| // Copyright 2013 The Chromium Authors. All rights reserved. |
| // Use of this source code is governed by a BSD-style license that can be |
| // found in the LICENSE file. |
| |
| #include "content/browser/frame_host/navigator_impl.h" |
| |
| #include <utility> |
| |
| #include "base/logging.h" |
| #include "base/metrics/histogram_macros.h" |
| #include "base/strings/string_util.h" |
| #include "base/time/time.h" |
| #include "content/browser/child_process_security_policy_impl.h" |
| #include "content/browser/frame_host/debug_urls.h" |
| #include "content/browser/frame_host/frame_tree.h" |
| #include "content/browser/frame_host/frame_tree_node.h" |
| #include "content/browser/frame_host/navigation_controller_impl.h" |
| #include "content/browser/frame_host/navigation_entry_impl.h" |
| #include "content/browser/frame_host/navigation_request.h" |
| #include "content/browser/frame_host/navigation_request_info.h" |
| #include "content/browser/frame_host/navigator_delegate.h" |
| #include "content/browser/frame_host/render_frame_host_impl.h" |
| #include "content/browser/renderer_host/render_view_host_impl.h" |
| #include "content/browser/site_instance_impl.h" |
| #include "content/browser/web_package/bundled_exchanges_handle_tracker.h" |
| #include "content/browser/web_package/prefetched_signed_exchange_cache.h" |
| #include "content/browser/webui/web_ui_controller_factory_registry.h" |
| #include "content/browser/webui/web_ui_impl.h" |
| #include "content/common/frame_messages.h" |
| #include "content/common/navigation_params.h" |
| #include "content/common/navigation_params_utils.h" |
| #include "content/common/page_messages.h" |
| #include "content/common/view_messages.h" |
| #include "content/public/browser/browser_context.h" |
| #include "content/public/browser/content_browser_client.h" |
| #include "content/public/browser/global_request_id.h" |
| #include "content/public/browser/invalidate_type.h" |
| #include "content/public/browser/navigation_controller.h" |
| #include "content/public/browser/navigation_details.h" |
| #include "content/public/browser/page_navigator.h" |
| #include "content/public/browser/render_view_host.h" |
| #include "content/public/common/bindings_policy.h" |
| #include "content/public/common/content_client.h" |
| #include "content/public/common/content_constants.h" |
| #include "content/public/common/navigation_policy.h" |
| #include "content/public/common/url_utils.h" |
| #include "net/base/net_errors.h" |
| #include "services/network/public/cpp/resource_response.h" |
| #include "services/network/public/mojom/url_loader_factory.mojom.h" |
| #include "url/gurl.h" |
| #include "url/url_util.h" |
| |
| namespace content { |
| |
| namespace { |
| |
| // A renderer-initiated navigation should be ignored iff a) there is an ongoing |
| // request b) which is browser initiated and c) the renderer request is not |
| // user-initiated. |
| bool ShouldIgnoreIncomingRendererRequest( |
| NavigationRequest* ongoing_navigation_request, |
| bool has_user_gesture) { |
| return ongoing_navigation_request && |
| ongoing_navigation_request->browser_initiated() && !has_user_gesture; |
| } |
| |
| // Informs the RenderFrameImpl associated with the |frame_tree_node| that a |
| // navigation it started was dropped. |
| void DropNavigation(FrameTreeNode* frame_tree_node) { |
| if (!IsPerNavigationMojoInterfaceEnabled()) { |
| RenderFrameHost* current_frame_host = |
| frame_tree_node->render_manager()->current_frame_host(); |
| current_frame_host->Send( |
| new FrameMsg_DroppedNavigation(current_frame_host->GetRoutingID())); |
| } |
| } |
| |
| } // namespace |
| |
| struct NavigatorImpl::NavigationMetricsData { |
