_|.
if (!found_request) {
DCHECK(has_committed_any_navigation_);
return last_committed_origin_;
}
// URLLoaderFactory sent now to the renderer process will end up being used by
// the origin associated the navigation that is getting committed in that
// renderer process.
return found_request->GetOriginForURLLoaderFactory();
}
network::mojom::URLLoaderFactoryParamsPtr
RenderFrameHostImpl::CreateURLLoaderFactoryParamsForMainWorld(
const url::Origin& main_world_origin,
network::mojom::ClientSecurityStatePtr client_security_state,
mojo::PendingRemote<network::mojom::CrossOriginEmbedderPolicyReporter>
coep_reporter,
network::mojom::TrustTokenRedemptionPolicy trust_token_redemption_policy,
base::StringPiece debug_tag) {
return URLLoaderFactoryParamsHelper::CreateForFrame(
this, main_world_origin, std::move(client_security_state),
std::move(coep_reporter), GetProcess(), trust_token_redemption_policy,
debug_tag);
}
bool RenderFrameHostImpl::CreateNetworkServiceDefaultFactoryAndObserve(
network::mojom::URLLoaderFactoryParamsPtr params,
mojo::PendingReceiver<network::mojom::URLLoaderFactory>
default_factory_receiver) {
bool bypass_redirect_checks = CreateNetworkServiceDefaultFactoryInternal(
std::move(params), std::move(default_factory_receiver));
// Add a disconnect handler when Network Service is running
// out-of-process.
if (IsOutOfProcessNetworkService() &&
(!network_service_disconnect_handler_holder_ ||
!network_service_disconnect_handler_holder_.is_connected())) {
network_service_disconnect_handler_holder_.reset();
StoragePartition* storage_partition = BrowserContext::GetStoragePartition(
GetSiteInstance()->GetBrowserContext(), GetSiteInstance());
network::mojom::URLLoaderFactoryParamsPtr monitoring_factory_params =
network::mojom::URLLoaderFactoryParams::New();
monitoring_factory_params->process_id = GetProcess()->GetID();
monitoring_factory_params->debug_tag = "RFHI - monitoring_factory_params";
// This factory should never be used to issue actual requests (i.e. it
// should only be used to monitor for Network Service crashes). Below is an
// attempt to enforce that the factory cannot be used in practice.
monitoring_factory_params->request_initiator_origin_lock =
url::Origin::Create(
GURL("https://monitoring.url.loader.factory.invalid"));
storage_partition->GetNetworkContext()->CreateURLLoaderFactory(
network_service_disconnect_handler_holder_.BindNewPipeAndPassReceiver(),
std::move(monitoring_factory_params));
network_service_disconnect_handler_holder_.set_disconnect_handler(
base::BindOnce(&RenderFrameHostImpl::UpdateSubresourceLoaderFactories,
weak_ptr_factory_.GetWeakPtr()));
}
return bypass_redirect_checks;
}
bool RenderFrameHostImpl::CreateNetworkServiceDefaultFactoryInternal(
network::mojom::URLLoaderFactoryParamsPtr params,
mojo::PendingReceiver<network::mojom::URLLoaderFactory>
default_factory_receiver) {
DCHECK(params->request_initiator_origin_lock.has_value());
const url::Origin& request_initiator =
params->request_initiator_origin_lock.value();
bool bypass_redirect_checks = false;
WillCreateURLLoaderFactory(request_initiator, &default_factory_receiver,
&params->header_client, &bypass_redirect_checks,
&params->disable_secure_dns,
&params->factory_override);
GetProcess()->CreateURLLoaderFactory(std::move(default_factory_receiver),
std::move(params));
return bypass_redirect_checks;
}
void RenderFrameHostImpl::WillCreateURLLoaderFactory(
const url::Origin& request_initiator,
mojo::PendingReceiver<network::mojom::URLLoaderFactory>* factory_receiver,
mojo::PendingRemote<network::mojom::TrustedURLLoaderHeaderClient>*
header_client,
bool* bypass_redirect_checks,
bool* disable_secure_dns,
network::mojom::URLLoaderFactoryOverridePtr* factory_override) {
GetContentClient()->browser()->WillCreateURLLoaderFactory(
GetBrowserContext(), this, GetProcess()->GetID(),
ContentBrowserClient::URLLoaderFactoryType::kDocumentSubResource,
request_initiator, base::nullopt /* navigation_id */, factory_receiver,
header_client, bypass_redirect_checks, disable_secure_dns,
factory_override);
// Keep DevTools proxy last, i.e. closest to the network.
devtools_instrumentation::WillCreateURLLoaderFactory(
this, false /* is_navigation */, false /* is_download */,
factory_receiver, factory_override);
}
bool RenderFrameHostImpl::CanExecuteJavaScript() {
if (g_allow_injecting_javascript)
return true;
return !frame_tree_node_->current_url().is_valid() ||
frame_tree_node_->current_url().SchemeIs(kChromeDevToolsScheme) ||
ChildProcessSecurityPolicyImpl::GetInstance()->HasWebUIBindings(
GetProcess()->GetID()) ||
// It's possible to load about:blank in a Web UI renderer.
// See http://crbug.com/42547
(frame_tree_node_->current_url().spec() == url::kAboutBlankURL) ||
// InterstitialPageImpl should be the only case matching this.
(delegate_->GetAsWebContents() == nullptr);
}
// static
int RenderFrameHost::GetFrameTreeNodeIdForRoutingId(int process_id,
int routing_id) {
auto frame_or_proxy = LookupRenderFrameHostOrProxy(process_id, routing_id);
if (frame_or_proxy)
return frame_or_proxy.GetFrameTreeNode()->frame_tree_node_id();
return kNoFrameTreeNodeId;
}
// static
RenderFrameHost* RenderFrameHost::FromPlaceholderToken(
int render_process_id,
const base::UnguessableToken& placeholder_frame_token) {
RenderFrameProxyHost* rfph = RenderFrameProxyHost::FromFrameToken(
render_process_id, placeholder_frame_token);
FrameTreeNode* node = rfph ? rfph->frame_tree_node() : nullptr;
return node ? node->current_frame_host() : nullptr;
}
ui::AXTreeID RenderFrameHostImpl::GetParentAXTreeID() {
if (browser_plugin_embedder_ax_tree_id_ != ui::AXTreeIDUnknown())
return browser_plugin_embedder_ax_tree_id_;
if (!frame_tree_node_->IsMainFrame())
return GetParent()->GetAXTreeID();
return ui::AXTreeIDUnknown();
}
ui::AXTreeID RenderFrameHostImpl::GetFocusedAXTreeID() {
// If this is not the root frame tree node, we're done.
if (!is_main_frame())
return ui::AXTreeIDUnknown();
auto* focused_frame = static_cast<RenderFrameHostImpl*>(
delegate_->GetFocusedFrameIncludingInnerWebContents());
if (focused_frame)
return focused_frame->GetAXTreeID();
return ui::AXTreeIDUnknown();
}
ui::AXTreeData RenderFrameHostImpl::GetAXTreeData() {
// Make sure to update the locally stored |ax_tree_data_| to include
// references to the relevant AXTreeIDs before returning its value.
ax_tree_data_.tree_id = GetAXTreeID();
ax_tree_data_.parent_tree_id = GetParentAXTreeID();
ax_tree_data_.focused_tree_id = GetFocusedAXTreeID();
return ax_tree_data_;
}
void RenderFrameHostImpl::AccessibilityHitTestCallback(
int request_id,
ax::mojom::Event event_to_fire,
base::OnceCallback<void(BrowserAccessibilityManager* hit_manager,
int hit_node_id)> opt_callback,
mojom::HitTestResponsePtr hit_test_response) {
if (!hit_test_response) {
if (opt_callback)
std::move(opt_callback).Run(nullptr, 0);
return;
}
auto frame_or_proxy = LookupRenderFrameHostOrProxy(
GetProcess()->GetID(), hit_test_response->hit_frame_token);
RenderFrameHostImpl* hit_frame =
frame_or_proxy.proxy
? frame_or_proxy.proxy->frame_tree_node()->current_frame_host()
: frame_or_proxy.frame;
if (!hit_frame || hit_frame->IsInactiveAndDisallowReactivation()) {
if (opt_callback)
std::move(opt_callback).Run(nullptr, 0);
return;
}
// If the hit node's routing ID is the same frame, we're done. If a
// callback was provided, call it with the information about the hit node.
if (hit_frame->GetFrameToken() == frame_token_) {
if (opt_callback) {
std::move(opt_callback)
.Run(hit_frame->browser_accessibility_manager(),
hit_test_response->hit_node_id);
}
return;
}
// The hit node has a child frame. Do a hit test in that frame's renderer.
hit_frame->AccessibilityHitTest(
hit_test_response->hit_frame_transformed_point, event_to_fire, request_id,
std::move(opt_callback));
}
void RenderFrameHostImpl::RequestAXTreeSnapshotCallback(
AXTreeSnapshotCallback callback,
const ui::AXTreeUpdate& snapshot) {
ui::AXTreeUpdate dst_snapshot;
dst_snapshot.root_id = snapshot.root_id;
dst_snapshot.nodes.resize(snapshot.nodes.size());
for (size_t i = 0; i < snapshot.nodes.size(); ++i)
dst_snapshot.nodes[i] = snapshot.nodes[i];
if (snapshot.has_tree_data) {
ax_tree_data_ = snapshot.tree_data;
dst_snapshot.tree_data = GetAXTreeData();
dst_snapshot.has_tree_data = true;
}
std::move(callback).Run(dst_snapshot);
}
void RenderFrameHostImpl::CreatePaymentManager(
mojo::PendingReceiver<payments::mojom::PaymentManager> receiver) {
if (!IsFeatureEnabled(blink::mojom::FeaturePolicyFeature::kPayment)) {
mojo::ReportBadMessage("Feature policy blocks Payment");
return;
}
GetProcess()->CreatePaymentManagerForOrigin(GetLastCommittedOrigin(),
std::move(receiver));
// Blocklist PaymentManager from the back-forward cache as at the moment we
// don't cancel pending payment requests when the RenderFrameHost is stored
// in back-forward cache.
OnSchedulerTrackedFeatureUsed(
blink::scheduler::WebSchedulerTrackedFeature::kPaymentManager);
}
void RenderFrameHostImpl::CreateWebBluetoothService(
mojo::PendingReceiver<blink::mojom::WebBluetoothService> receiver) {
BackForwardCache::DisableForRenderFrameHost(this, "WebBluetooth");
// RFHI owns |web_bluetooth_services_| and |web_bluetooth_service| owns the
// |receiver_| which may run the error handler. |receiver_| can't run the
// error handler after it's destroyed so it can't run after the RFHI is
// destroyed.
