| // Copyright 2013 The Chromium Authors. All rights reserved. |
| // Use of this source code is governed by a BSD-style license that can be |
| // found in the LICENSE file. |
| |
| #include "content/browser/frame_host/navigator_impl.h" |
| |
| #include <utility> |
| |
| #include "base/check_op.h" |
| #include "base/debug/dump_without_crashing.h" |
| #include "base/metrics/histogram_macros.h" |
| #include "base/notreached.h" |
| #include "base/strings/string_util.h" |
| #include "base/time/time.h" |
| #include "content/browser/child_process_security_policy_impl.h" |
| #include "content/browser/frame_host/debug_urls.h" |
| #include "content/browser/frame_host/frame_tree.h" |
| #include "content/browser/frame_host/frame_tree_node.h" |
| #include "content/browser/frame_host/navigation_controller_impl.h" |
| #include "content/browser/frame_host/navigation_entry_impl.h" |
| #include "content/browser/frame_host/navigation_request.h" |
| #include "content/browser/frame_host/navigation_request_info.h" |
| #include "content/browser/frame_host/navigator_delegate.h" |
| #include "content/browser/frame_host/render_frame_host_impl.h" |
| #include "content/browser/renderer_host/render_view_host_impl.h" |
| #include "content/browser/site_instance_impl.h" |
| #include "content/browser/web_package/prefetched_signed_exchange_cache.h" |
| #include "content/browser/web_package/web_bundle_handle_tracker.h" |
| #include "content/browser/webui/web_ui_controller_factory_registry.h" |
| #include "content/browser/webui/web_ui_impl.h" |
| #include "content/common/frame_messages.h" |
| #include "content/common/navigation_params.h" |
| #include "content/common/navigation_params_utils.h" |
| #include "content/common/page_messages.h" |
| #include "content/common/view_messages.h" |
| #include "content/public/browser/browser_context.h" |
| #include "content/public/browser/content_browser_client.h" |
| #include "content/public/browser/global_request_id.h" |
| #include "content/public/browser/invalidate_type.h" |
| #include "content/public/browser/navigation_controller.h" |
| #include "content/public/browser/navigation_details.h" |
| #include "content/public/browser/page_navigator.h" |
| #include "content/public/browser/render_view_host.h" |
| #include "content/public/common/bindings_policy.h" |
| #include "content/public/common/content_client.h" |
| #include "content/public/common/content_constants.h" |
| #include "content/public/common/navigation_policy.h" |
| #include "content/public/common/url_utils.h" |
| #include "net/base/net_errors.h" |
| #include "services/network/public/mojom/url_loader_factory.mojom.h" |
| #include "url/gurl.h" |
| #include "url/url_util.h" |
| |
| namespace content { |
| |
| struct NavigatorImpl::NavigationMetricsData { |
| NavigationMetricsData(base::TimeTicks start_time, |
| GURL url, |
| RestoreType restore_type) |
| : start_time_(start_time), url_(url) { |
| is_restoring_from_last_session_ = |
| (restore_type == RestoreType::LAST_SESSION_EXITED_CLEANLY || |
| restore_type == RestoreType::LAST_SESSION_CRASHED); |
| } |
| |
| base::TimeTicks start_time_; |
| GURL url_; |
| bool is_restoring_from_last_session_; |
| base::TimeTicks url_job_start_time_; |
| base::TimeDelta before_unload_delay_; |
| }; |
| |
| NavigatorImpl::NavigatorImpl(NavigationControllerImpl* navigation_controller, |
| NavigatorDelegate* delegate) |
| : controller_(navigation_controller), delegate_(delegate) {} |
| |
| NavigatorImpl::~NavigatorImpl() {} |
| |
| // static |
| bool NavigatorImpl::CheckWebUIRendererDoesNotDisplayNormalURL( |
| RenderFrameHostImpl* render_frame_host, |
| const GURL& url, |
| bool is_renderer_initiated_check) { |
| // In single process mode, everything runs in the same process, so the checks |
| // below are irrelevant. |
| if (RenderProcessHost::run_renderer_in_process()) |
| return true; |
| |
| ChildProcessSecurityPolicyImpl* security_policy = |
| ChildProcessSecurityPolicyImpl::GetInstance(); |
| GURL process_lock_url = |
| security_policy->GetOriginLock(render_frame_host->GetProcess()->GetID()); |
| |
| // In the case of error page process, any URL is allowed to commit. |
| if (process_lock_url == GURL(kUnreachableWebDataURL)) |
| return true; |
| |
| bool frame_has_bindings = ((render_frame_host->GetEnabledBindings() & |
| kWebUIBindingsPolicyMask) != 0); |
| bool is_allowed_in_web_ui_renderer = |
| WebUIControllerFactoryRegistry::GetInstance()->IsURLAcceptableForWebUI( |
| render_frame_host->GetProcess()->GetBrowserContext(), url); |
| |