| NavigationMetricsData(base::TimeTicks start_time, |
| GURL url, |
| RestoreType restore_type) |
| : start_time_(start_time), url_(url) { |
| is_restoring_from_last_session_ = |
| (restore_type == RestoreType::LAST_SESSION_EXITED_CLEANLY || |
| restore_type == RestoreType::LAST_SESSION_CRASHED); |
| } |
| |
| base::TimeTicks start_time_; |
| GURL url_; |
| bool is_restoring_from_last_session_; |
| base::TimeTicks url_job_start_time_; |
| base::TimeDelta before_unload_delay_; |
| }; |
| |
| NavigatorImpl::NavigatorImpl(NavigationControllerImpl* navigation_controller, |
| NavigatorDelegate* delegate) |
| : controller_(navigation_controller), delegate_(delegate) {} |
| |
| NavigatorImpl::~NavigatorImpl() {} |
| |
| // static |
| void NavigatorImpl::CheckWebUIRendererDoesNotDisplayNormalURL( |
| RenderFrameHostImpl* render_frame_host, |
| const GURL& url) { |
| int enabled_bindings = render_frame_host->GetEnabledBindings(); |
| bool is_allowed_in_web_ui_renderer = |
| WebUIControllerFactoryRegistry::GetInstance()->IsURLAcceptableForWebUI( |
| render_frame_host->frame_tree_node() |
| ->navigator() |
| ->GetController() |
| ->GetBrowserContext(), |
| url); |
| if ((enabled_bindings & kWebUIBindingsPolicyMask) && |
| !is_allowed_in_web_ui_renderer) { |
| // Log the URL to help us diagnose any future failures of this CHECK. |
| FrameTreeNode* root_node = |
| render_frame_host->frame_tree_node()->frame_tree()->root(); |
| GetContentClient()->SetActiveURL( |
| url, root_node->current_url().possibly_invalid_spec()); |
| CHECK(0); |
| } |
| } |
| |
| NavigatorDelegate* NavigatorImpl::GetDelegate() { |
| return delegate_; |
| } |
| |
| NavigationController* NavigatorImpl::GetController() { |
| return controller_; |
| } |
| |
| void NavigatorImpl::DidFailProvisionalLoadWithError( |
| RenderFrameHostImpl* render_frame_host, |
| const GURL& url, |
| int error_code, |
| const base::string16& error_description, |
| bool showing_repost_interstitial) { |
| VLOG(1) << "Failed Provisional Load: " << url.possibly_invalid_spec() |
| << ", error_code: " << error_code |
| << ", error_description: " << error_description |
| << ", showing_repost_interstitial: " << showing_repost_interstitial |
| << ", frame_id: " << render_frame_host->GetRoutingID(); |
| GURL validated_url(url); |
| RenderProcessHost* render_process_host = render_frame_host->GetProcess(); |
| render_process_host->FilterURL(false, &validated_url); |
| |
| if (net::ERR_ABORTED == error_code) { |
| // EVIL HACK ALERT! Ignore failed loads when we're showing interstitials. |
| // This means that the interstitial won't be torn down properly, which is |
| // bad. But if we have an interstitial, go back to another tab type, and |
| // then load the same interstitial again, we could end up getting the first |
| // interstitial's "failed" message (as a result of the cancel) when we're on |
| // the second one. We can't tell this apart, so we think we're tearing down |
| // the current page which will cause a crash later on. |
| // |
| // http://code.google.com/p/chromium/issues/detail?id=2855 |
| // Because this will not tear down the interstitial properly, if "back" is |
| // back to another tab type, the interstitial will still be somewhat alive |
| // in the previous tab type. If you navigate somewhere that activates the |
| // tab with the interstitial again, you'll see a flash before the new load |
| // commits of the interstitial page. |
| if (delegate_ && delegate_->ShowingInterstitialPage()) { |
| LOG(WARNING) << "Discarding message during interstitial."; |
| return; |
| } |
| |
| // We used to cancel the pending renderer here for cross-site downloads. |
| // However, it's not safe to do that because the download logic repeatedly |