auto web_bluetooth_service =
std::make_unique<WebBluetoothServiceImpl>(this, std::move(receiver));
web_bluetooth_service->SetClientConnectionErrorHandler(
base::BindOnce(&RenderFrameHostImpl::DeleteWebBluetoothService,
base::Unretained(this), web_bluetooth_service.get()));
web_bluetooth_services_.push_back(std::move(web_bluetooth_service));
}
WebBluetoothServiceImpl*
RenderFrameHostImpl::GetWebBluetoothServiceForTesting() {
DCHECK(web_bluetooth_services_.back());
return web_bluetooth_services_.back().get();
}
void RenderFrameHostImpl::DeleteWebBluetoothService(
WebBluetoothServiceImpl* web_bluetooth_service) {
auto it = std::find_if(
web_bluetooth_services_.begin(), web_bluetooth_services_.end(),
[web_bluetooth_service](
const std::unique_ptr<WebBluetoothServiceImpl>& service) {
return web_bluetooth_service == service.get();
});
DCHECK(it != web_bluetooth_services_.end());
web_bluetooth_services_.erase(it);
}
void RenderFrameHostImpl::CreateWebUsbService(
mojo::PendingReceiver<blink::mojom::WebUsbService> receiver) {
BackForwardCache::DisableForRenderFrameHost(this, "WebUSB");
GetContentClient()->browser()->CreateWebUsbService(this, std::move(receiver));
}
void RenderFrameHostImpl::ResetFeaturePolicy() {
RenderFrameHostImpl* parent_frame_host = GetParent();
if (!parent_frame_host && !frame_tree_node_->current_replication_state()
.opener_feature_state.empty()) {
DCHECK(base::FeatureList::IsEnabled(features::kFeaturePolicyForSandbox));
feature_policy_ = blink::FeaturePolicy::CreateWithOpenerPolicy(
frame_tree_node_->current_replication_state().opener_feature_state,
last_committed_origin_);
return;
}
const blink::FeaturePolicy* parent_policy =
parent_frame_host ? parent_frame_host->feature_policy() : nullptr;
blink::ParsedFeaturePolicy container_policy =
frame_tree_node()->effective_frame_policy().container_policy;
feature_policy_ = blink::FeaturePolicy::CreateFromParentPolicy(
parent_policy, container_policy, last_committed_origin_);
}
void RenderFrameHostImpl::CreateAudioInputStreamFactory(
mojo::PendingReceiver<blink::mojom::RendererAudioInputStreamFactory>
receiver) {
BrowserMainLoop* browser_main_loop = BrowserMainLoop::GetInstance();
DCHECK(browser_main_loop);
MediaStreamManager* msm = browser_main_loop->media_stream_manager();
audio_service_audio_input_stream_factory_.emplace(std::move(receiver), msm,
this);
}
void RenderFrameHostImpl::CreateAudioOutputStreamFactory(
mojo::PendingReceiver<blink::mojom::RendererAudioOutputStreamFactory>
receiver) {
media::AudioSystem* audio_system =
BrowserMainLoop::GetInstance()->audio_system();
MediaStreamManager* media_stream_manager =
BrowserMainLoop::GetInstance()->media_stream_manager();
audio_service_audio_output_stream_factory_.emplace(
this, audio_system, media_stream_manager, std::move(receiver));
}
void RenderFrameHostImpl::GetFeatureObserver(
mojo::PendingReceiver<blink::mojom::FeatureObserver> receiver) {
if (!feature_observer_) {
// Lazy initialize because tests sets the overridden content client
// after the RFHI constructor.
auto* client = GetContentClient()->browser()->GetFeatureObserverClient();
if (!client)
return;
feature_observer_ = std::make_unique<FeatureObserver>(
client, GlobalFrameRoutingId(GetProcess()->GetID(), routing_id_));
}
feature_observer_->GetFeatureObserver(std::move(receiver));
}
void RenderFrameHostImpl::BindScreenEnumerationReceiver(
mojo::PendingReceiver<blink::mojom::ScreenEnumeration> receiver) {
if (!screen_enumeration_impl_)
screen_enumeration_impl_ = std::make_unique<ScreenEnumerationImpl>(this);
screen_enumeration_impl_->Bind(std::move(receiver));
}
void RenderFrameHostImpl::BindMediaInterfaceFactoryReceiver(
mojo::PendingReceiver<media::mojom::InterfaceFactory> receiver) {
if (!media_interface_proxy_) {
media_interface_proxy_ = std::make_unique<MediaInterfaceProxy>(this);
}
media_interface_proxy_->Bind(std::move(receiver));
}
void RenderFrameHostImpl::BindMediaMetricsProviderReceiver(
mojo::PendingReceiver<media::mojom::MediaMetricsProvider> receiver) {
// Only save decode stats when BrowserContext provides a VideoPerfHistory.
// Off-the-record contexts will internally use an ephemeral history DB.
media::VideoDecodePerfHistory::SaveCallback save_stats_cb;
if (GetSiteInstance()->GetBrowserContext()->GetVideoDecodePerfHistory()) {
save_stats_cb = GetSiteInstance()
->GetBrowserContext()
->GetVideoDecodePerfHistory()
->GetSaveCallback();
}
media::MediaMetricsProvider::Create(
GetProcess()->GetBrowserContext()->IsOffTheRecord()
? media::MediaMetricsProvider::BrowsingMode::kIncognito
: media::MediaMetricsProvider::BrowsingMode::kNormal,
frame_tree_node_->IsMainFrame()
? media::MediaMetricsProvider::FrameStatus::kTopFrame
: media::MediaMetricsProvider::FrameStatus::kNotTopFrame,
base::BindRepeating(
&RenderFrameHostDelegate::
GetUkmSourceIdForLastCommittedSourceIncludingSameDocument,
// This callback is only executed when Create() is called, during
// which the lifetime of the |delegate_| is guaranteed.
base::Unretained(delegate_)),
base::BindRepeating(
[](RenderFrameHostImpl* frame) {
return ::media::learning::FeatureValue(
frame->GetLastCommittedOrigin().host());
},
// Same as above.
base::Unretained(this)),
std::move(save_stats_cb),
base::BindRepeating(
[](base::WeakPtr<RenderFrameHostImpl> frame)
-> media::learning::LearningSession* {
if (!base::FeatureList::IsEnabled(media::kMediaLearningFramework) ||
!frame) {
return nullptr;
}
return frame->GetProcess()
->GetBrowserContext()
->GetLearningSession();
},
weak_ptr_factory_.GetWeakPtr()),
base::BindRepeating(
&RenderFrameHostImpl::GetRecordAggregateWatchTimeCallback,
base::Unretained(this)),
std::move(receiver));
}
#if BUILDFLAG(ENABLE_MEDIA_REMOTING)
void RenderFrameHostImpl::BindMediaRemoterFactoryReceiver(
mojo::PendingReceiver<media::mojom::RemoterFactory> receiver) {
mojo::MakeSelfOwnedReceiver(
std::make_unique<RemoterFactoryImpl>(GetProcess()->GetID(), routing_id_),
std::move(receiver));
}
#endif
void RenderFrameHostImpl::CreateWebSocketConnector(
mojo::PendingReceiver<blink::mojom::WebSocketConnector> receiver) {
mojo::MakeSelfOwnedReceiver(std::make_unique<WebSocketConnectorImpl>(
GetProcess()->GetID(), routing_id_,
last_committed_origin_, isolation_info_),
std::move(receiver));
}
void RenderFrameHostImpl::CreateQuicTransportConnector(
mojo::PendingReceiver<blink::mojom::QuicTransportConnector> receiver) {
mojo::MakeSelfOwnedReceiver(
std::make_unique<QuicTransportConnectorImpl>(
GetProcess()->GetID(), weak_ptr_factory_.GetWeakPtr(),
last_committed_origin_, isolation_info_.network_isolation_key()),
std::move(receiver));
}
void RenderFrameHostImpl::CreateNotificationService(
mojo::PendingReceiver<blink::mojom::NotificationService> receiver) {
GetProcess()->CreateNotificationService(GetLastCommittedOrigin(),
std::move(receiver));
}
void RenderFrameHostImpl::CreateInstalledAppProvider(
mojo::PendingReceiver<blink::mojom::InstalledAppProvider> receiver) {
InstalledAppProviderImpl::Create(this, std::move(receiver));
}
void RenderFrameHostImpl::CreateDedicatedWorkerHostFactory(
mojo::PendingReceiver<blink::mojom::DedicatedWorkerHostFactory> receiver) {
// Allocate the worker in the same process as the creator.
int worker_process_id = GetProcess()->GetID();
mojo::PendingRemote<network::mojom::CrossOriginEmbedderPolicyReporter>
coep_reporter;
auto coep_reporter_endpoint = coep_reporter.InitWithNewPipeAndPassReceiver();
if (coep_reporter_)
coep_reporter_->Clone(std::move(coep_reporter_endpoint));
// When a dedicated worker is created from the frame script, the frame is both
// the creator and the ancestor.
mojo::MakeSelfOwnedReceiver(
std::make_unique<DedicatedWorkerHostFactoryImpl>(
worker_process_id,
/*creator_render_frame_host_id=*/GetGlobalFrameRoutingId(),
/*ancestor_render_frame_host_id=*/GetGlobalFrameRoutingId(),
last_committed_origin_, cross_origin_embedder_policy_,
std::move(coep_reporter)),
std::move(receiver));
}
#if defined(OS_ANDROID)
void RenderFrameHostImpl::BindNFCReceiver(
mojo::PendingReceiver<device::mojom::NFC> receiver) {
delegate_->GetNFC(this, std::move(receiver));
}
#endif
#if !defined(OS_ANDROID)
void RenderFrameHostImpl::BindSerialService(
mojo::PendingReceiver<blink::mojom::SerialService> receiver) {
if (!IsFeatureEnabled(blink::mojom::FeaturePolicyFeature::kSerial)) {
mojo::ReportBadMessage("Feature policy blocks access to Serial.");
return;
}
SerialService::GetOrCreateForCurrentDocument(this)->Bind(std::move(receiver));
}
void RenderFrameHostImpl::BindAuthenticatorReceiver(
mojo::PendingReceiver<blink::mojom::Authenticator> receiver) {
if (!authenticator_impl_)
authenticator_impl_ = std::make_unique<AuthenticatorImpl>(this);
authenticator_impl_->Bind(std::move(receiver));
}
void RenderFrameHostImpl::GetHidService(
mojo::PendingReceiver<blink::mojom::HidService> receiver) {
HidService::Create(this, std::move(receiver));
}
#endif
IdleManager* RenderFrameHostImpl::GetIdleManager() {
return idle_manager_.get();
}
void RenderFrameHostImpl::BindIdleManager(
mojo::PendingReceiver<blink::mojom::IdleManager> receiver) {
if (!IsFeatureEnabled(blink::mojom::FeaturePolicyFeature::kIdleDetection)) {
mojo::ReportBadMessage("Feature policy blocks access to IdleDetection.");
return;
}
idle_manager_->CreateService(std::move(receiver),
GetMainFrame()->GetLastCommittedOrigin());
OnSchedulerTrackedFeatureUsed(
blink::scheduler::WebSchedulerTrackedFeature::kIdleManager);
}
void RenderFrameHostImpl::GetPresentationService(
mojo::PendingReceiver<blink::mojom::PresentationService> receiver) {
if (!presentation_service_)
presentation_service_ = PresentationServiceImpl::Create(this);
presentation_service_->Bind(std::move(receiver));
}
PresentationServiceImpl&
RenderFrameHostImpl::GetPresentationServiceForTesting() {
DCHECK(presentation_service_);
return *presentation_service_.get();
}
void RenderFrameHostImpl::GetSpeechSynthesis(
mojo::PendingReceiver<blink::mojom::SpeechSynthesis> receiver) {
if (!speech_synthesis_impl_) {
speech_synthesis_impl_ = std::make_unique<SpeechSynthesisImpl>(
GetProcess()->GetBrowserContext(), delegate_->GetAsWebContents());
}
speech_synthesis_impl_->AddReceiver(std::move(receiver));
// Blocklist SpeechSynthesis for BackForwardCache, because currently we do not
// handle speech synthesis after placing the page in BackForwardCache.
// TODO(sreejakshetty): Make SpeechSynthesis compatible with BackForwardCache.