| // Embedders might disable locking for WebUI URLs, which is bad idea, however |
| // this method should take this into account. |
| bool should_lock_to_origin = SiteInstanceImpl::ShouldLockToOrigin( |
| render_frame_host->GetSiteInstance()->GetIsolationContext(), url, |
| render_frame_host->GetSiteInstance()->IsGuest()); |
| |
| // If the |render_frame_host| has any WebUI bindings, disallow URLs that are |
| // not allowed in a WebUI renderer process. |
| if (frame_has_bindings) { |
| // The process itself must have WebUI bit in the security policy. |
| // Otherwise it indicates that there is a bug in browser process logic and |
| // the browser process must be terminated. |
| // TODO(nasko): Convert to CHECK() once it is confirmed this is not |
| // violated in reality. |
| if (!security_policy->HasWebUIBindings( |
| render_frame_host->GetProcess()->GetID())) { |
| base::debug::DumpWithoutCrashing(); |
| } |
| |
| // Check whether the process must be locked and if so that the process lock |
| // is indeed in place. |
| if (should_lock_to_origin && process_lock_url.is_empty()) |
| return false; |
| |
| // There must be a WebUI on the frame. |
| if (!render_frame_host->web_ui()) |
| return false; |
| |
| // The |url| must be allowed in a WebUI process if the frame has WebUI. |
| if (!is_allowed_in_web_ui_renderer) { |
| // If this method is called in response to IPC message from the renderer |
| // process, it should be terminated, otherwise it is a bug in the |
| // navigation logic and the browser process should be terminated to avoid |
| // exposing users to security issues. |
| if (is_renderer_initiated_check) |
| return false; |
| |
| CHECK(false); |
| } |
| } |
| |
| // If |url| is one that is allowed in WebUI renderer process, ensure that its |
| // origin is either opaque or matches the origin of the process lock. |
| if (is_allowed_in_web_ui_renderer) { |
| url::Origin url_origin = url::Origin::Create(url.GetOrigin()); |
| |
| // Verify |url| matches the origin of the process lock, if one is in place. |
| if (should_lock_to_origin) { |
| url::Origin process_lock_origin = url::Origin::Create(process_lock_url); |
| if (!url_origin.opaque() && process_lock_origin != url_origin) |
| return false; |
| } |
| } |
| |
| return true; |
| } |
| |
| // A renderer-initiated navigation should be ignored iff a) there is an ongoing |
| // request b) which is browser initiated and c) the renderer request is not |
| // user-initiated. |
| // static |
| bool NavigatorImpl::ShouldIgnoreIncomingRendererRequest( |
| const NavigationRequest* ongoing_navigation_request, |
| bool has_user_gesture) { |
| return ongoing_navigation_request && |
| ongoing_navigation_request->browser_initiated() && !has_user_gesture; |
| } |
| |
| NavigatorDelegate* NavigatorImpl::GetDelegate() { |
| return delegate_; |
| } |
| |
| NavigationController* NavigatorImpl::GetController() { |
| return controller_; |
| } |
| |
| void NavigatorImpl::DidFailLoadWithError(RenderFrameHostImpl* render_frame_host, |
| const GURL& url, |
| int error_code) { |
| if (delegate_) { |
| delegate_->DidFailLoadWithError(render_frame_host, url, error_code); |
| } |
| } |
| |
| bool NavigatorImpl::StartHistoryNavigationInNewSubframe( |
| RenderFrameHostImpl* render_frame_host, |
| mojo::PendingAssociatedRemote<mojom::NavigationClient>* navigation_client) { |
| return controller_->StartHistoryNavigationInNewSubframe(render_frame_host, |
| navigation_client); |
| } |
| |
| void NavigatorImpl::DidNavigate( |
| RenderFrameHostImpl* render_frame_host, |
| const FrameHostMsg_DidCommitProvisionalLoad_Params& params, |
| std::unique_ptr<NavigationRequest> navigation_request, |
| bool was_within_same_document) { |
| DCHECK(navigation_request); |
| FrameTreeNode* frame_tree_node = render_frame_host->frame_tree_node(); |
| FrameTree* frame_tree = frame_tree_node->frame_tree(); |
| |
| bool is_same_document_navigation = controller_->IsURLSameDocumentNavigation( |
| params.url, params.origin, was_within_same_document, render_frame_host); |
| |
| // If a frame claims the navigation was same-document, it must be the current |
| // frame, not a pending one. |
| if (is_same_document_navigation && |
| render_frame_host != |
| frame_tree_node->render_manager()->current_frame_host()) { |
| bad_message::ReceivedBadMessage(render_frame_host->GetProcess(), |
| bad_message::NI_IN_PAGE_NAVIGATION); |
| is_same_document_navigation = false; |
| } |
| |
| if (ui::PageTransitionIsMainFrame(params.transition)) { |
| if (delegate_) { |
| // Run tasks that must execute just before the commit. |