| // looks for this WebContents based on a render ID. Instead, we just |
| // leave the pending renderer around until the next navigation event |
| // (Navigate, DidNavigate, etc), which will clean it up properly. |
| // |
| // TODO(creis): Find a way to cancel any pending RFH here. |
| } |
| |
| // Discard the pending navigation entry if needed. |
| NavigationRequest* request = render_frame_host->navigation_request(); |
| if (request) |
| request->DropPendingEntryRef(); |
| } |
| |
| void NavigatorImpl::DidFailLoadWithError( |
| RenderFrameHostImpl* render_frame_host, |
| const GURL& url, |
| int error_code, |
| const base::string16& error_description) { |
| if (delegate_) { |
| delegate_->DidFailLoadWithError(render_frame_host, url, error_code, |
| error_description); |
| } |
| } |
| |
| bool NavigatorImpl::StartHistoryNavigationInNewSubframe( |
| RenderFrameHostImpl* render_frame_host, |
| mojo::PendingAssociatedRemote<mojom::NavigationClient>* navigation_client) { |
| return controller_->StartHistoryNavigationInNewSubframe(render_frame_host, |
| navigation_client); |
| } |
| |
| void NavigatorImpl::DidNavigate( |
| RenderFrameHostImpl* render_frame_host, |
| const FrameHostMsg_DidCommitProvisionalLoad_Params& params, |
| std::unique_ptr<NavigationRequest> navigation_request, |
| bool was_within_same_document) { |
| DCHECK(navigation_request); |
| FrameTreeNode* frame_tree_node = render_frame_host->frame_tree_node(); |
| FrameTree* frame_tree = frame_tree_node->frame_tree(); |
| |
| bool is_same_document_navigation = controller_->IsURLSameDocumentNavigation( |
| params.url, params.origin, was_within_same_document, render_frame_host); |
| |
| // If a frame claims the navigation was same-document, it must be the current |
| // frame, not a pending one. |
| if (is_same_document_navigation && |
| render_frame_host != |
| frame_tree_node->render_manager()->current_frame_host()) { |
| bad_message::ReceivedBadMessage(render_frame_host->GetProcess(), |
| bad_message::NI_IN_PAGE_NAVIGATION); |
| is_same_document_navigation = false; |
| } |
| |
| if (ui::PageTransitionIsMainFrame(params.transition)) { |
| if (delegate_) { |
| // Run tasks that must execute just before the commit. |
| delegate_->DidNavigateMainFramePreCommit(is_same_document_navigation); |
| } |
| } |
| |
| // DidNavigateFrame() must be called before replicating the new origin and |
| // other properties to proxies. This is because it destroys the subframes of |
| // the frame we're navigating from, which might trigger those subframes to |
| // run unload handlers. Those unload handlers should still see the old |
| // frame's origin. See https://crbug.com/825283. |
| frame_tree_node->render_manager()->DidNavigateFrame( |
| render_frame_host, params.gesture == NavigationGestureUser, |
| is_same_document_navigation); |
| |
| // Save the new page's origin and other properties, and replicate them to |
| // proxies, including the proxy created in DidNavigateFrame() to replace the |
| // old frame in cross-process navigation cases. |
| frame_tree_node->SetCurrentOrigin( |
| params.origin, params.has_potentially_trustworthy_unique_origin); |
| frame_tree_node->SetInsecureRequestPolicy(params.insecure_request_policy); |
| frame_tree_node->SetInsecureNavigationsSet(params.insecure_navigations_set); |
| |
| // Save the activation status of the previous page here before it gets reset |
| // in FrameTreeNode::ResetForNavigation. |
| bool previous_document_was_activated = frame_tree->root()->HasBeenActivated(); |
| |
| // Navigating to a new location means a new, fresh set of http headers and/or |
| // <meta> elements - we need to reset CSP and Feature Policy. |
| if (!is_same_document_navigation) { |