OnSchedulerTrackedFeatureUsed(
blink::scheduler::WebSchedulerTrackedFeature::kSpeechSynthesis);
}
void RenderFrameHostImpl::GetSensorProvider(
mojo::PendingReceiver<device::mojom::SensorProvider> receiver) {
if (!sensor_provider_proxy_) {
sensor_provider_proxy_ = std::make_unique<SensorProviderProxyImpl>(
PermissionControllerImpl::FromBrowserContext(
GetProcess()->GetBrowserContext()),
this);
}
sensor_provider_proxy_->Bind(std::move(receiver));
}
void RenderFrameHostImpl::BindCacheStorage(
mojo::PendingReceiver<blink::mojom::CacheStorage> receiver) {
mojo::PendingRemote<network::mojom::CrossOriginEmbedderPolicyReporter>
coep_reporter_remote;
if (coep_reporter_) {
coep_reporter_->Clone(
coep_reporter_remote.InitWithNewPipeAndPassReceiver());
}
GetProcess()->BindCacheStorage(cross_origin_embedder_policy_,
std::move(coep_reporter_remote),
GetLastCommittedOrigin(), std::move(receiver));
}
void RenderFrameHostImpl::BindInputInjectorReceiver(
mojo::PendingReceiver<mojom::InputInjector> receiver) {
InputInjectorImpl::Create(weak_ptr_factory_.GetWeakPtr(),
std::move(receiver));
}
void RenderFrameHostImpl::BindSmsReceiverReceiver(
mojo::PendingReceiver<blink::mojom::SmsReceiver> receiver) {
if (GetParent() && !GetMainFrame()->GetLastCommittedOrigin().IsSameOriginWith(
GetLastCommittedOrigin())) {
mojo::ReportBadMessage("Must have the same origin as the top-level frame.");
return;
}
auto* fetcher = SmsFetcher::Get(GetProcess()->GetBrowserContext());
SmsService::Create(fetcher, this, std::move(receiver));
document_used_web_otp_ = true;
}
void RenderFrameHostImpl::BindRestrictedCookieManager(
mojo::PendingReceiver<network::mojom::RestrictedCookieManager> receiver) {
static_cast<StoragePartitionImpl*>(GetProcess()->GetStoragePartition())
->CreateRestrictedCookieManager(
network::mojom::RestrictedCookieManagerRole::SCRIPT,
GetLastCommittedOrigin(), isolation_info_.site_for_cookies(),
ComputeTopFrameOrigin(GetLastCommittedOrigin()),
/* is_service_worker = */ false, GetProcess()->GetID(), routing_id(),
std::move(receiver), CreateCookieAccessObserver());
}
void RenderFrameHostImpl::BindHasTrustTokensAnswerer(
mojo::PendingReceiver<network::mojom::HasTrustTokensAnswerer> receiver) {
auto top_frame_origin = ComputeTopFrameOrigin(GetLastCommittedOrigin());
// A check at the callsite in the renderer ensures a correctly functioning
// renderer will only request this Mojo handle if the top-frame origin is
// potentially trustworthy and has scheme HTTP or HTTPS.
if ((top_frame_origin.scheme() != url::kHttpScheme &&
top_frame_origin.scheme() != url::kHttpsScheme) ||
!network::IsOriginPotentiallyTrustworthy(top_frame_origin)) {
mojo::ReportBadMessage(
"Attempted to get a HasTrustTokensAnswerer for a non-trustworthy or "
"non-HTTP/HTTPS top-frame origin.");
return;
}
// This is enforced in benign renderers by the [SecureContext] IDL
// attribute on Document::hasTrustToken.
if (!network::IsOriginPotentiallyTrustworthy(GetLastCommittedOrigin())) {
mojo::ReportBadMessage(
"Attempted to get a HasTrustTokensAnswerer from an insecure context.");
return;
}
// This is enforced in benign renderers by the RuntimeEnabled=TrustTokens IDL
// attribute (the base::Feature's value is tied to the
// RuntimeEnabledFeature's).
if (!base::FeatureList::IsEnabled(network::features::kTrustTokens)) {
mojo::ReportBadMessage(
"Attempted to get a HasTrustTokensAnswerer with Trust Tokens "
"disabled.");
return;
}
GetProcess()->GetStoragePartition()->CreateHasTrustTokensAnswerer(
std::move(receiver), ComputeTopFrameOrigin(GetLastCommittedOrigin()));
}
void RenderFrameHostImpl::GetInterface(
const std::string& interface_name,
mojo::ScopedMessagePipeHandle interface_pipe) {
// Requests are serviced on |document_scoped_interface_provider_receiver_|. It
// is therefore safe to assume that every incoming interface request is coming
// from the currently active document in the corresponding RenderFrame.
// NOTE: this way of acquiring interfaces has been replaced with
// BrowserInterfaceBroker (see https://crbug.com/718652). The code below is
// left to support the CastWebContentsImpl use case.
delegate_->OnInterfaceRequest(this, interface_name, &interface_pipe);
}
void RenderFrameHostImpl::CreateAppCacheBackend(
mojo::PendingReceiver<blink::mojom::AppCacheBackend> receiver) {
DCHECK_CURRENTLY_ON(BrowserThread::UI);
DCHECK(StoragePartition::IsAppCacheEnabled());
static auto* crash_key = base::debug::AllocateCrashKeyString(
"CreateAppCacheBackend-data", base::debug::CrashKeySize::Size64);
std::string data = base::StringPrintf(
"f=%d br=%d irfl=%d iiand=%d fid=%d", frame_.is_bound(),
broker_receiver_.is_bound(), IsRenderFrameLive(),
GetProcess()->IsInitializedAndNotDead(),
RenderProcessHost::FromID(GetProcess()->GetID()) != nullptr);
base::debug::ScopedCrashKeyString scoped_crash_key(crash_key, data);
auto* storage_partition_impl =
static_cast<StoragePartitionImpl*>(GetProcess()->GetStoragePartition());
auto* appcache_service = storage_partition_impl->GetAppCacheService();
// CreateAppCacheBackend should only be called if AppCache is enabled
// (which implies the service exists).
DCHECK(appcache_service);
appcache_service->CreateBackend(GetProcess()->GetID(), routing_id_,
std::move(receiver));
}
void RenderFrameHostImpl::GetAudioContextManager(
mojo::PendingReceiver<blink::mojom::AudioContextManager> receiver) {
AudioContextManagerImpl::Create(this, std::move(receiver));
}
void RenderFrameHostImpl::GetContactsManager(
mojo::PendingReceiver<blink::mojom::ContactsManager> receiver) {
ContactsManagerImpl::Create(this, std::move(receiver));
}
void RenderFrameHostImpl::GetFileSystemManager(
mojo::PendingReceiver<blink::mojom::FileSystemManager> receiver) {
// This is safe because file_system_manager_ is deleted on the IO thread
GetIOThreadTaskRunner({})->PostTask(
FROM_HERE, base::BindOnce(&FileSystemManagerImpl::BindReceiver,
base::Unretained(file_system_manager_.get()),
std::move(receiver)));
}
void RenderFrameHostImpl::GetGeolocationService(
mojo::PendingReceiver<blink::mojom::GeolocationService> receiver) {
if (!geolocation_service_) {
auto* geolocation_context = delegate_->GetGeolocationContext();
if (!geolocation_context)
return;
geolocation_service_ =
std::make_unique<GeolocationServiceImpl>(geolocation_context, this);
}
geolocation_service_->Bind(std::move(receiver));
}
void RenderFrameHostImpl::GetFontAccessManager(
mojo::PendingReceiver<blink::mojom::FontAccessManager> receiver) {
static_cast<StoragePartitionImpl*>(GetProcess()->GetStoragePartition())
->GetFontAccessManager()
->BindReceiver(FontAccessManagerImpl::BindingContext(
GetLastCommittedOrigin(), GetGlobalFrameRoutingId()),
std::move(receiver));
}
void RenderFrameHostImpl::GetNativeFileSystemManager(
mojo::PendingReceiver<blink::mojom::NativeFileSystemManager> receiver) {
DCHECK_CURRENTLY_ON(BrowserThread::UI);
auto* storage_partition =
static_cast<StoragePartitionImpl*>(GetProcess()->GetStoragePartition());
auto* manager = storage_partition->GetNativeFileSystemManager();
manager->BindReceiver(NativeFileSystemManagerImpl::BindingContext(
GetLastCommittedOrigin(), GetLastCommittedURL(),
GetGlobalFrameRoutingId()),
std::move(receiver));
}
void RenderFrameHostImpl::CreateLockManager(
mojo::PendingReceiver<blink::mojom::LockManager> receiver) {
GetProcess()->CreateLockManager(GetRoutingID(), GetLastCommittedOrigin(),
std::move(receiver));
}
void RenderFrameHostImpl::CreateIDBFactory(
mojo::PendingReceiver<blink::mojom::IDBFactory> receiver) {
GetProcess()->BindIndexedDB(GetLastCommittedOrigin(), std::move(receiver));
}
void RenderFrameHostImpl::CreatePermissionService(
mojo::PendingReceiver<blink::mojom::PermissionService> receiver) {
if (!permission_service_context_)
permission_service_context_ =
std::make_unique<PermissionServiceContext>(this);
permission_service_context_->CreateService(std::move(receiver));
}
void RenderFrameHostImpl::GetAuthenticator(
mojo::PendingReceiver<blink::mojom::Authenticator> receiver) {
#if !defined(OS_ANDROID)
if (base::FeatureList::IsEnabled(features::kWebAuth)) {
BindAuthenticatorReceiver(std::move(receiver));
}
#else
GetJavaInterfaces()->GetInterface(std::move(receiver));
#endif // !defined(OS_ANDROID)
}
void RenderFrameHostImpl::GetPushMessaging(
mojo::PendingReceiver<blink::mojom::PushMessaging> receiver) {
if (!push_messaging_manager_) {
push_messaging_manager_.reset(new PushMessagingManager(
GetProcess()->GetID(), routing_id_,
static_cast<StoragePartitionImpl*>(GetProcess()->GetStoragePartition())
->GetServiceWorkerContext()));
}
RunOrPostTaskOnThread(
FROM_HERE, ServiceWorkerContext::GetCoreThreadId(),
base::BindOnce(&PushMessagingManager::AddPushMessagingReceiver,
push_messaging_manager_->AsWeakPtr(),
std::move(receiver)));
}
void RenderFrameHostImpl::GetVirtualAuthenticatorManager(
mojo::PendingReceiver<blink::test::mojom::VirtualAuthenticatorManager>
receiver) {
#if !defined(OS_ANDROID)
if (base::FeatureList::IsEnabled(features::kWebAuth) &&
base::CommandLine::ForCurrentProcess()->HasSwitch(
switches::kEnableWebAuthDeprecatedMojoTestingApi)) {
auto* environment_singleton = AuthenticatorEnvironmentImpl::GetInstance();
environment_singleton->EnableVirtualAuthenticatorFor(frame_tree_node_);
environment_singleton->AddVirtualAuthenticatorReceiver(frame_tree_node_,
std::move(receiver));
}
#endif // !defined(OS_ANDROID)
}
std::unique_ptr<NavigationRequest>
RenderFrameHostImpl::CreateNavigationRequestForCommit(
const FrameHostMsg_DidCommitProvisionalLoad_Params& params,
bool is_same_document) {
std::unique_ptr<CrossOriginEmbedderPolicyReporter> coep_reporter;
// We don't switch the COEP reporter on same-document navigations, so create
// one only for cross-document navigations.
if (!is_same_document) {
coep_reporter = std::make_unique<CrossOriginEmbedderPolicyReporter>(
GetProcess()->GetStoragePartition(), params.url,
cross_origin_embedder_policy_.reporting_endpoint,
cross_origin_embedder_policy_.report_only_reporting_endpoint);
}
std::unique_ptr<WebBundleNavigationInfo> web_bundle_navigation_info;
if (is_same_document && web_bundle_handle_ &&
web_bundle_handle_->navigation_info()) {
// Need to set |web_bundle_navigation_info| of NavigationRequest. This
// will be passed to FrameNavigationEntry, and will be used for subsequent
// history navigations.
web_bundle_navigation_info = web_bundle_handle_->navigation_info()->Clone();
}
return NavigationRequest::CreateForCommit(
frame_tree_node_, this, params, std::move(coep_reporter),
is_same_document, std::move(web_bundle_navigation_info));
}
bool RenderFrameHostImpl::NavigationRequestWasIntendedForPendingEntry(
NavigationRequest* request,
const FrameHostMsg_DidCommitProvisionalLoad_Params& params,
bool same_document) {
NavigationEntryImpl* pending_entry = NavigationEntryImpl::FromNavigationEntry(
frame_tree()->controller()->GetPendingEntry());
if (!pending_entry)
return false;
if (request->nav_entry_id() != pending_entry->GetUniqueID())
return false;
if (!same_document) {
// Make sure that the pending entry was really loaded via
// LoadDataWithBaseURL and that it matches this handle.