| delegate_->DidNavigateMainFramePreCommit(is_same_document_navigation); |
| } |
| } |
| |
| // For browser initiated navigation and same document navigation, frame policy |
| // in commit_params is nullopt and should use fallback value instead. |
| const blink::FramePolicy pending_frame_policy = |
| navigation_request->commit_params().frame_policy.value_or( |
| frame_tree_node->pending_frame_policy()); |
| |
| // DidNavigateFrame() must be called before replicating the new origin and |
| // other properties to proxies. This is because it destroys the subframes of |
| // the frame we're navigating from, which might trigger those subframes to |
| // run unload handlers. Those unload handlers should still see the old |
| // frame's origin. See https://crbug.com/825283. |
| frame_tree_node->render_manager()->DidNavigateFrame( |
| render_frame_host, params.gesture == NavigationGestureUser, |
| is_same_document_navigation, |
| navigation_request |
| ->require_coop_browsing_instance_swap() /* clear_proxies_on_commit */, |
| pending_frame_policy); |
| |
| // Save the new page's origin and other properties, and replicate them to |
| // proxies, including the proxy created in DidNavigateFrame() to replace the |
| // old frame in cross-process navigation cases. |
| frame_tree_node->SetCurrentOrigin( |
| params.origin, params.has_potentially_trustworthy_unique_origin); |
| frame_tree_node->SetInsecureRequestPolicy(params.insecure_request_policy); |
| frame_tree_node->SetInsecureNavigationsSet(params.insecure_navigations_set); |
| |
| // Save the activation status of the previous page here before it gets reset |
| // in FrameTreeNode::ResetForNavigation. |
| bool previous_document_was_activated = |
| frame_tree->root()->HasStickyUserActivation(); |
| |
| if (!is_same_document_navigation) { |
| // Navigating to a new location means a new, fresh set of http headers |
| // and/or <meta> elements - we need to reset CSP and Feature Policy. |
| render_frame_host->ResetContentSecurityPolicies(); |
| frame_tree_node->ResetForNavigation(); |
| |
| // Save the new document's embedding token and propagate to any parent |
| // document that embeds it. A token is only assigned to cross-process |
| // child frames. |
| render_frame_host->SetEmbeddingToken(params.embedding_token); |
| } |
| |
| // Update the site of the SiteInstance if it doesn't have one yet, unless |
| // assigning a site is not necessary for this URL. In that case, the |
| // SiteInstance can still be considered unused until a navigation to a real |
| // page. |
| SiteInstanceImpl* site_instance = render_frame_host->GetSiteInstance(); |
| if (!site_instance->HasSite() && |
| SiteInstanceImpl::ShouldAssignSiteForURL(params.url)) { |
| site_instance->ConvertToDefaultOrSetSite(params.url); |
| } |
| |
| // Need to update MIME type here because it's referred to in |
| // UpdateNavigationCommands() called by RendererDidNavigate() to |
| // determine whether or not to enable the encoding menu. |
| // It's updated only for the main frame. For a subframe, |
| // RenderView::UpdateURL does not set params.contents_mime_type. |
| // (see http://code.google.com/p/chromium/issues/detail?id=2929 ) |
| // TODO(jungshik): Add a test for the encoding menu to avoid |
| // regressing it again. |
| // TODO(nasko): Verify the correctness of the above comment, since some of the |
| // code doesn't exist anymore. Also, move this code in the |
| // PageTransitionIsMainFrame code block above. |
| if (ui::PageTransitionIsMainFrame(params.transition) && delegate_) |
| delegate_->SetMainFrameMimeType(params.contents_mime_type); |
| |
| int old_entry_count = controller_->GetEntryCount(); |
| LoadCommittedDetails details; |
| bool did_navigate = controller_->RendererDidNavigate( |
| render_frame_host, params, &details, is_same_document_navigation, |
| previous_document_was_activated, navigation_request.get()); |
| |
| // If the history length and/or offset changed, update other renderers in the |
| // FrameTree. |
| if (old_entry_count != controller_->GetEntryCount() || |
| details.previous_entry_index != |
| controller_->GetLastCommittedEntryIndex()) { |
| frame_tree->root()->render_manager()->SendPageMessage( |
| new PageMsg_SetHistoryOffsetAndLength( |
| MSG_ROUTING_NONE, controller_->GetLastCommittedEntryIndex(), |
| controller_->GetEntryCount()), |
| site_instance); |
| } |
| |
| render_frame_host->DidNavigate(params, is_same_document_navigation); |
| |
| // Send notification about committed provisional loads. This notification is |