| render_frame_host->ResetContentSecurityPolicies(); |
| frame_tree_node->ResetForNavigation(); |
| } |
| |
| // Update the site of the SiteInstance if it doesn't have one yet, unless |
| // assigning a site is not necessary for this URL. In that case, the |
| // SiteInstance can still be considered unused until a navigation to a real |
| // page. |
| SiteInstanceImpl* site_instance = render_frame_host->GetSiteInstance(); |
| if (!site_instance->HasSite() && |
| SiteInstanceImpl::ShouldAssignSiteForURL(params.url)) { |
| site_instance->ConvertToDefaultOrSetSite(params.url); |
| } |
| |
| // Need to update MIME type here because it's referred to in |
| // UpdateNavigationCommands() called by RendererDidNavigate() to |
| // determine whether or not to enable the encoding menu. |
| // It's updated only for the main frame. For a subframe, |
| // RenderView::UpdateURL does not set params.contents_mime_type. |
| // (see http://code.google.com/p/chromium/issues/detail?id=2929 ) |
| // TODO(jungshik): Add a test for the encoding menu to avoid |
| // regressing it again. |
| // TODO(nasko): Verify the correctness of the above comment, since some of the |
| // code doesn't exist anymore. Also, move this code in the |
| // PageTransitionIsMainFrame code block above. |
| if (ui::PageTransitionIsMainFrame(params.transition) && delegate_) |
| delegate_->SetMainFrameMimeType(params.contents_mime_type); |
| |
| int old_entry_count = controller_->GetEntryCount(); |
| LoadCommittedDetails details; |
| bool did_navigate = controller_->RendererDidNavigate( |
| render_frame_host, params, &details, is_same_document_navigation, |
| previous_document_was_activated, navigation_request.get()); |
| |
| // If the history length and/or offset changed, update other renderers in the |
| // FrameTree. |
| if (old_entry_count != controller_->GetEntryCount() || |
| details.previous_entry_index != |
| controller_->GetLastCommittedEntryIndex()) { |
| frame_tree->root()->render_manager()->SendPageMessage( |
| new PageMsg_SetHistoryOffsetAndLength( |
| MSG_ROUTING_NONE, controller_->GetLastCommittedEntryIndex(), |
| controller_->GetEntryCount()), |
| site_instance); |
| } |
| |
| render_frame_host->DidNavigate(params, is_same_document_navigation); |
| |
| // Send notification about committed provisional loads. This notification is |
| // different from the NAV_ENTRY_COMMITTED notification which doesn't include |
| // the actual URL navigated to and isn't sent for AUTO_SUBFRAME navigations. |
| if (details.type != NAVIGATION_TYPE_NAV_IGNORE && delegate_) { |
| DCHECK_EQ(!render_frame_host->GetParent(), |
| did_navigate ? details.is_main_frame : false); |
| navigation_request->DidCommitNavigation(params, did_navigate, |
| details.did_replace_entry, |
| details.previous_url, details.type); |
| navigation_request.reset(); |
| } |
| |
| if (!did_navigate) |
| return; // No navigation happened. |
| |
| // DO NOT ADD MORE STUFF TO THIS FUNCTION! Your component should either listen |
| // for the appropriate notification (best) or you can add it to |
| // DidNavigateMainFramePostCommit / DidNavigateAnyFramePostCommit (only if |
| // necessary, please). |
| |
| // TODO(carlosk): Move this out. |
| RecordNavigationMetrics(details, params, site_instance); |
| |
| // Run post-commit tasks. |
| if (delegate_) { |
| if (details.is_main_frame) { |
| delegate_->DidNavigateMainFramePostCommit(render_frame_host, details, |
| params); |
| } |
| |
| delegate_->DidNavigateAnyFramePostCommit(render_frame_host, details, |
| params); |
| } |
| } |
| |
| void NavigatorImpl::Navigate(std::unique_ptr<NavigationRequest> request, |
| ReloadType reload_type, |
| RestoreType restore_type) { |