// TODO(csharrison): The pending entry's base url should equal
// |params.base_url|. This is not the case for loads with invalid base urls.
if (request->common_params().url != params.base_url ||
pending_entry->GetBaseURLForDataURL().is_empty()) {
return false;
}
}
return true;
}
void RenderFrameHostImpl::BeforeUnloadTimeout() {
if (render_view_host_->GetDelegate()->ShouldIgnoreUnresponsiveRenderer())
return;
SimulateBeforeUnloadCompleted(true /* proceed */);
}
void RenderFrameHostImpl::SetLastCommittedSiteInfo(const GURL& url) {
SiteInfo site_info = url.is_empty()
? SiteInfo()
: SiteInstanceImpl::ComputeSiteInfo(
GetSiteInstance()->GetIsolationContext(), url);
if (last_committed_site_info_ == site_info)
return;
if (!last_committed_site_info_.site_url().is_empty()) {
RenderProcessHostImpl::RemoveFrameWithSite(
frame_tree()->controller()->GetBrowserContext(), GetProcess(),
last_committed_site_info_);
}
last_committed_site_info_ = site_info;
if (!last_committed_site_info_.site_url().is_empty()) {
RenderProcessHostImpl::AddFrameWithSite(
frame_tree()->controller()->GetBrowserContext(), GetProcess(),
last_committed_site_info_);
}
}
#if defined(OS_ANDROID)
class RenderFrameHostImpl::JavaInterfaceProvider
: public service_manager::mojom::InterfaceProvider {
public:
using BindCallback =
base::RepeatingCallback<void(const std::string&,
mojo::ScopedMessagePipeHandle)>;
JavaInterfaceProvider(
const BindCallback& bind_callback,
mojo::PendingReceiver<service_manager::mojom::InterfaceProvider> receiver)
: bind_callback_(bind_callback), receiver_(this, std::move(receiver)) {}
~JavaInterfaceProvider() override = default;
private:
// service_manager::mojom::InterfaceProvider:
void GetInterface(const std::string& interface_name,
mojo::ScopedMessagePipeHandle handle) override {
bind_callback_.Run(interface_name, std::move(handle));
}
const BindCallback bind_callback_;
mojo::Receiver<service_manager::mojom::InterfaceProvider> receiver_;
DISALLOW_COPY_AND_ASSIGN(JavaInterfaceProvider);
};
base::android::ScopedJavaLocalRef<jobject>
RenderFrameHostImpl::GetJavaRenderFrameHost() {
RenderFrameHostAndroid* render_frame_host_android =
static_cast<RenderFrameHostAndroid*>(
GetUserData(kRenderFrameHostAndroidKey));
if (!render_frame_host_android) {
mojo::PendingRemote<service_manager::mojom::InterfaceProvider>
interface_provider_remote;
java_interface_registry_ = std::make_unique<JavaInterfaceProvider>(
base::BindRepeating(
&RenderFrameHostImpl::ForwardGetInterfaceToRenderFrame,
weak_ptr_factory_.GetWeakPtr()),
interface_provider_remote.InitWithNewPipeAndPassReceiver());
render_frame_host_android =
new RenderFrameHostAndroid(this, std::move(interface_provider_remote));
SetUserData(kRenderFrameHostAndroidKey,
base::WrapUnique(render_frame_host_android));
}
return render_frame_host_android->GetJavaObject();
}
service_manager::InterfaceProvider* RenderFrameHostImpl::GetJavaInterfaces() {
if (!java_interfaces_) {
mojo::PendingRemote<service_manager::mojom::InterfaceProvider> provider;
BindInterfaceRegistryForRenderFrameHost(
provider.InitWithNewPipeAndPassReceiver(), this);
java_interfaces_.reset(new service_manager::InterfaceProvider);
java_interfaces_->Bind(std::move(provider));
}
return java_interfaces_.get();
}
void RenderFrameHostImpl::ForwardGetInterfaceToRenderFrame(
const std::string& interface_name,
mojo::ScopedMessagePipeHandle pipe) {
GetRemoteInterfaces()->GetInterfaceByName(interface_name, std::move(pipe));
}
#endif
void RenderFrameHostImpl::ForEachImmediateLocalRoot(
const base::RepeatingCallback<void(RenderFrameHostImpl*)>& callback) {
if (!frame_tree_node_->child_count())
return;
base::queue<FrameTreeNode*> queue;
for (size_t index = 0; index < frame_tree_node_->child_count(); ++index)
queue.push(frame_tree_node_->child_at(index));
while (queue.size()) {
FrameTreeNode* current = queue.front();
queue.pop();
if (current->current_frame_host()->is_local_root()) {
callback.Run(current->current_frame_host());
} else {
for (size_t index = 0; index < current->child_count(); ++index)
queue.push(current->child_at(index));
}
}
}
void RenderFrameHostImpl::SetVisibilityForChildViews(bool visible) {
ForEachImmediateLocalRoot(base::BindRepeating(
[](bool is_visible, RenderFrameHostImpl* frame_host) {
if (auto* view = frame_host->GetView())
return is_visible ? view->Show() : view->Hide();
},
visible));
}
mojom::FrameNavigationControl* RenderFrameHostImpl::GetNavigationControl() {
if (!navigation_control_)
GetRemoteAssociatedInterfaces()->GetInterface(&navigation_control_);
return navigation_control_.get();
}
bool RenderFrameHostImpl::ShouldBypassSecurityChecksForErrorPage(
NavigationRequest* navigation_request,
bool* should_commit_unreachable_url) {
if (should_commit_unreachable_url)
*should_commit_unreachable_url = false;
if (SiteIsolationPolicy::IsErrorPageIsolationEnabled(is_main_frame())) {
if (GetSiteInstance()->GetSiteInfo() == SiteInfo::CreateForErrorPage()) {
if (should_commit_unreachable_url)
*should_commit_unreachable_url = true;
// With error page isolation, any URL can commit in an error page process.
return true;
}
} else {
// Without error page isolation, a blocked navigation is expected to
// commit in the old renderer process. This may be true for subframe
// navigations even when error page isolation is enabled for main frames.
if (navigation_request &&
net::IsRequestBlockedError(navigation_request->GetNetErrorCode())) {
return true;
}
}
return false;
}
void RenderFrameHostImpl::SetAudioOutputDeviceIdForGlobalMediaControls(
std::string hashed_device_id) {
audio_service_audio_output_stream_factory_
->SetAuthorizedDeviceIdForGlobalMediaControls(
std::move(hashed_device_id));
}
std::unique_ptr<mojo::MessageFilter>
RenderFrameHostImpl::CreateMessageFilterForAssociatedReceiver(
const char* interface_name) {
return CreateMessageFilterForAssociatedReceiverImpl(
this, interface_name,
BackForwardCacheImpl::GetChannelAssociatedMessageHandlingPolicy());
}
bool RenderFrameHostImpl::IsNavigationSameSite(const GURL& dest_url) {
return GetSiteInstance()->IsNavigationSameSite(
last_successful_url(), GetLastCommittedOrigin(),
frame_tree_node()->IsMainFrame(), dest_url);
}
bool RenderFrameHostImpl::ValidateDidCommitParams(
NavigationRequest* navigation_request,
FrameHostMsg_DidCommitProvisionalLoad_Params* params,
bool is_same_document_navigation) {
RenderProcessHost* process = GetProcess();
// Error pages may sometimes commit a URL in the wrong process, which requires
// an exception for the CanCommitOriginAndUrl() checks. This is ok as long
// as the origin is opaque.
bool should_commit_unreachable_url = false;
bool bypass_checks_for_error_page = ShouldBypassSecurityChecksForErrorPage(
navigation_request, &should_commit_unreachable_url);
// Commits in the error page process must only be failures, otherwise
// successful navigations could commit documents from origins different
// than the chrome-error://chromewebdata/ one and violate expectations.
if (should_commit_unreachable_url && !params->url_is_unreachable) {
DEBUG_ALIAS_FOR_ORIGIN(origin_debug_alias, params->origin);
bad_message::ReceivedBadMessage(
process, bad_message::RFH_ERROR_PROCESS_NON_ERROR_COMMIT);
return false;
}
// Error pages must commit in a opaque origin. Terminate the renderer
// process if this is violated.
if (bypass_checks_for_error_page && !params->origin.opaque()) {
DEBUG_ALIAS_FOR_ORIGIN(origin_debug_alias, params->origin);
bad_message::ReceivedBadMessage(
process, bad_message::RFH_ERROR_PROCESS_NON_UNIQUE_ORIGIN_COMMIT);
return false;
}
// file: URLs can be allowed to access any other origin, based on settings.
bool bypass_checks_for_file_scheme = false;
if (params->origin.scheme() == url::kFileScheme) {
auto prefs = GetOrCreateWebPreferences();
if (prefs.allow_universal_access_from_file_urls)
bypass_checks_for_file_scheme = true;
}
// WebView's loadDataWithBaseURL API is allowed to bypass normal commit
// checks because it is allowed to commit anything into its unlocked process
// and its data: URL and non-opaque origin would fail the normal commit
// checks.
bool bypass_checks_for_webview = false;
if ((navigation_request && NavigationRequest::IsLoadDataWithBaseURL(
navigation_request->common_params())) ||
(is_same_document_navigation && IsLoadDataWithBaseURL(*params))) {
// Allow bypass if the process isn't locked. Otherwise run normal checks.
bypass_checks_for_webview = ChildProcessSecurityPolicyImpl::GetInstance()
->GetProcessLock(process->GetID())
.is_empty();
}
if (!bypass_checks_for_error_page && !bypass_checks_for_file_scheme &&
!bypass_checks_for_webview) {
// Attempts to commit certain off-limits URL should be caught more strictly
// than our FilterURL checks. If a renderer violates this policy, it
// should be killed.
switch (CanCommitOriginAndUrl(params->origin, params->url)) {
case CanCommitStatus::CAN_COMMIT_ORIGIN_AND_URL:
// The origin and URL are safe to commit.
break;
case CanCommitStatus::CANNOT_COMMIT_URL:
DLOG(ERROR) << "CANNOT_COMMIT_URL url '" << params->url << "'"
<< " origin '" << params->origin << "'"
<< " lock '"
<< ChildProcessSecurityPolicyImpl::GetInstance()
->GetProcessLock(process->GetID())
.ToString()
<< "'";
VLOG(1) << "Blocked URL " << params->url.spec();
LogCannotCommitUrlCrashKeys(params->url, is_same_document_navigation,
navigation_request);
// Kills the process.
bad_message::ReceivedBadMessage(
process, bad_message::RFH_CAN_COMMIT_URL_BLOCKED);
return false;
case CanCommitStatus::CANNOT_COMMIT_ORIGIN:
DLOG(ERROR) << "CANNOT_COMMIT_ORIGIN url '" << params->url << "'"
<< " origin '" << params->origin << "'"
<< " lock '"
<< ChildProcessSecurityPolicyImpl::GetInstance()
->GetProcessLock(process->GetID())
.ToString()
<< "'";
DEBUG_ALIAS_FOR_ORIGIN(origin_debug_alias, params->origin);
LogCannotCommitOriginCrashKeys(is_same_document_navigation,
navigation_request);
// Kills the process.
bad_message::ReceivedBadMessage(
process, bad_message::RFH_INVALID_ORIGIN_ON_COMMIT);
return false;
}
}
// Without this check, an evil renderer can trick the browser into creating
// a navigation entry for a banned URL. If the user clicks the back button
// followed by the forward button (or clicks reload, or round-trips through
// session restore, etc), we'll think that the browser commanded the
// renderer to load the URL and grant the renderer the privileges to request
// the URL. To prevent this attack, we block the renderer from inserting
// banned URLs into the navigation controller in the first place.
process->FilterURL(false, &params->url);
process->FilterURL(true, &params->referrer.url);
for (auto& redirect : params->redirects) {
process->FilterURL(false, &redirect);
}
// Without this check, the renderer can trick the browser into using
// filenames it can't access in a future session restore.
if (!CanAccessFilesOfPageState(params->page_state)) {
bad_message::ReceivedBadMessage(
process, bad_message::RFH_CAN_ACCESS_FILES_OF_PAGE_STATE);
return false;
}
// A cross-document navigation requires an embedding token. Navigations
// served from the back-forward cache do not require new embedding tokens as
// the token is already set.
bool is_served_from_bfcache =
navigation_request && navigation_request->IsServedFromBackForwardCache();
if (!is_served_from_bfcache) {
if (!is_same_document_navigation && !params->embedding_token.has_value()) {
bad_message::ReceivedBadMessage(process,
bad_message::RFH_MISSING_EMBEDDING_TOKEN);
return false;
} else if (is_same_document_navigation &&
params->embedding_token.has_value()) {
bad_message::ReceivedBadMessage(
process, bad_message::RFH_UNEXPECTED_EMBEDDING_TOKEN);
return false;
}
}
return true;
}
void RenderFrameHostImpl::UpdateSiteURL(const GURL& url,
bool url_is_unreachable) {
if (url_is_unreachable) {
SetLastCommittedSiteInfo(GURL());
} else {
SetLastCommittedSiteInfo(url);
}
}
bool RenderFrameHostImpl::DidCommitNavigationInternal(
std::unique_ptr<NavigationRequest> navigation_request,
std::unique_ptr<FrameHostMsg_DidCommitProvisionalLoad_Params> params,
bool is_same_document_navigation) {
// Sanity-check the page transition for frame type.