| // different from the NAV_ENTRY_COMMITTED notification which doesn't include |
| // the actual URL navigated to and isn't sent for AUTO_SUBFRAME navigations. |
| if (details.type != NAVIGATION_TYPE_NAV_IGNORE && delegate_) { |
| DCHECK_EQ(!render_frame_host->GetParent(), |
| did_navigate ? details.is_main_frame : false); |
| navigation_request->DidCommitNavigation(params, did_navigate, |
| details.did_replace_entry, |
| details.previous_url, details.type); |
| navigation_request.reset(); |
| } |
| |
| if (!did_navigate) |
| return; // No navigation happened. |
| |
| // DO NOT ADD MORE STUFF TO THIS FUNCTION! Your component should either listen |
| // for the appropriate notification (best) or you can add it to |
| // DidNavigateMainFramePostCommit / DidNavigateAnyFramePostCommit (only if |
| // necessary, please). |
| |
| // TODO(carlosk): Move this out. |
| RecordNavigationMetrics(details, params, site_instance); |
| |
| // Run post-commit tasks. |
| if (delegate_) { |
| if (details.is_main_frame) { |
| delegate_->DidNavigateMainFramePostCommit(render_frame_host, details, |
| params); |
| } |
| |
| delegate_->DidNavigateAnyFramePostCommit(render_frame_host, details, |
| params); |
| } |
| } |
| |
| void NavigatorImpl::Navigate(std::unique_ptr<NavigationRequest> request, |
| ReloadType reload_type, |
| RestoreType restore_type) { |
| TRACE_EVENT0("browser,navigation", "NavigatorImpl::Navigate"); |
| TRACE_EVENT_INSTANT_WITH_TIMESTAMP0( |
| "navigation,rail", "NavigationTiming navigationStart", |
| TRACE_EVENT_SCOPE_GLOBAL, request->common_params().navigation_start); |
| |
| // Save destination url, as it is needed for |
| // DidStartNavigationToPendingEntry and request could be destroyed after |
| // BeginNavigation below. |
| GURL dest_url = request->common_params().url; |
| FrameTreeNode* frame_tree_node = request->frame_tree_node(); |
| |
| navigation_data_.reset(new NavigationMetricsData( |
| request->common_params().navigation_start, dest_url, restore_type)); |
| |
| // Check if the BeforeUnload event needs to execute before assigning the |
| // NavigationRequest to the FrameTreeNode. Assigning it to the FrameTreeNode |
| // has the side effect of initializing the current RenderFrameHost, which will |
| // return that it should execute the BeforeUnload event (even though we don't |
| // need to wait for it in the case of a brand new RenderFrameHost). |
| // |
| // We don't want to dispatch a beforeunload handler if |
| // is_history_navigation_in_new_child is true. This indicates a newly created |
| // child frame which does not have a beforeunload handler. |
| bool should_dispatch_beforeunload = |
| !NavigationTypeUtils::IsSameDocument( |
| request->common_params().navigation_type) && |
| !request->common_params().is_history_navigation_in_new_child_frame && |
| frame_tree_node->current_frame_host()->ShouldDispatchBeforeUnload( |
| false /* check_subframes_only */); |
| |
| int nav_entry_id = request->nav_entry_id(); |
| bool is_pending_entry = |
| controller_->GetPendingEntry() && |
| (nav_entry_id == controller_->GetPendingEntry()->GetUniqueID()); |
| frame_tree_node->CreatedNavigationRequest(std::move(request)); |
| DCHECK(frame_tree_node->navigation_request()); |
| |
| // Have the current renderer execute its beforeunload event if needed. If it |
| // is not needed then NavigationRequest::BeginNavigation should be directly |
| // called instead. |
| if (should_dispatch_beforeunload) { |
| frame_tree_node->navigation_request()->SetWaitingForRendererResponse(); |
| frame_tree_node->current_frame_host()->DispatchBeforeUnload( |
| RenderFrameHostImpl::BeforeUnloadType::BROWSER_INITIATED_NAVIGATION, |
| reload_type != ReloadType::NONE); |
| } else { |
| frame_tree_node->navigation_request()->BeginNavigation(); |
| // WARNING: The NavigationRequest might have been destroyed in |
| // BeginNavigation(). Do not use |frame_tree_node->navigation_request()| |
| // after this point without null checking it first. |
| } |
| |
| // Make sure no code called via RFH::Navigate clears the pending entry. |
| if (is_pending_entry) |
| CHECK_EQ(nav_entry_id, controller_->GetPendingEntry()->GetUniqueID()); |
| |
| // Notify observers about navigation. |
| if (delegate_ && is_pending_entry) |
| delegate_->DidStartNavigationToPendingEntry(dest_url, reload_type); |
| } |
| |
| void NavigatorImpl::RequestOpenURL( |
| RenderFrameHostImpl* render_frame_host, |
| const GURL& url, |
| const GlobalFrameRoutingId& initiator_routing_id, |
| const base::Optional<url::Origin>& initiator_origin, |
| const scoped_refptr<network::ResourceRequestBody>& post_body, |