| TRACE_EVENT0("browser,navigation", "NavigatorImpl::Navigate"); |
| TRACE_EVENT_INSTANT_WITH_TIMESTAMP0( |
| "navigation,rail", "NavigationTiming navigationStart", |
| TRACE_EVENT_SCOPE_GLOBAL, request->common_params().navigation_start); |
| |
| const GURL& dest_url = request->common_params().url; |
| FrameTreeNode* frame_tree_node = request->frame_tree_node(); |
| |
| navigation_data_.reset(new NavigationMetricsData( |
| request->common_params().navigation_start, dest_url, restore_type)); |
| |
| // Check if the BeforeUnload event needs to execute before assigning the |
| // NavigationRequest to the FrameTreeNode. Assigning it to the FrameTreeNode |
| // has the side effect of initializing the current RenderFrameHost, which will |
| // return that it should execute the BeforeUnload event (even though we don't |
| // need to wait for it in the case of a brand new RenderFrameHost). |
| // |
| // We don't want to dispatch a beforeunload handler if |
| // is_history_navigation_in_new_child is true. This indicates a newly created |
| // child frame which does not have a beforeunload handler. |
| bool should_dispatch_beforeunload = |
| !NavigationTypeUtils::IsSameDocument( |
| request->common_params().navigation_type) && |
| !request->common_params().is_history_navigation_in_new_child_frame && |
| frame_tree_node->current_frame_host()->ShouldDispatchBeforeUnload( |
| false /* check_subframes_only */); |
| |
| int nav_entry_id = request->nav_entry_id(); |
| bool is_pending_entry = |
| controller_->GetPendingEntry() && |
| (nav_entry_id == controller_->GetPendingEntry()->GetUniqueID()); |
| frame_tree_node->CreatedNavigationRequest(std::move(request)); |
| DCHECK(frame_tree_node->navigation_request()); |
| |
| // Have the current renderer execute its beforeunload event if needed. If it |
| // is not needed then NavigationRequest::BeginNavigation should be directly |
| // called instead. |
| if (should_dispatch_beforeunload) { |
| frame_tree_node->navigation_request()->SetWaitingForRendererResponse(); |
| frame_tree_node->current_frame_host()->DispatchBeforeUnload( |
| RenderFrameHostImpl::BeforeUnloadType::BROWSER_INITIATED_NAVIGATION, |
| reload_type != ReloadType::NONE); |
| } else { |
| frame_tree_node->navigation_request()->BeginNavigation(); |
| // WARNING: The NavigationRequest might have been destroyed in |
| // BeginNavigation(). Do not use |frame_tree_node->navigation_request()| |
| // after this point without null checking it first. |
| } |
| |
| // Make sure no code called via RFH::Navigate clears the pending entry. |
| if (is_pending_entry) |
| CHECK_EQ(nav_entry_id, controller_->GetPendingEntry()->GetUniqueID()); |
| |
| // Notify observers about navigation. |
| if (delegate_ && is_pending_entry) |
| delegate_->DidStartNavigationToPendingEntry(dest_url, reload_type); |
| } |
| |
| void NavigatorImpl::RequestOpenURL( |
| RenderFrameHostImpl* render_frame_host, |
| const GURL& url, |
| const base::Optional<url::Origin>& initiator_origin, |
| bool uses_post, |
| const scoped_refptr<network::ResourceRequestBody>& body, |
| const std::string& extra_headers, |
| const Referrer& referrer, |
| WindowOpenDisposition disposition, |
| bool should_replace_current_entry, |
| bool user_gesture, |
| blink::WebTriggeringEventInfo triggering_event_info, |
| const std::string& href_translate, |
| scoped_refptr<network::SharedURLLoaderFactory> blob_url_loader_factory) { |
| // Note: This can be called for subframes (even when OOPIFs are not possible) |
| // if the disposition calls for a different window. |
| |
| // Only the current RenderFrameHost should be sending an OpenURL request. |
| // Pending RenderFrameHost should know where it is navigating and pending |