DCHECK_EQ(ui::PageTransitionIsMainFrame(params->transition), !GetParent());
// Check that the committing navigation token matches the navigation request.
if (navigation_request &&
navigation_request->commit_params().navigation_token !=
params->navigation_token) {
navigation_request.reset();
}
if (!navigation_request) {
// A matching NavigationRequest should have been found, unless in a few very
// specific cases. Check if this is one of those cases.
bool is_commit_allowed_to_proceed = false;
// 1) This was a renderer-initiated navigation to an empty document. Most
// of the time: about:blank.
is_commit_allowed_to_proceed |= params->url.SchemeIs(url::kAboutScheme) &&
params->url != GURL(url::kAboutSrcdocURL);
// 2) This was a same-document navigation.
// TODO(clamy): We should enforce having a request on browser-initiated
// same-document navigations.
is_commit_allowed_to_proceed |= is_same_document_navigation;
// 3) Error pages implementations in Chrome can commit twice.
// TODO(clamy): Fix this.
is_commit_allowed_to_proceed |= params->url_is_unreachable;
// 4) Special case for DOMSerializerBrowsertests which are implemented
// entirely renderer-side and unlike normal RenderView based tests load
// file URLs instead of data URLs.
// TODO(clamy): Rework the tests to remove this exception.
is_commit_allowed_to_proceed |= params->url.SchemeIsFile();
if (!is_commit_allowed_to_proceed) {
bad_message::ReceivedBadMessage(
GetProcess(),
bad_message::RFH_NO_MATCHING_NAVIGATION_REQUEST_ON_COMMIT);
return false;
}
}
if (!ValidateDidCommitParams(navigation_request.get(), params.get(),
is_same_document_navigation)) {
return false;
}
// TODO(clamy): We should stop having a special case for same-document
// navigation and just put them in the general map of NavigationRequests.
if (navigation_request &&
navigation_request->common_params().url != params->url &&
is_same_document_navigation) {
same_document_navigation_request_ = std::move(navigation_request);
}
// Set is loading to true now if it has not been set yet. This happens for
// renderer-initiated same-document navigations. It can also happen when a
// racy DidStopLoading Mojo method resets the loading state that was set to
// true in CommitNavigation.
if (!is_loading()) {
bool was_loading = frame_tree()->IsLoading();
is_loading_ = true;
frame_tree_node()->DidStartLoading(!is_same_document_navigation,
was_loading);
}
if (navigation_request)
was_discarded_ = navigation_request->commit_params().was_discarded;
// If there is no valid NavigationRequest corresponding to this commit, create
// one in order to properly issue DidFinishNavigation calls to
// WebContentsObservers.
if (!navigation_request) {
navigation_request =
CreateNavigationRequestForCommit(*params, is_same_document_navigation);
}
DCHECK(navigation_request);
DCHECK(navigation_request->IsNavigationStarted());
// Update the page transition. For subframe navigations, the renderer process
// only gives the correct page transition at commit time.
// TODO(clamy): We should get the correct page transition when starting the
// request.
navigation_request->set_transition(params->transition);
navigation_request->set_has_user_gesture(params->gesture ==
NavigationGestureUser);
// TODO(arthursonzogni): Updating this flag for same-document or bfcache
// navigation might not be right. Should this be moved to
// DidCommitNewDocument()?
last_http_status_code_ = params->http_status_code;
// TODO(arthursonzogni): Updating this flag for same-document or bfcache
// navigation might not be right. Should this be moved to
// DidCommitNewDocument()?
last_http_method_ = params->method;
UpdateSiteURL(params->url, params->url_is_unreachable);
if (!is_same_document_navigation)
UpdateRenderProcessHostFramePriorities();
// TODO(arthursonzogni): Updating this flag for same-document or bfcache
// navigation might not be right. Should this be moved to
// DidCommitNewDocument()?
accessibility_reset_count_ = 0;
// TODO(arthursonzogni): Updating this flag for same-document or bfcache
// navigation isn't right. This should be moved to DidCommitNewDocument().
appcache_handle_ = navigation_request->TakeAppCacheHandle();
bool created_new_document =
!is_same_document_navigation &&
!navigation_request->IsServedFromBackForwardCache();
// TODO(crbug.com/936696): Remove this after we have RenderDocument.
// IsWaitingToCommit can be false inside DidCommitNavigationInternal only in
// specific circumstances listed above, and specifically for the fake
// initial navigations triggered by the blank window.open() and creating a
// blank iframe. In that case we do not want to reset the per-document
// states as we are not really creating a new Document and we want to
// preserve the states set by WebContentsCreated delegate notification
// (which among other things create tab helpers) or RenderFrameCreated.
bool navigated_to_new_document =
created_new_document && navigation_request->IsWaitingToCommit();
if (navigated_to_new_document) {
TRACE_EVENT1("content", "DidCommitProvisionalLoad_StateResetForNewDocument",
"render_frame_host", this);
if (navigation_request->IsInMainFrame()) {
render_view_host_->ResetPerPageState();
}
last_committed_cross_document_navigation_id_ =
navigation_request->GetNavigationId();
if (IsCurrent() && !committed_speculative_rfh_before_navigation_commit_) {
// Clear all the user data associated with the non speculative
// RenderFrameHost when the navigation is a cross-document navigation not
// served from the back-forward cache. Make sure the data doesn't get
// cleared for the cases when the RenderFrameHost commits before the
// navigation commits. This happens when the current RenderFrameHost
// crashes before navigating to a new URL.
document_associated_data_.ClearAllUserData();
}
// Continue observing the events for the committed navigation.
for (auto& receiver : navigation_request->TakeCookieObservers()) {
cookie_observers_.Add(this, std::move(receiver));
}
// Resets when navigating to a new document. This is needed because
// RenderFrameHost might be reused for a new document
document_used_web_otp_ = false;
}
// If we still have a PeakGpuMemoryTracker, then the loading it was observing
// never completed. Cancel it's callback so that we don't report partial
// loads to UMA.
if (loading_mem_tracker_)
loading_mem_tracker_->Cancel();
// Main Frames will create the tracker, which will be triggered after we
// receive DidStopLoading.
// TODO(arthursonzogni): Updating this flag for same-document or bfcache
// navigation isn't right. This should be moved to DidCommitNewDocument().
loading_mem_tracker_ = navigation_request->TakePeakGpuMemoryTracker();
frame_tree_node()->navigator().DidNavigate(this, *params,
std::move(navigation_request),
is_same_document_navigation);
// Reset back the state to false after navigation commits.
// TODO(https://crbug.com/1072817): Undo this plumbing after removing the
// early post-crash CommitPending() call.
committed_speculative_rfh_before_navigation_commit_ = false;
// TODO(arthursonzogni): Updating this flag for same-document or bfcache
// navigation doesn't seem right. This should likely be executed in
// DidCommitNewDocument().
if (IsBackForwardCacheEnabled()) {
// Store the Commit params so they can be reused if the page is ever
// restored from the BackForwardCache.
last_commit_params_ = std::move(params);
}
// TODO(arthursonzogni): Recording the metrics again for same-document or
// bfcache navigation is a no-op. They were already recorded when the document
// committed. This should be moved toward NewDocumentCreatedFromNavigation().
RecordCrossOriginIsolationMetrics(this);
// TODO(arthursonzogni): Calling this for same-document navigation doesn't
// hurt, but this is useless. This should be executed only once per new
// document. This should be moved to CommitNewDocumentFromNavigation().
CrossOriginOpenerPolicyReporter::InstallAccessMonitorsIfNeeded(
frame_tree_node_);
return true;
}
// TODO(arthursonzogni): Below, many NavigationRequest's objects are passed from
// the navigation to the new document. Consider grouping them in a single
// struct.
//
// TODO(arthursonzogni): Investigate what must be done when
// navigation_request->IsWaitingToCommit() is false here.
void RenderFrameHostImpl::DidCommitNewDocument(
const FrameHostMsg_DidCommitProvisionalLoad_Params& params,
NavigationRequest* navigation_request) {
// BackForwardCache navigations restore existing document, but never create
// new ones.
DCHECK(!navigation_request->IsServedFromBackForwardCache());
// After setting the last committed origin, reset the feature policy and
// sandbox flags in the RenderFrameHost to a blank policy based on the
// parent frame or opener frame.
ResetFeaturePolicy();
active_sandbox_flags_ = frame_tree_node()->active_sandbox_flags();
document_policy_ = blink::DocumentPolicy::CreateWithHeaderPolicy({});
// Since we're changing documents, we should reset the event handler
// trackers.
has_before_unload_handler_ = false;
has_unload_handler_ = false;
has_pagehide_handler_ = false;
has_visibilitychange_handler_ = false;
DCHECK(params.embedding_token.has_value());
SetEmbeddingToken(params.embedding_token.value());
renderer_reported_scheduler_tracked_features_ = 0;
browser_reported_scheduler_tracked_features_ = 0;
last_committed_client_security_state_ =
navigation_request->TakeClientSecurityState();
cross_origin_opener_policy_ =
navigation_request->coop_status().current_coop();
coop_reporter_ = navigation_request->coop_status().TakeCoopReporter();
virtual_browsing_context_group_ =
navigation_request->coop_status().virtual_browsing_context_group();
// Store the required CSP (it will be used by the AncestorThrottle if
// this frame embeds a subframe when that subframe navigates).
required_csp_ = navigation_request->TakeRequiredCSP();
// Keep track of the sandbox policy of the document that has just committed.
// It will be compared with the value computed from the renderer. The latter
// is expected to be received in DidSetFramePolicyHeaders(..).
active_sandbox_flags_control_ = navigation_request->SandboxFlagsToCommit();
coep_reporter_ = navigation_request->TakeCoepReporter();
if (coep_reporter_) {
mojo::PendingRemote<blink::mojom::ReportingObserver> remote;
mojo::PendingReceiver<blink::mojom::ReportingObserver> receiver =
remote.InitWithNewPipeAndPassReceiver();
coep_reporter_->BindObserver(std::move(remote));
// As some tests override the associated frame after commit, do not
// call GetAssociatedLocalFrame now.
base::ThreadTaskRunnerHandle::Get()->PostTask(
FROM_HERE,
base::BindOnce(&RenderFrameHostImpl::BindReportingObserver,
weak_ptr_factory_.GetWeakPtr(), std::move(receiver)));
}
// Set the state whether this navigation is to an MHTML document, since there
// are certain security checks that we cannot apply to subframes in MHTML
// documents. Do not trust renderer data when determining that, rather use
// the |navigation_request|, which was generated and stays browser side.
is_mhtml_document_ =
navigation_request->GetMimeType() == "multipart/related" ||
navigation_request->GetMimeType() == "message/rfc822";
}
void RenderFrameHostImpl::OnSameDocumentCommitProcessed(
int64_t navigation_id,
bool should_replace_current_entry,
blink::mojom::CommitResult result) {
// If the NavigationRequest was deleted, another navigation commit started to
// be processed. Let the latest commit go through and stop doing anything.
if (!same_document_navigation_request_ ||
same_document_navigation_request_->GetNavigationId() != navigation_id) {
return;
}
if (result == blink::mojom::CommitResult::RestartCrossDocument) {
// The navigation could not be committed as a same-document navigation.
// Restart the navigation cross-document.
frame_tree_node_->navigator().RestartNavigationAsCrossDocument(
std::move(same_document_navigation_request_));
}
if (result == blink::mojom::CommitResult::Aborted) {
// Note: if the commit was successful, navigation_request_ is reset in
// DidCommitProvisionalLoad.
same_document_navigation_request_.reset();
}
}
void RenderFrameHostImpl::OnCrossDocumentCommitProcessed(
NavigationRequest* navigation_request,
blink::mojom::CommitResult result) {
DCHECK_NE(blink::mojom::CommitResult::RestartCrossDocument, result);
if (result == blink::mojom::CommitResult::Ok) {
// The navigation will soon be committed. Move it out of the map to the
// NavigationRequest that is about to commit.
auto find_request = navigation_requests_.find(navigation_request);
if (find_request != navigation_requests_.end()) {
navigation_request_ = std::move(find_request->second);
} else {
// This frame might be used for attaching an inner WebContents in which
// case |navigation_requests_| are deleted during attaching.
// TODO(ekaramad): Add a DCHECK to ensure the FrameTreeNode is attaching
// an inner delegate (https://crbug.com/911161).