| const std::string& extra_headers, |
| const Referrer& referrer, |
| WindowOpenDisposition disposition, |
| bool should_replace_current_entry, |
| bool user_gesture, |
| blink::TriggeringEventInfo triggering_event_info, |
| const std::string& href_translate, |
| scoped_refptr<network::SharedURLLoaderFactory> blob_url_loader_factory, |
| const base::Optional<Impression>& impression) { |
| // Note: This can be called for subframes (even when OOPIFs are not possible) |
| // if the disposition calls for a different window. |
| |
| // Only the current RenderFrameHost should be sending an OpenURL request. |
| // Pending RenderFrameHost should know where it is navigating and pending |
| // deletion RenderFrameHost shouldn't be trying to navigate. |
| if (render_frame_host != |
| render_frame_host->frame_tree_node()->current_frame_host()) { |
| return; |
| } |
| |
| SiteInstance* current_site_instance = render_frame_host->GetSiteInstance(); |
| |
| // TODO(creis): Pass the redirect_chain into this method to support client |
| // redirects. http://crbug.com/311721. |
| std::vector<GURL> redirect_chain; |
| |
| int frame_tree_node_id = -1; |
| |
| // Send the navigation to the current FrameTreeNode if it's destined for a |
| // subframe in the current tab. We'll assume it's for the main frame |
| // (possibly of a new or different WebContents) otherwise. |
| if (disposition == WindowOpenDisposition::CURRENT_TAB && |
| render_frame_host->GetParent()) { |
| frame_tree_node_id = |
| render_frame_host->frame_tree_node()->frame_tree_node_id(); |
| } |
| |
| OpenURLParams params(url, referrer, frame_tree_node_id, disposition, |
| ui::PAGE_TRANSITION_LINK, |
| true /* is_renderer_initiated */); |
| params.post_data = post_body; |
| params.extra_headers = extra_headers; |
| if (redirect_chain.size() > 0) |
| params.redirect_chain = redirect_chain; |
| params.should_replace_current_entry = should_replace_current_entry; |
| params.user_gesture = user_gesture; |
| params.triggering_event_info = triggering_event_info; |
| params.initiator_origin = initiator_origin; |
| params.initiator_routing_id = initiator_routing_id; |
| |
| // RequestOpenURL is used only for local frames, so we can get here only if |
| // the navigation is initiated by a frame in the same SiteInstance as this |
| // frame. Note that navigations on RenderFrameProxies do not use |
| // RequestOpenURL and go through NavigateFromFrameProxy instead. |
| params.source_site_instance = current_site_instance; |
| |
| params.source_render_frame_id = render_frame_host->GetRoutingID(); |
| params.source_render_process_id = render_frame_host->GetProcess()->GetID(); |
| |
| if (render_frame_host->web_ui()) { |
| // Note that we hide the referrer for Web UI pages. We don't really want |
| // web sites to see a referrer of "chrome://blah" (and some chrome: URLs |
| // might have search terms or other stuff we don't want to send to the |
| // site), so we send no referrer. |
| params.referrer = Referrer(); |
| |
| // Navigations in Web UI pages count as browser-initiated navigations. |
| params.is_renderer_initiated = false; |
| } |
| |
| params.blob_url_loader_factory = std::move(blob_url_loader_factory); |
| params.href_translate = href_translate; |
| params.impression = impression; |
| |
| if (delegate_) |
| delegate_->OpenURL(params); |
| } |
| |
| void NavigatorImpl::NavigateFromFrameProxy( |
| RenderFrameHostImpl* render_frame_host, |
| const GURL& url, |
| const GlobalFrameRoutingId& initiator_routing_id, |
| const url::Origin& initiator_origin, |
| SiteInstance* source_site_instance, |
| const Referrer& referrer, |
| ui::PageTransition page_transition, |
| bool should_replace_current_entry, |
| NavigationDownloadPolicy download_policy, |
| const std::string& method, |
| scoped_refptr<network::ResourceRequestBody> post_body, |
| const std::string& extra_headers, |
| scoped_refptr<network::SharedURLLoaderFactory> blob_url_loader_factory, |
| bool has_user_gesture, |
| const base::Optional<Impression>& impression) { |
| // |method != "POST"| should imply absence of |post_body|. |
| if (method != "POST" && post_body) { |
| NOTREACHED(); |
| post_body = nullptr; |
| } |
| |
| // Allow the delegate to cancel the transfer. |
| if (!delegate_->ShouldTransferNavigation( |
| render_frame_host->frame_tree_node()->IsMainFrame())) |
| return; |
| |
| // TODO(creis): Determine if this transfer started as a browser-initiated |
| // navigation. See https://crbug.com/495161. |
| bool is_renderer_initiated = true; |