| // deletion RenderFrameHost shouldn't be trying to navigate. |
| if (render_frame_host != |
| render_frame_host->frame_tree_node()->current_frame_host()) { |
| return; |
| } |
| |
| SiteInstance* current_site_instance = render_frame_host->GetSiteInstance(); |
| |
| // TODO(creis): Pass the redirect_chain into this method to support client |
| // redirects. http://crbug.com/311721. |
| std::vector<GURL> redirect_chain; |
| |
| int frame_tree_node_id = -1; |
| |
| // Send the navigation to the current FrameTreeNode if it's destined for a |
| // subframe in the current tab. We'll assume it's for the main frame |
| // (possibly of a new or different WebContents) otherwise. |
| if (disposition == WindowOpenDisposition::CURRENT_TAB && |
| render_frame_host->GetParent()) { |
| frame_tree_node_id = |
| render_frame_host->frame_tree_node()->frame_tree_node_id(); |
| } |
| |
| OpenURLParams params(url, referrer, frame_tree_node_id, disposition, |
| ui::PAGE_TRANSITION_LINK, |
| true /* is_renderer_initiated */); |
| params.uses_post = uses_post; |
| params.post_data = body; |
| params.extra_headers = extra_headers; |
| if (redirect_chain.size() > 0) |
| params.redirect_chain = redirect_chain; |
| params.should_replace_current_entry = should_replace_current_entry; |
| params.user_gesture = user_gesture; |
| params.triggering_event_info = triggering_event_info; |
| params.initiator_origin = initiator_origin; |
| |
| // RequestOpenURL is used only for local frames, so we can get here only if |
| // the navigation is initiated by a frame in the same SiteInstance as this |
| // frame. Note that navigations on RenderFrameProxies do not use |
| // RequestOpenURL and go through NavigateFromFrameProxy instead. |
| params.source_site_instance = current_site_instance; |
| |
| params.source_render_frame_id = render_frame_host->GetRoutingID(); |
| params.source_render_process_id = render_frame_host->GetProcess()->GetID(); |
| |
| if (render_frame_host->web_ui()) { |
| // Note that we hide the referrer for Web UI pages. We don't really want |
| // web sites to see a referrer of "chrome://blah" (and some chrome: URLs |
| // might have search terms or other stuff we don't want to send to the |
| // site), so we send no referrer. |
| params.referrer = Referrer(); |
| |
| // Navigations in Web UI pages count as browser-initiated navigations. |
| params.is_renderer_initiated = false; |
| } |
| |
| params.blob_url_loader_factory = std::move(blob_url_loader_factory); |
| params.href_translate = href_translate; |
| |
| GetContentClient()->browser()->OverrideNavigationParams( |
| current_site_instance, ¶ms.transition, ¶ms.is_renderer_initiated, |
| ¶ms.referrer, ¶ms.initiator_origin); |
| |
| if (delegate_) |
| delegate_->OpenURL(params); |
| } |
| |
| void NavigatorImpl::NavigateFromFrameProxy( |
| RenderFrameHostImpl* render_frame_host, |
| const GURL& url, |
| const url::Origin& initiator_origin, |
| SiteInstance* source_site_instance, |
| const Referrer& referrer, |
| ui::PageTransition page_transition, |
| bool should_replace_current_entry, |
| NavigationDownloadPolicy download_policy, |
| const std::string& method, |
| scoped_refptr<network::ResourceRequestBody> post_body, |
| const std::string& extra_headers, |
| scoped_refptr<network::SharedURLLoaderFactory> blob_url_loader_factory, |
| bool has_user_gesture) { |
| // |method != "POST"| should imply absence of |post_body|. |
| if (method != "POST" && post_body) { |
| NOTREACHED(); |
| post_body = nullptr; |
| } |
| |
| // Allow the delegate to cancel the transfer. |
| if (!delegate_->ShouldTransferNavigation( |
| render_frame_host->frame_tree_node()->IsMainFrame())) |
| return; |
| |
| // TODO(creis): Determine if this transfer started as a browser-initiated |