}
}
// Remove the requests from the list of NavigationRequests waiting to commit.
navigation_requests_.erase(navigation_request);
}
std::unique_ptr<base::trace_event::TracedValue>
RenderFrameHostImpl::CommitAsTracedValue(
FrameHostMsg_DidCommitProvisionalLoad_Params* params) const {
auto value = std::make_unique<base::trace_event::TracedValue>();
// TODO(nasko): Move the process lock into RenderProcessHost.
value->SetString(
"process lock",
ChildProcessSecurityPolicyImpl::GetInstance()
->GetProcessLock(agent_scheduling_group_.GetProcess()->GetID())
.ToString());
value->SetInteger("nav_entry_id", params->nav_entry_id);
value->SetInteger("item_sequence_number", params->item_sequence_number);
value->SetInteger("document_sequence_number",
params->document_sequence_number);
value->SetString("url", params->url.spec());
if (!params->base_url.is_empty()) {
value->SetString("base_url", params->base_url.possibly_invalid_spec());
}
value->SetInteger("transition", params->transition);
value->BeginDictionary("referrer");
value->SetString("url", params->referrer.url.spec());
value->SetInteger("policy", static_cast<int>(params->referrer.policy));
value->EndDictionary();
value->SetBoolean("should_update_history", params->should_update_history);
value->SetString("contents_mime_type", params->contents_mime_type);
value->SetBoolean("intended_as_new_entry", params->intended_as_new_entry);
value->SetBoolean("did_create_new_entry", params->did_create_new_entry);
value->SetBoolean("should_replace_current_entry",
params->should_replace_current_entry);
value->SetString("method", params->method);
value->SetInteger("post_id", params->post_id);
value->SetInteger("http_status_code", params->http_status_code);
value->SetBoolean("url_is_unreachable", params->url_is_unreachable);
value->SetString("original_request_url", params->original_request_url.spec());
value->SetBoolean("is_overriding_user_agent",
params->is_overriding_user_agent);
value->SetBoolean("history_list_was_cleared",
params->history_list_was_cleared);
value->SetString("origin", params->origin.GetDebugString());
value->SetBoolean("has_potentially_trustworthy_unique_origin",
params->has_potentially_trustworthy_unique_origin);
value->SetInteger("request_id", params->request_id);
value->SetString("navigation_token", params->navigation_token.ToString());
if (params->embedding_token)
value->SetString("embedding_token", params->embedding_token->ToString());
return value;
}
void RenderFrameHostImpl::MaybeGenerateCrashReport(
base::TerminationStatus status,
int exit_code) {
if (!last_committed_url_.SchemeIsHTTPOrHTTPS())
return;
// Only generate reports for local root frames.
if (!frame_tree_node_->IsMainFrame() && !IsCrossProcessSubframe())
return;
// Check the termination status to see if a crash occurred (and potentially
// determine the |reason| for the crash).
std::string reason;
switch (status) {
case base::TERMINATION_STATUS_ABNORMAL_TERMINATION:
break;
case base::TERMINATION_STATUS_PROCESS_CRASHED:
if (exit_code == RESULT_CODE_HUNG)
reason = "unresponsive";
break;
case base::TERMINATION_STATUS_PROCESS_WAS_KILLED:
if (exit_code == RESULT_CODE_HUNG)
reason = "unresponsive";
else
return;
break;
case base::TERMINATION_STATUS_OOM:
#if defined(OS_CHROMEOS)
case base::TERMINATION_STATUS_PROCESS_WAS_KILLED_BY_OOM:
#endif
#if defined(OS_ANDROID)
case base::TERMINATION_STATUS_OOM_PROTECTED:
#endif
reason = "oom";
break;
default:
// Other termination statuses do not indicate a crash.
return;
}
// Construct the crash report.
auto body = base::DictionaryValue();
if (!reason.empty())
body.SetString("reason", reason);
// Send the crash report to the Reporting API.
GetProcess()->GetStoragePartition()->GetNetworkContext()->QueueReport(
"crash" /* type */, "default" /* group */, last_committed_url_,
base::nullopt, std::move(body));
}
void RenderFrameHostImpl::SendCommitNavigation(
mojom::NavigationClient* navigation_client,
NavigationRequest* navigation_request,
mojom::CommonNavigationParamsPtr common_params,
mojom::CommitNavigationParamsPtr commit_params,
network::mojom::URLResponseHeadPtr response_head,
mojo::ScopedDataPipeConsumerHandle response_body,
network::mojom::URLLoaderClientEndpointsPtr url_loader_client_endpoints,
std::unique_ptr<blink::PendingURLLoaderFactoryBundle>
subresource_loader_factories,
base::Optional<std::vector<blink::mojom::TransferrableURLLoaderPtr>>
subresource_overrides,
blink::mojom::ControllerServiceWorkerInfoPtr controller,
blink::mojom::ServiceWorkerContainerInfoForClientPtr container_info,
mojo::PendingRemote<network::mojom::URLLoaderFactory>
prefetch_loader_factory,
const base::UnguessableToken& devtools_navigation_token) {
navigation_client->CommitNavigation(
std::move(common_params), std::move(commit_params),
std::move(response_head), std::move(response_body),
std::move(url_loader_client_endpoints),
std::move(subresource_loader_factories), std::move(subresource_overrides),
std::move(controller), std::move(container_info),
std::move(prefetch_loader_factory), devtools_navigation_token,
BuildCommitNavigationCallback(navigation_request));
}
void RenderFrameHostImpl::SendCommitFailedNavigation(
mojom::NavigationClient* navigation_client,
NavigationRequest* navigation_request,
mojom::CommonNavigationParamsPtr common_params,
mojom::CommitNavigationParamsPtr commit_params,
bool has_stale_copy_in_cache,
int32_t error_code,
const base::Optional<std::string>& error_page_content,
std::unique_ptr<blink::PendingURLLoaderFactoryBundle>
subresource_loader_factories) {
DCHECK(navigation_client && navigation_request);
navigation_client->CommitFailedNavigation(
std::move(common_params), std::move(commit_params),
has_stale_copy_in_cache, error_code,
navigation_request->GetResolveErrorInfo(), error_page_content,
std::move(subresource_loader_factories),
BuildCommitFailedNavigationCallback(navigation_request));
}
// Called when the renderer navigates. For every frame loaded, we'll get this
// notification containing parameters identifying the navigation.
void RenderFrameHostImpl::DidCommitNavigation(
std::unique_ptr<NavigationRequest> committing_navigation_request,
std::unique_ptr<FrameHostMsg_DidCommitProvisionalLoad_Params> params,
mojom::DidCommitProvisionalLoadInterfaceParamsPtr interface_params) {
// BackForwardCacheImpl::CanStoreRenderFrameHost prevents placing the pages
// with in-flight navigation requests in the back-forward cache and it's not
// possible to start/commit a new one after the RenderFrameHost is in the
// BackForwardCache (see the check IsInactiveAndDisallowReactivation in
// RFH::DidCommitSameDocumentNavigation() and RFH::BeginNavigation()) so it
// isn't possible to get a DidCommitNavigation IPC from the renderer in
// kInBackForwardCache state.
DCHECK(!IsInBackForwardCache());
NavigationRequest* request;
if (committing_navigation_request) {
request = committing_navigation_request.get();
} else {
request = navigation_request();
}
if (request && request->IsNavigationStarted()) {
main_frame_request_ids_ = {params->request_id,
request->GetGlobalRequestID()};
if (deferred_main_frame_load_info_)
ResourceLoadComplete(std::move(deferred_main_frame_load_info_));
}
// DidCommitProvisionalLoad IPC should be associated with the URL being
// committed (not with the *last* committed URL that most other IPCs are
// associated with).
ScopedActiveURL scoped_active_url(params->url,
frame_tree()->root()->current_origin());
ScopedCommitStateResetter commit_state_resetter(this);
RenderProcessHost* process = GetProcess();
TRACE_EVENT2("navigation", "RenderFrameHostImpl::DidCommitProvisionalLoad",
"rfh", base::trace_event::ToTracedValue(this), "params",
CommitAsTracedValue(params.get()));
// If we're waiting for a cross-site beforeunload completion callback from
// this renderer and we receive a Navigate message from the main frame, then
// the renderer was navigating already and sent it before hearing the
// blink::mojom::LocalFrame::StopLoading() message. Treat this as an implicit
// beforeunload completion callback to allow the pending navigation to
// continue.
if (is_waiting_for_beforeunload_completion_ &&
unload_ack_is_for_navigation_ && !GetParent()) {
base::TimeTicks approx_renderer_start_time = send_before_unload_start_time_;
ProcessBeforeUnloadCompleted(
true /* proceed */, true /* treat_as_final_completion_callback */,
approx_renderer_start_time, base::TimeTicks::Now());
}
// When a frame enters pending deletion, it waits for itself and its children
// to properly unload. Receiving DidCommitProvisionalLoad() here while the
// frame is not active means it comes from a navigation that reached the
// ReadyToCommit stage just before the frame entered pending deletion.
//
// We should ignore this message, because we have already committed to
// destroying this RenderFrameHost. Note that we intentionally do not ignore
// commits that happen while the current tab is being closed - see
// https://crbug.com/805705.
if (IsPendingDeletion())
return;
// Retroactive sanity check:
// - If this is the first real load committing in this frame, then by this
// time the RenderFrameHost's InterfaceProvider implementation should have
// already been bound to a message pipe whose client end is used to service
// interface requests from the initial empty document.
// - Otherwise, the InterfaceProvider implementation should at this point be
// bound to an interface connection servicing interface requests coming from
// the document of the previously committed navigation.
DCHECK(document_scoped_interface_provider_receiver_.is_bound());
if (interface_params) {
// As a general rule, expect the RenderFrame to have supplied the
// receiver end of a new InterfaceProvider connection that will be used by
// the new document to issue interface receivers to access RenderFrameHost
// services.
document_scoped_interface_provider_receiver_.reset();
BindInterfaceProviderReceiver(
std::move(interface_params->interface_provider_receiver));
if (broker_receiver_.is_bound()) {
auto broker_receiver_of_previous_document = broker_receiver_.Unbind();
dropped_interface_request_logger_ =
std::make_unique<DroppedInterfaceRequestLogger>(
std::move(broker_receiver_of_previous_document));
}
BindBrowserInterfaceBrokerReceiver(
std::move(interface_params->browser_interface_broker_receiver));
} else {
// If there had already been a real load committed in the frame, and this is
// not a same-document navigation, then both the active document as well as
// the global object was replaced in this browsing context. The RenderFrame
// should have rebound its InterfaceProvider to a new pipe, but failed to do
// so. Kill the renderer, and reset the old receiver to ensure that any
// pending interface requests originating from the previous document, hence
// possibly from a different security origin, will no longer be dispatched.
if (frame_tree_node_->has_committed_real_load()) {
document_scoped_interface_provider_receiver_.reset();
broker_receiver_.reset();
bad_message::ReceivedBadMessage(
process, bad_message::RFH_INTERFACE_PROVIDER_MISSING);
return;
}
// Otherwise, it is the first real load committed, for which the RenderFrame
// is allowed to, and will re-use the existing InterfaceProvider connection
// if the new document is same-origin with the initial empty document, and
// therefore the global object is not replaced.
}
if (!DidCommitNavigationInternal(std::move(committing_navigation_request),
std::move(params),
false /* is_same_document_navigation */)) {
return;
}
// Since we didn't early return, it's safe to keep the commit state.
commit_state_resetter.disable();
// For a top-level frame, there are potential security concerns associated
// with displaying graphics from a previously loaded page after the URL in
// the omnibar has been changed. It is unappealing to clear the page
// immediately, but if the renderer is taking a long time to issue any
// compositor output (possibly because of script deliberately creating this
// situation) then we clear it after a while anyway.
// See https://crbug.com/497588.
if (frame_tree_node_->IsMainFrame() && GetView()) {
RenderWidgetHostImpl::From(GetView()->GetRenderWidgetHost())->DidNavigate();
}
// TODO(arthursonzogni): This can be removed when RenderDocument will be
// implemented. See https://crbug.com/936696.