| Referrer referrer_to_use(referrer); |
| if (render_frame_host->web_ui()) { |
| // Note that we hide the referrer for Web UI pages. We don't really want |
| // web sites to see a referrer of "chrome://blah" (and some chrome: URLs |
| // might have search terms or other stuff we don't want to send to the |
| // site), so we send no referrer. |
| referrer_to_use = Referrer(); |
| |
| // Navigations in Web UI pages count as browser-initiated navigations. |
| is_renderer_initiated = false; |
| } |
| |
| if (is_renderer_initiated && |
| ShouldIgnoreIncomingRendererRequest( |
| render_frame_host->frame_tree_node()->navigation_request(), |
| has_user_gesture)) { |
| return; |
| } |
| |
| controller_->NavigateFromFrameProxy( |
| render_frame_host, url, initiator_routing_id, initiator_origin, |
| is_renderer_initiated, source_site_instance, referrer_to_use, |
| page_transition, should_replace_current_entry, download_policy, method, |
| post_body, extra_headers, std::move(blob_url_loader_factory), impression); |
| } |
| |
| void NavigatorImpl::BeforeUnloadCompleted(FrameTreeNode* frame_tree_node, |
| bool proceed, |
| const base::TimeTicks& proceed_time) { |
| DCHECK(frame_tree_node); |
| |
| NavigationRequest* navigation_request = frame_tree_node->navigation_request(); |
| |
| // The NavigationRequest may have been canceled while the renderer was |
| // executing the BeforeUnload event. |
| if (!navigation_request) |
| return; |
| |
| // If the user chose not to proceed, cancel the ongoing navigation. |
| // Note: it might be a new navigation, and not the one that triggered the |
| // sending of the BeforeUnload IPC in the first place. However, the |
| // BeforeUnload where the user asked not to proceed will have taken place |
| // after the navigation started. The last user input shoud be respected, and |
| // the navigation cancelled anyway. |
| if (!proceed) { |
| CancelNavigation(frame_tree_node); |
| return; |
| } |
| |
| // The browser-initiated NavigationRequest that triggered the sending of the |
| // BeforeUnload IPC might have been replaced by a renderer-initiated one while |
| // the BeforeUnload event executed in the renderer. In that case, the request |
| // will already have begun, so there is no need to start it again. |
| if (navigation_request->state() > |
| NavigationRequest::WAITING_FOR_RENDERER_RESPONSE) { |
| DCHECK(navigation_request->from_begin_navigation()); |
| return; |
| } |
| |
| // Update the navigation start: it should be when it was determined that the |
| // navigation will proceed. |
| navigation_request->set_navigation_start_time(proceed_time); |
| |
| DCHECK_EQ(NavigationRequest::WAITING_FOR_RENDERER_RESPONSE, |
| navigation_request->state()); |
| |
| // Send the request to the IO thread. |
| navigation_request->BeginNavigation(); |
| // DO NOT USE |navigation_request| BEYOND THIS POINT. It might have been |
| // destroyed in BeginNavigation(). |
| // See https://crbug.com/770157. |
| } |
| |
| void NavigatorImpl::OnBeginNavigation( |
| FrameTreeNode* frame_tree_node, |
| mojom::CommonNavigationParamsPtr common_params, |
| mojom::BeginNavigationParamsPtr begin_params, |
| scoped_refptr<network::SharedURLLoaderFactory> blob_url_loader_factory, |
| mojo::PendingAssociatedRemote<mojom::NavigationClient> navigation_client, |
| mojo::PendingRemote<blink::mojom::NavigationInitiator> navigation_initiator, |
| scoped_refptr<PrefetchedSignedExchangeCache> |
| prefetched_signed_exchange_cache, |
| std::unique_ptr<WebBundleHandleTracker> web_bundle_handle_tracker) { |
| // TODO(clamy): the url sent by the renderer should be validated with |
| // FilterURL. |
| // This is a renderer-initiated navigation. |
| DCHECK(frame_tree_node); |
| |
| if (common_params->is_history_navigation_in_new_child_frame) { |
| // Try to find a FrameNavigationEntry that matches this frame instead, based |
| // on the frame's unique name. If this can't be found, fall back to the |
| // default path below. |
| if (frame_tree_node->navigator()->StartHistoryNavigationInNewSubframe( |
| frame_tree_node->current_frame_host(), &navigation_client)) { |
| return; |
| } |
| } |
| |
| NavigationRequest* ongoing_navigation_request = |
| frame_tree_node->navigation_request(); |
| |
| // Client redirects during the initial history navigation of a child frame |
| // should take precedence over the history navigation (despite being renderer- |
| // initiated). See https://crbug.com/348447 and https://crbug.com/691168. |
| if (ongoing_navigation_request && |
| ongoing_navigation_request->common_params() |