| // navigation. See https://crbug.com/495161. |
| bool is_renderer_initiated = true; |
| Referrer referrer_to_use(referrer); |
| if (render_frame_host->web_ui()) { |
| // Note that we hide the referrer for Web UI pages. We don't really want |
| // web sites to see a referrer of "chrome://blah" (and some chrome: URLs |
| // might have search terms or other stuff we don't want to send to the |
| // site), so we send no referrer. |
| referrer_to_use = Referrer(); |
| |
| // Navigations in Web UI pages count as browser-initiated navigations. |
| is_renderer_initiated = false; |
| } |
| |
| if (is_renderer_initiated && |
| ShouldIgnoreIncomingRendererRequest( |
| render_frame_host->frame_tree_node()->navigation_request(), |
| has_user_gesture)) { |
| return; |
| } |
| |
| SiteInstance* current_site_instance = render_frame_host->GetSiteInstance(); |
| base::Optional<url::Origin> final_initiator_origin = initiator_origin; |
| GetContentClient()->browser()->OverrideNavigationParams( |
| current_site_instance, &page_transition, &is_renderer_initiated, |
| &referrer_to_use, &final_initiator_origin); |
| |
| controller_->NavigateFromFrameProxy( |
| render_frame_host, url, final_initiator_origin, is_renderer_initiated, |
| source_site_instance, referrer_to_use, page_transition, |
| should_replace_current_entry, download_policy, method, post_body, |
| extra_headers, std::move(blob_url_loader_factory)); |
| } |
| |
| void NavigatorImpl::OnBeforeUnloadACK(FrameTreeNode* frame_tree_node, |
| bool proceed, |
| const base::TimeTicks& proceed_time) { |
| DCHECK(frame_tree_node); |
| |
| NavigationRequest* navigation_request = frame_tree_node->navigation_request(); |
| |
| // The NavigationRequest may have been canceled while the renderer was |
| // executing the BeforeUnload event. |
| if (!navigation_request) |
| return; |
| |
| // If the user chose not to proceed, cancel the ongoing navigation. |
| // Note: it might be a new navigation, and not the one that triggered the |
| // sending of the BeforeUnload IPC in the first place. However, the |
| // BeforeUnload where the user asked not to proceed will have taken place |
| // after the navigation started. The last user input shoud be respected, and |
| // the navigation cancelled anyway. |
| if (!proceed) { |
| CancelNavigation(frame_tree_node, true); |
| return; |
| } |
| |
| // The browser-initiated NavigationRequest that triggered the sending of the |
| // BeforeUnload IPC might have been replaced by a renderer-initiated one while |
| // the BeforeUnload event executed in the renderer. In that case, the request |
| // will already have begun, so there is no need to start it again. |
| if (navigation_request->state() > |
| NavigationRequest::WAITING_FOR_RENDERER_RESPONSE) { |
| DCHECK(navigation_request->from_begin_navigation()); |
| return; |
| } |
| |
| // Update the navigation start: it should be when it was determined that the |
| // navigation will proceed. |
| navigation_request->set_navigation_start_time(proceed_time); |
| |
| DCHECK_EQ(NavigationRequest::WAITING_FOR_RENDERER_RESPONSE, |
| navigation_request->state()); |
| |
| // Send the request to the IO thread. |
| navigation_request->BeginNavigation(); |
| // DO NOT USE |navigation_request| BEYOND THIS POINT. It might have been |
| // destroyed in BeginNavigation(). |
| // See https://crbug.com/770157. |
| } |
| |
| void NavigatorImpl::OnBeginNavigation( |
| FrameTreeNode* frame_tree_node, |
| mojom::CommonNavigationParamsPtr common_params, |
| mojom::BeginNavigationParamsPtr begin_params, |
| scoped_refptr<network::SharedURLLoaderFactory> blob_url_loader_factory, |
| mojo::PendingAssociatedRemote<mojom::NavigationClient> navigation_client, |