EnsureDescendantsAreUnloading();
}
mojom::NavigationClient::CommitNavigationCallback
RenderFrameHostImpl::BuildCommitNavigationCallback(
NavigationRequest* navigation_request) {
DCHECK(navigation_request);
return base::BindOnce(
&RenderFrameHostImpl::DidCommitPerNavigationMojoInterfaceNavigation,
base::Unretained(this), navigation_request);
}
mojom::NavigationClient::CommitFailedNavigationCallback
RenderFrameHostImpl::BuildCommitFailedNavigationCallback(
NavigationRequest* navigation_request) {
DCHECK(navigation_request);
return base::BindOnce(
&RenderFrameHostImpl::DidCommitPerNavigationMojoInterfaceNavigation,
base::Unretained(this), navigation_request);
}
void RenderFrameHostImpl::SendBeforeUnload(
bool is_reload,
base::WeakPtr<RenderFrameHostImpl> rfh) {
auto before_unload_closure = base::BindOnce(
[](base::WeakPtr<RenderFrameHostImpl> impl, bool proceed,
base::TimeTicks renderer_before_unload_start_time,
base::TimeTicks renderer_before_unload_end_time) {
if (!impl)
return;
impl->ProcessBeforeUnloadCompleted(
proceed, false /* treat_as_final_completion_callback */,
renderer_before_unload_start_time, renderer_before_unload_end_time);
},
rfh);
// Experiment to run beforeunload handlers at a higher priority in the
// renderer. See crubug.com/1042118.
if (base::FeatureList::IsEnabled(features::kHighPriorityBeforeUnload)) {
rfh->GetHighPriorityLocalFrame()->DispatchBeforeUnload(
is_reload, std::move(before_unload_closure));
} else {
rfh->GetAssociatedLocalFrame()->BeforeUnload(
is_reload, std::move(before_unload_closure));
}
}
void RenderFrameHostImpl::AddServiceWorkerContainerHost(
const std::string& uuid,
base::WeakPtr<content::ServiceWorkerContainerHost> host) {
if (IsInBackForwardCache()) {
// RenderFrameHost entered BackForwardCache before adding
// ServiceWorkerContainerHost. In this case, evict the entry from the cache.
EvictFromBackForwardCacheWithReason(
BackForwardCacheMetrics::NotRestoredReason::
kEnteredBackForwardCacheBeforeServiceWorkerHostAdded);
}
DCHECK(!base::Contains(service_worker_container_hosts_, uuid));
service_worker_container_hosts_[uuid] = std::move(host);
}
void RenderFrameHostImpl::RemoveServiceWorkerContainerHost(
const std::string& uuid) {
DCHECK(base::Contains(service_worker_container_hosts_, uuid));
service_worker_container_hosts_.erase(uuid);
}
bool RenderFrameHostImpl::MaybeInterceptCommitCallback(
NavigationRequest* navigation_request,
FrameHostMsg_DidCommitProvisionalLoad_Params* params,
mojom::DidCommitProvisionalLoadInterfaceParamsPtr* interface_params) {
if (commit_callback_interceptor_) {
return commit_callback_interceptor_->WillProcessDidCommitNavigation(
navigation_request, params, interface_params);
}
return true;
}
void RenderFrameHostImpl::PostMessageEvent(
const base::Optional<base::UnguessableToken>& source_token,
const base::string16& source_origin,
const base::string16& target_origin,
blink::TransferableMessage message) {
DCHECK(render_frame_created_);
GetAssociatedLocalFrame()->PostMessageEvent(
source_token, source_origin, target_origin, std::move(message));
}
bool RenderFrameHostImpl::IsTestRenderFrameHost() const {
return false;
}
scoped_refptr<PrefetchedSignedExchangeCache>
RenderFrameHostImpl::EnsurePrefetchedSignedExchangeCache() {
if (!prefetched_signed_exchange_cache_) {
prefetched_signed_exchange_cache_ =
base::MakeRefCounted<PrefetchedSignedExchangeCache>();
}
return prefetched_signed_exchange_cache_;
}
void RenderFrameHostImpl::ClearPrefetchedSignedExchangeCache() {
if (prefetched_signed_exchange_cache_)
prefetched_signed_exchange_cache_->Clear();
}
std::unique_ptr<WebBundleHandleTracker>
RenderFrameHostImpl::MaybeCreateWebBundleHandleTracker() {
if (web_bundle_handle_)
return web_bundle_handle_->MaybeCreateTracker();
FrameTreeNode* frame_owner =
frame_tree_node_->parent() ? frame_tree_node_->parent()->frame_tree_node()
: frame_tree_node_->opener();
if (!frame_owner)
return nullptr;
RenderFrameHostImpl* frame_owner_host = frame_owner->current_frame_host();
if (!frame_owner_host->web_bundle_handle_)
return nullptr;
return frame_owner_host->web_bundle_handle_->MaybeCreateTracker();
}
RenderWidgetHostImpl* RenderFrameHostImpl::GetLocalRenderWidgetHost() const {
if (!parent_)
return render_view_host_->GetWidget();
else
return owned_render_widget_host_.get();
}
void RenderFrameHostImpl::EnsureDescendantsAreUnloading() {
std::vector<RenderFrameHostImpl*> parents_to_be_checked = {this};
std::vector<RenderFrameHostImpl*> rfhs_to_be_checked;
while (!parents_to_be_checked.empty()) {
RenderFrameHostImpl* document = parents_to_be_checked.back();
parents_to_be_checked.pop_back();
for (auto& subframe : document->children_) {
RenderFrameHostImpl* child = subframe->current_frame_host();
// Every child is expected to be pending deletion. If it isn't the
// case, their FrameTreeNode is immediately removed from the tree.
if (!child->IsPendingDeletion())
rfhs_to_be_checked.push_back(child);
else
parents_to_be_checked.push_back(child);
}
}
for (RenderFrameHostImpl* document : rfhs_to_be_checked)
document->parent_->RemoveChild(document->frame_tree_node());
}
void RenderFrameHostImpl::AddUniqueMessageToConsole(
blink::mojom::ConsoleMessageLevel level,
const std::string& message) {
AddMessageToConsoleImpl(level, message, true /* discard_duplicates */);
}
void RenderFrameHostImpl::AddMessageToConsoleImpl(
blink::mojom::ConsoleMessageLevel level,
const std::string& message,
bool discard_duplicates) {
GetAssociatedLocalFrame()->AddMessageToConsole(level, message,
discard_duplicates);
}
void RenderFrameHostImpl::LogCannotCommitUrlCrashKeys(
const GURL& url,
bool is_same_document_navigation,
NavigationRequest* navigation_request) {
LogRendererKillCrashKeys(GetSiteInstance()->GetSiteInfo());
// Temporary instrumentation to debug the root cause of renderer process
// terminations. See https://crbug.com/931895.
auto bool_to_crash_key = [](bool b) { return b ? "true" : "false"; };
base::debug::SetCrashKeyString(
base::debug::AllocateCrashKeyString("is_same_document",
base::debug::CrashKeySize::Size32),
bool_to_crash_key(is_same_document_navigation));
base::debug::SetCrashKeyString(
base::debug::AllocateCrashKeyString("is_main_frame",
base::debug::CrashKeySize::Size32),
bool_to_crash_key(frame_tree_node_->IsMainFrame()));
base::debug::SetCrashKeyString(
base::debug::AllocateCrashKeyString("is_cross_process_subframe",
base::debug::CrashKeySize::Size32),
bool_to_crash_key(IsCrossProcessSubframe()));
base::debug::SetCrashKeyString(
base::debug::AllocateCrashKeyString("site_lock",
base::debug::CrashKeySize::Size256),
GetSiteInstance()->GetProcessLock().ToString());
if (!GetSiteInstance()->IsDefaultSiteInstance()) {
base::debug::SetCrashKeyString(
base::debug::AllocateCrashKeyString("original_url_origin",
base::debug::CrashKeySize::Size256),
GetSiteInstance()->original_url().GetOrigin().spec());
}
base::debug::SetCrashKeyString(
base::debug::AllocateCrashKeyString("is_mhtml_document",
base::debug::CrashKeySize::Size32),
bool_to_crash_key(is_mhtml_document()));
base::debug::SetCrashKeyString(
base::debug::AllocateCrashKeyString("last_committed_url_origin",
base::debug::CrashKeySize::Size256),
GetLastCommittedURL().GetOrigin().spec());
base::debug::SetCrashKeyString(
base::debug::AllocateCrashKeyString("last_successful_url_origin",
base::debug::CrashKeySize::Size256),
last_successful_url().GetOrigin().spec());
if (navigation_request && navigation_request->IsNavigationStarted()) {
base::debug::SetCrashKeyString(
base::debug::AllocateCrashKeyString("is_renderer_initiated",
base::debug::CrashKeySize::Size32),
bool_to_crash_key(navigation_request->IsRendererInitiated()));
base::debug::SetCrashKeyString(
base::debug::AllocateCrashKeyString("is_server_redirect",
base::debug::CrashKeySize::Size32),
bool_to_crash_key(navigation_request->WasServerRedirect()));
base::debug::SetCrashKeyString(
base::debug::AllocateCrashKeyString("is_form_submission",
base::debug::CrashKeySize::Size32),
bool_to_crash_key(navigation_request->IsFormSubmission()));
base::debug::SetCrashKeyString(
base::debug::AllocateCrashKeyString("is_error_page",
base::debug::CrashKeySize::Size32),
bool_to_crash_key(navigation_request->IsErrorPage()));
base::debug::SetCrashKeyString(
base::debug::AllocateCrashKeyString("from_begin_navigation",
base::debug::CrashKeySize::Size32),
bool_to_crash_key(navigation_request->from_begin_navigation()));
base::debug::SetCrashKeyString(
base::debug::AllocateCrashKeyString("net_error",
base::debug::CrashKeySize::Size32),
base::NumberToString(navigation_request->GetNetErrorCode()));
base::debug::SetCrashKeyString(
base::debug::AllocateCrashKeyString("initiator_origin",
base::debug::CrashKeySize::Size64),
navigation_request->GetInitiatorOrigin()
? navigation_request->GetInitiatorOrigin()->GetDebugString()
: "none");
base::debug::SetCrashKeyString(
base::debug::AllocateCrashKeyString("starting_site_instance",
base::debug::CrashKeySize::Size256),
navigation_request->GetStartingSiteInstance()
->GetSiteInfo()
.GetDebugString());
// Recompute the target SiteInstance to see if it matches the current
// one at commit time.
scoped_refptr<SiteInstance> dest_instance =
frame_tree_node_->render_manager()->GetSiteInstanceForNavigationRequest(
navigation_request);
base::debug::SetCrashKeyString(
base::debug::AllocateCrashKeyString(
"does_recomputed_site_instance_match",
base::debug::CrashKeySize::Size32),
bool_to_crash_key(dest_instance == GetSiteInstance()));
}
}
void RenderFrameHostImpl::MaybeEvictFromBackForwardCache() {
if (!IsInBackForwardCache())
return;
RenderFrameHostImpl* top_document = this;
while (RenderFrameHostImpl* parent = top_document->GetParent())
top_document = parent;
auto can_store =
frame_tree()->controller()->GetBackForwardCache().CanStorePageNow(
top_document);
TRACE_EVENT1("navigation",
"RenderFrameHostImpl::MaybeEvictFromBackForwardCache",
"can_store", can_store.ToString());
if (can_store)
return;
EvictFromBackForwardCacheWithReasons(can_store);
}
void RenderFrameHostImpl::LogCannotCommitOriginCrashKeys(
bool is_same_document_navigation,
NavigationRequest* navigation_request) {
LogRendererKillCrashKeys(GetSiteInstance()->GetSiteInfo());
// Temporary instrumentation to debug the root cause of
// https://crbug.com/923144.
auto bool_to_crash_key = [](bool b) { return b ? "true" : "false"; };
base::debug::SetCrashKeyString(
base::debug::AllocateCrashKeyString("is_same_document",
base::debug::CrashKeySize::Size32),
bool_to_crash_key(is_same_document_navigation));
base::debug::SetCrashKeyString(
base::debug::AllocateCrashKeyString("is_subframe",
base::debug::CrashKeySize::Size32),
bool_to_crash_key(!frame_tree_node_->IsMainFrame()));
base::debug::SetCrashKeyString(
base::debug::AllocateCrashKeyString("lifecycle_state",
base::debug::CrashKeySize::Size32),
LifecycleStateToString(lifecycle_state_));
base::debug::SetCrashKeyString(
base::debug::AllocateCrashKeyString("is_current",
base::debug::CrashKeySize::Size32),
bool_to_crash_key(IsCurrent()));
base::debug::SetCrashKeyString(
base::debug::AllocateCrashKeyString("is_cross_process_subframe",
base::debug::CrashKeySize::Size32),
bool_to_crash_key(IsCrossProcessSubframe()));
if (navigation_request && navigation_request->IsNavigationStarted()) {
base::debug::SetCrashKeyString(
base::debug::AllocateCrashKeyString("is_renderer_initiated",
base::debug::CrashKeySize::Size32),
bool_to_crash_key(navigation_request->IsRendererInitiated()));
base::debug::SetCrashKeyString(
base::debug::AllocateCrashKeyString("is_server_redirect",
base::debug::CrashKeySize::Size32),
bool_to_crash_key(navigation_request->WasServerRedirect()));
base::debug::SetCrashKeyString(
base::debug::AllocateCrashKeyString("is_form_submission",
base::debug::CrashKeySize::Size32),
bool_to_crash_key(navigation_request->IsFormSubmission()));
base::debug::SetCrashKeyString(
base::debug::AllocateCrashKeyString("is_error_page",
base::debug::CrashKeySize::Size32),
bool_to_crash_key(navigation_request->IsErrorPage()));
base::debug::SetCrashKeyString(
base::debug::AllocateCrashKeyString("initiator_origin",
base::debug::CrashKeySize::Size64),
navigation_request->GetInitiatorOrigin()
? navigation_request->GetInitiatorOrigin()->GetDebugString()
: "none");
base::debug::SetCrashKeyString(
base::debug::AllocateCrashKeyString("starting_site_instance",
base::debug::CrashKeySize::Size256),
navigation_request->GetStartingSiteInstance()
->GetSiteInfo()
.GetDebugString());
}
}
void RenderFrameHostImpl::EnableMojoJsBindings() {
// This method should only be called on RenderFrameHost which is for a WebUI.