| .is_history_navigation_in_new_child_frame) { |
| // Preemptively clear this local pointer before deleting the request. |
| ongoing_navigation_request = nullptr; |
| frame_tree_node->ResetNavigationRequest(false); |
| } |
| |
| // Verify this navigation has precedence. |
| if (ShouldIgnoreIncomingRendererRequest(ongoing_navigation_request, |
| common_params->has_user_gesture)) { |
| return; |
| } |
| |
| NavigationEntryImpl* navigation_entry = |
| GetNavigationEntryForRendererInitiatedNavigation(*common_params, |
| frame_tree_node); |
| const bool override_user_agent = |
| delegate_ && |
| delegate_->ShouldOverrideUserAgentForRendererInitiatedNavigation(); |
| frame_tree_node->CreatedNavigationRequest( |
| NavigationRequest::CreateRendererInitiated( |
| frame_tree_node, navigation_entry, std::move(common_params), |
| std::move(begin_params), controller_->GetLastCommittedEntryIndex(), |
| controller_->GetEntryCount(), override_user_agent, |
| std::move(blob_url_loader_factory), std::move(navigation_client), |
| std::move(navigation_initiator), |
| std::move(prefetched_signed_exchange_cache), |
| std::move(web_bundle_handle_tracker))); |
| NavigationRequest* navigation_request = frame_tree_node->navigation_request(); |
| |
| // This frame has already run beforeunload before it sent this IPC. See if |
| // any of its cross-process subframes also need to run beforeunload. If so, |
| // delay the navigation until beforeunload completion callbacks are invoked on |
| // those frames. |
| DCHECK(!NavigationTypeUtils::IsSameDocument( |
| navigation_request->common_params().navigation_type)); |
| bool should_dispatch_beforeunload = |
| frame_tree_node->current_frame_host()->ShouldDispatchBeforeUnload( |
| true /* check_subframes_only */); |
| if (should_dispatch_beforeunload) { |
| frame_tree_node->navigation_request()->SetWaitingForRendererResponse(); |
| frame_tree_node->current_frame_host()->DispatchBeforeUnload( |
| RenderFrameHostImpl::BeforeUnloadType::RENDERER_INITIATED_NAVIGATION, |
| NavigationTypeUtils::IsReload( |
| navigation_request->common_params().navigation_type)); |
| return; |
| } |
| |
| // For main frames, NavigationHandle will be created after the call to |
| // |DidStartMainFrameNavigation|, so it receives the most up to date pending |
| // entry from the NavigationController. |
| navigation_request->BeginNavigation(); |
| // DO NOT USE |navigation_request| BEYOND THIS POINT. It might have been |
| // destroyed in BeginNavigation(). |
| // See https://crbug.com/770157. |
| } |
| |
| void NavigatorImpl::RestartNavigationAsCrossDocument( |
| std::unique_ptr<NavigationRequest> navigation_request) { |
| FrameTreeNode* frame_tree_node = navigation_request->frame_tree_node(); |
| // Don't restart the navigation if there is already another ongoing navigation |
| // in the FrameTreeNode. |
| if (frame_tree_node->navigation_request()) |
| return; |
| |
| navigation_request->ResetForCrossDocumentRestart(); |
| frame_tree_node->CreatedNavigationRequest(std::move(navigation_request)); |
| frame_tree_node->navigation_request()->BeginNavigation(); |
| // DO NOT USE THE NAVIGATION REQUEST BEYOND THIS POINT. It might have been |
| // destroyed in BeginNavigation(). |
| // See https://crbug.com/770157. |
| } |
| |
| void NavigatorImpl::CancelNavigation(FrameTreeNode* frame_tree_node) { |
| if (frame_tree_node->navigation_request()) |
| frame_tree_node->navigation_request()->set_net_error(net::ERR_ABORTED); |
| frame_tree_node->ResetNavigationRequest(false); |
| if (frame_tree_node->IsMainFrame()) |
| navigation_data_.reset(); |
| } |
| |
| void NavigatorImpl::LogResourceRequestTime(base::TimeTicks timestamp, |
| const GURL& url) { |
| if (navigation_data_ && navigation_data_->url_ == url) { |
| navigation_data_->url_job_start_time_ = timestamp; |
| UMA_HISTOGRAM_TIMES( |
| "Navigation.TimeToURLJobStart", |
| navigation_data_->url_job_start_time_ - navigation_data_->start_time_); |
| } |
| } |
| |
| void NavigatorImpl::LogBeforeUnloadTime( |
| const base::TimeTicks& renderer_before_unload_start_time, |
| const base::TimeTicks& renderer_before_unload_end_time) { |
| // Only stores the beforeunload delay if we're tracking a browser initiated |
| // navigation and it happened later than the navigation request. |
| if (navigation_data_ && |
| renderer_before_unload_start_time > navigation_data_->start_time_) { |
| navigation_data_->before_unload_delay_ = |
| renderer_before_unload_end_time - renderer_before_unload_start_time; |
| } |
| } |
| |
| void NavigatorImpl::RecordNavigationMetrics( |