DCHECK_NE(WebUI::kNoWebUI,
WebUIControllerFactoryRegistry::GetInstance()->GetWebUIType(
GetSiteInstance()->GetBrowserContext(),
site_instance_->GetSiteInfo().site_url()));
GetFrameBindingsControl()->EnableMojoJsBindings();
}
BackForwardCacheMetrics* RenderFrameHostImpl::GetBackForwardCacheMetrics() {
NavigationEntryImpl* navigation_entry =
frame_tree()->controller()->GetEntryWithUniqueID(nav_entry_id());
if (!navigation_entry)
return nullptr;
return navigation_entry->back_forward_cache_metrics();
}
bool RenderFrameHostImpl::IsBackForwardCacheDisabled() const {
return back_forward_cache_disabled_reasons_.size();
}
bool RenderFrameHostImpl::IsDOMContentLoaded() {
return dom_content_loaded_;
}
void RenderFrameHostImpl::UpdateAdFrameType(
blink::mojom::AdFrameType ad_frame_type) {
frame_tree_node_->SetAdFrameType(ad_frame_type);
}
blink::mojom::AuthenticatorStatus
RenderFrameHostImpl::PerformGetAssertionWebAuthSecurityChecks(
const std::string& relying_party_id,
const url::Origin& effective_origin) {
bool is_cross_origin;
blink::mojom::AuthenticatorStatus status =
GetWebAuthRequestSecurityChecker()->ValidateAncestorOrigins(
effective_origin,
WebAuthRequestSecurityChecker::RequestType::kGetAssertion,
&is_cross_origin);
if (status != blink::mojom::AuthenticatorStatus::SUCCESS) {
return status;
}
status = GetWebAuthRequestSecurityChecker()->ValidateDomainAndRelyingPartyID(
effective_origin, relying_party_id);
if (status != blink::mojom::AuthenticatorStatus::SUCCESS) {
return status;
}
return blink::mojom::AuthenticatorStatus::SUCCESS;
}
blink::mojom::AuthenticatorStatus
RenderFrameHostImpl::PerformMakeCredentialWebAuthSecurityChecks(
const std::string& relying_party_id,
const url::Origin& effective_origin) {
bool is_cross_origin;
blink::mojom::AuthenticatorStatus status =
GetWebAuthRequestSecurityChecker()->ValidateAncestorOrigins(
effective_origin,
WebAuthRequestSecurityChecker::RequestType::kMakeCredential,
&is_cross_origin);
if (status != blink::mojom::AuthenticatorStatus::SUCCESS) {
return status;
}
status = GetWebAuthRequestSecurityChecker()->ValidateDomainAndRelyingPartyID(
effective_origin, relying_party_id);
if (status != blink::mojom::AuthenticatorStatus::SUCCESS) {
return status;
}
return blink::mojom::AuthenticatorStatus::SUCCESS;
}
void RenderFrameHostImpl::IsClipboardPasteAllowed(
const ui::ClipboardFormatType& data_type,
const std::string& data,
IsClipboardPasteAllowedCallback callback) {
delegate_->IsClipboardPasteAllowed(GetLastCommittedURL(), data_type, data,
std::move(callback));
}
RenderFrameHostImpl* RenderFrameHostImpl::ParentOrOuterDelegateFrame() {
// Find the parent in the FrameTree (iframe).
if (parent_)
return parent_;
// Find the parent in the WebContentsTree (GuestView or Portal).
FrameTreeNode* frame_in_embedder =
frame_tree_node()->render_manager()->GetOuterDelegateNode();
if (frame_in_embedder)
return frame_in_embedder->current_frame_host()->GetParent();
// No parent found.
return nullptr;
}
scoped_refptr<WebAuthRequestSecurityChecker>
RenderFrameHostImpl::GetWebAuthRequestSecurityChecker() {
if (!webauth_request_security_checker_)
webauth_request_security_checker_ =
base::MakeRefCounted<WebAuthRequestSecurityChecker>(this);
return webauth_request_security_checker_;
}
bool RenderFrameHostImpl::IsInBackForwardCache() {
return lifecycle_state_ == LifecycleState::kInBackForwardCache;
}
bool RenderFrameHostImpl::IsPendingDeletion() {
return lifecycle_state_ == LifecycleState::kRunningUnloadHandlers ||
lifecycle_state_ == LifecycleState::kReadyToBeDeleted;
}
void RenderFrameHostImpl::SetLifecycleStateToActive() {
// If the RenderFrameHost is restored from BackForwardCache, update states of
// all the children to kActive. This is called from
// RenderFrameHostManager::SetRenderFrameHost which happens after commit.
if (IsInBackForwardCache()) {
for (auto& child : children_) {
DCHECK_EQ(child->current_frame_host()->lifecycle_state_,
LifecycleState::kInBackForwardCache);
child->current_frame_host()->SetLifecycleStateToActive();
}
}
SetLifecycleState(LifecycleState::kActive);
}
void RenderFrameHostImpl::SetLifecycleState(LifecycleState state) {
TRACE_EVENT2("content", "RenderFrameHostImpl::SetLifecycleState",
"render_frame_host", base::trace_event::ToTracedValue(this),
"new_state", LifecycleStateToString(state));
#if DCHECK_IS_ON()
static const base::NoDestructor<StateTransitions<LifecycleState>>
allowed_transitions(
// For a graph of state transitions, see
// https://chromium.googlesource.com/chromium/src/+/HEAD/docs/render-frame-host-lifecycle-state.png
// To update the graph, see the corresponding .gv file.
// RenderFrameHost is only set speculative during its creation and no
// transitions happen to this state during its lifetime.
StateTransitions<LifecycleState>({
{LifecycleState::kSpeculative,
{LifecycleState::kActive, LifecycleState::kReadyToBeDeleted}},
{LifecycleState::kActive,
{LifecycleState::kInBackForwardCache,
LifecycleState::kRunningUnloadHandlers,
LifecycleState::kReadyToBeDeleted}},
{LifecycleState::kInBackForwardCache,
{LifecycleState::kActive, LifecycleState::kReadyToBeDeleted}},
{LifecycleState::kRunningUnloadHandlers,
{LifecycleState::kReadyToBeDeleted}},
{LifecycleState::kReadyToBeDeleted, {}},
}));
DCHECK_STATE_TRANSITION(allowed_transitions, /*old_state=*/lifecycle_state_,
/*new_state*/ state);
#endif // DCHECK_IS_ON()
LifecycleState old_state = lifecycle_state_;
lifecycle_state_ = state;
// Notify the delegate about change in |lifecycle_state_|.
delegate_->RenderFrameHostStateChanged(this, old_state, lifecycle_state_);
}
void RenderFrameHostImpl::BindReportingObserver(
mojo::PendingReceiver<blink::mojom::ReportingObserver> receiver) {
GetAssociatedLocalFrame()->BindReportingObserver(std::move(receiver));
}
mojo::PendingRemote<network::mojom::CookieAccessObserver>
RenderFrameHostImpl::CreateCookieAccessObserver() {
mojo::PendingRemote<network::mojom::CookieAccessObserver> remote;
cookie_observers_.Add(this, remote.InitWithNewPipeAndPassReceiver());
return remote;
}
void RenderFrameHostImpl::Clone(
mojo::PendingReceiver<network::mojom::CookieAccessObserver> observer) {
cookie_observers_.Add(this, std::move(observer));
}
void RenderFrameHostImpl::OnCookiesAccessed(
network::mojom::CookieAccessDetailsPtr details) {
EmitSameSiteCookiesDeprecationWarning(this, details);
CookieAccessDetails allowed;
CookieAccessDetails blocked;
SplitCookiesIntoAllowedAndBlocked(details, &allowed, &blocked);
if (!allowed.cookie_list.empty())
delegate_->OnCookiesAccessed(this, allowed);
if (!blocked.cookie_list.empty())
delegate_->OnCookiesAccessed(this, blocked);
}
void RenderFrameHostImpl::CheckSandboxFlags() {
if (is_mhtml_document_)
return;
if (!active_sandbox_flags_control_)
return;
if (active_sandbox_flags_ == *active_sandbox_flags_control_)
return;
DCHECK(false);
}
void RenderFrameHostImpl::SetEmbeddingToken(
const base::UnguessableToken& embedding_token) {
// Everything in this method depends on whether the embedding token has
// actually changed, including setting the AXTreeID (backed by the token).
if (embedding_token_ == embedding_token)
return;
embedding_token_ = embedding_token;
// The AXTreeID of a frame is backed by its embedding token, so we need to
// update its AXTreeID, as well as the associated mapping in AXTreeIDRegistry.
ui::AXTreeID ax_tree_id = ui::AXTreeID::FromToken(embedding_token);
SetAXTreeID(ax_tree_id);
ui::AXTreeIDRegistry::GetInstance()->SetFrameIDForAXTreeID(
ui::AXTreeIDRegistry::FrameID(GetProcess()->GetID(), routing_id_),
ax_tree_id);
// Also important to notify the delegate so that the relevant observers can
// adapt to the fact that the AXTreeID has changed for the main frame (e.g.
// the WebView needs to update the ID tracking its child accessibility tree).
if (is_main_frame())
delegate_->AXTreeIDForMainFrameHasChanged();
// We need to propagate the token to the parent frame if it's either remote or
// part of an outer web contents, therefore we need to figure out the right
// proxy to send the token to, if there's any.
// For local parents the propagation occurs within the renderer process. The
// token is also present on the main frame for generalization when the main
// frame in embedded in another context (e.g. browser UI). The main frame is
// not embedded in the context of the frame tree so it is not propagated here.
// See RenderFrameHost::GetEmbeddingToken for more details.
RenderFrameProxyHost* target_render_frame_proxy = nullptr;
// Cross-process subframes should have a remote parent frame.
if (IsCrossProcessSubframe()) {
// Only non-null tokens are propagated to the parent document. The token is
// automatically reset in the parent document when the child document is
// navigated cross-origin.
target_render_frame_proxy =
frame_tree_node()->render_manager()->GetProxyToParent();
DCHECK(target_render_frame_proxy);
} else if (frame_tree_node()->IsMainFrame()) {
// The main frame in an inner web contents could have a delegate in the
// outer web contents, so we need to account for that as well.
target_render_frame_proxy =
frame_tree_node()->render_manager()->GetProxyToOuterDelegate();
}
// Propagate the token to the right process, if a proxy was found.
if (target_render_frame_proxy) {
target_render_frame_proxy->GetAssociatedRemoteFrame()->SetEmbeddingToken(
embedding_token_.value());
}
}
bool RenderFrameHostImpl::DocumentUsedWebOTP() {
return document_used_web_otp_;
}
std::ostream& operator<<(std::ostream& o,
const RenderFrameHostImpl::LifecycleState& s) {
return o << LifecycleStateToString(s);
}
} // namespace content