| const LoadCommittedDetails& details, |
| const FrameHostMsg_DidCommitProvisionalLoad_Params& params, |
| SiteInstance* site_instance) { |
| DCHECK(site_instance->HasProcess()); |
| |
| if (!details.is_main_frame || !navigation_data_ || |
| navigation_data_->url_job_start_time_.is_null() || |
| navigation_data_->url_ != params.original_request_url) { |
| return; |
| } |
| |
| base::TimeDelta time_to_commit = |
| base::TimeTicks::Now() - navigation_data_->start_time_; |
| UMA_HISTOGRAM_TIMES("Navigation.TimeToCommit", time_to_commit); |
| |
| time_to_commit -= navigation_data_->before_unload_delay_; |
| base::TimeDelta time_to_network = navigation_data_->url_job_start_time_ - |
| navigation_data_->start_time_ - |
| navigation_data_->before_unload_delay_; |
| if (navigation_data_->is_restoring_from_last_session_) { |
| UMA_HISTOGRAM_TIMES( |
| "Navigation.TimeToCommit_SessionRestored_BeforeUnloadDiscounted", |
| time_to_commit); |
| UMA_HISTOGRAM_TIMES( |
| "Navigation.TimeToURLJobStart_SessionRestored_BeforeUnloadDiscounted", |
| time_to_network); |
| navigation_data_.reset(); |
| return; |
| } |
| bool navigation_created_new_renderer_process = |
| site_instance->GetProcess()->GetInitTimeForNavigationMetrics() > |
| navigation_data_->start_time_; |
| if (navigation_created_new_renderer_process) { |
| UMA_HISTOGRAM_TIMES( |
| "Navigation.TimeToCommit_NewRenderer_BeforeUnloadDiscounted", |
| time_to_commit); |
| UMA_HISTOGRAM_TIMES( |
| "Navigation.TimeToURLJobStart_NewRenderer_BeforeUnloadDiscounted", |
| time_to_network); |
| } else { |
| UMA_HISTOGRAM_TIMES( |
| "Navigation.TimeToCommit_ExistingRenderer_BeforeUnloadDiscounted", |
| time_to_commit); |
| UMA_HISTOGRAM_TIMES( |
| "Navigation.TimeToURLJobStart_ExistingRenderer_BeforeUnloadDiscounted", |
| time_to_network); |
| } |
| navigation_data_.reset(); |
| } |
| |
| NavigationEntryImpl* |
| NavigatorImpl::GetNavigationEntryForRendererInitiatedNavigation( |
| const mojom::CommonNavigationParams& common_params, |
| FrameTreeNode* frame_tree_node) { |
| if (!frame_tree_node->IsMainFrame()) |
| return nullptr; |
| |
| // If there is no browser-initiated pending entry for this navigation and it |
| // is not for the error URL, create a pending entry and ensure the address bar |
| // updates accordingly. We don't know the referrer or extra headers at this |
| // point, but the referrer will be set properly upon commit. This does not |
| // set the SiteInstance for the pending entry, because it may change |
| // before the URL commits. |
| NavigationEntryImpl* pending_entry = controller_->GetPendingEntry(); |
| bool has_browser_initiated_pending_entry = |
| pending_entry && !pending_entry->is_renderer_initiated(); |
| if (has_browser_initiated_pending_entry) |
| return nullptr; |
| |
| // A pending navigation entry is created in OnBeginNavigation(). The renderer |
| // sends a provisional load notification after that. We don't want to create |
| // a duplicate navigation entry here. |
| bool renderer_provisional_load_to_pending_url = |
| pending_entry && pending_entry->is_renderer_initiated() && |
| (pending_entry->GetURL() == common_params.url); |
| if (renderer_provisional_load_to_pending_url) |
| return nullptr; |
| |
| // If there is a transient entry, creating a new pending entry will result |
| // in deleting it, which leads to inconsistent state. |
| bool has_transient_entry = !!controller_->GetTransientEntry(); |
| if (has_transient_entry) |
| return nullptr; |
| |
| // Since GetNavigationEntryForRendererInitiatedNavigation is called from |
| // OnBeginNavigation, we can assume that no frame proxies are involved and |
| // therefore that |current_site_instance| is also the |source_site_instance|. |
| SiteInstance* current_site_instance = |
| frame_tree_node->current_frame_host()->GetSiteInstance(); |
| SiteInstance* source_site_instance = current_site_instance; |
| |
| std::unique_ptr<NavigationEntryImpl> entry = |
| NavigationEntryImpl::FromNavigationEntry( |
| NavigationControllerImpl::CreateNavigationEntry( |
| common_params.url, content::Referrer(), |
| common_params.initiator_origin, source_site_instance, |
| ui::PAGE_TRANSITION_LINK, true /* is_renderer_initiated */, |
| std::string() /* extra_headers */, |
| controller_->GetBrowserContext(), |
| nullptr /* blob_url_loader_factory */)); |
| |
| controller_->SetPendingEntry(std::move(entry)); |
| if (delegate_) |
| delegate_->NotifyChangedNavigationState(content::INVALIDATE_TYPE_URL); |
| |
| return controller_->GetPendingEntry(); |
| } |
| |
| } // namespace content |