| mojo::PendingRemote<blink::mojom::NavigationInitiator> navigation_initiator, |
| scoped_refptr<PrefetchedSignedExchangeCache> |
| prefetched_signed_exchange_cache, |
| std::unique_ptr<BundledExchangesHandleTracker> |
| bundled_exchanges_handle_tracker) { |
| // TODO(clamy): the url sent by the renderer should be validated with |
| // FilterURL. |
| // This is a renderer-initiated navigation. |
| DCHECK(frame_tree_node); |
| |
| if (common_params->is_history_navigation_in_new_child_frame) { |
| // Try to find a FrameNavigationEntry that matches this frame instead, based |
| // on the frame's unique name. If this can't be found, fall back to the |
| // default path below. |
| if (frame_tree_node->navigator()->StartHistoryNavigationInNewSubframe( |
| frame_tree_node->current_frame_host(), &navigation_client)) { |
| return; |
| } |
| } |
| |
| NavigationRequest* ongoing_navigation_request = |
| frame_tree_node->navigation_request(); |
| |
| // Client redirects during the initial history navigation of a child frame |
| // should take precedence over the history navigation (despite being renderer- |
| // initiated). See https://crbug.com/348447 and https://crbug.com/691168. |
| if (ongoing_navigation_request && |
| ongoing_navigation_request->common_params() |
| .is_history_navigation_in_new_child_frame) { |
| // Preemptively clear this local pointer before deleting the request. |
| ongoing_navigation_request = nullptr; |
| frame_tree_node->ResetNavigationRequest(false, true); |
| } |
| |
| // Verify this navigation has precedence. |
| if (ShouldIgnoreIncomingRendererRequest(ongoing_navigation_request, |
| common_params->has_user_gesture)) { |
| DropNavigation(frame_tree_node); |
| return; |
| } |
| |
| NavigationEntryImpl* navigation_entry = |
| GetNavigationEntryForRendererInitiatedNavigation(*common_params, |
| frame_tree_node); |
| NavigationEntryImpl* current_entry = controller_->GetLastCommittedEntry(); |
| if (current_entry && common_params->url == current_entry->GetReferrer().url) { |
| // Looks like a potential client redirect loop. Turn off any preview |
| // interventions in case they are at fault. Motivated by crbug.com/987062 |
| common_params->previews_state = PREVIEWS_OFF; |
| UMA_HISTOGRAM_BOOLEAN("Navigation.ClientRedirectCycle.RedirectToReferrer", |
| true); |
| } |
| |
| // Only consult the delegate for override state if there is no current entry, |
| // since that state should only apply to newly created tabs (and not cases |
| // where the NavigationEntry recorded the state). |
| bool override_user_agent = |
| current_entry |
| ? current_entry->GetIsOverridingUserAgent() |
| : delegate_ && delegate_->ShouldOverrideUserAgentInNewTabs(); |
| frame_tree_node->CreatedNavigationRequest( |
| NavigationRequest::CreateRendererInitiated( |
| frame_tree_node, navigation_entry, std::move(common_params), |
| std::move(begin_params), controller_->GetLastCommittedEntryIndex(), |
| controller_->GetEntryCount(), override_user_agent, |
| std::move(blob_url_loader_factory), std::move(navigation_client), |
| std::move(navigation_initiator), |
| std::move(prefetched_signed_exchange_cache), |
| std::move(bundled_exchanges_handle_tracker))); |
| NavigationRequest* navigation_request = frame_tree_node->navigation_request(); |
| |
| // This frame has already run beforeunload before it sent this IPC. See if |
| // any of its cross-process subframes also need to run beforeunload. If so, |
| // delay the navigation until receiving beforeunload ACKs from those frames. |
| DCHECK(!NavigationTypeUtils::IsSameDocument( |
| navigation_request->common_params().navigation_type)); |
| bool should_dispatch_beforeunload = |
| frame_tree_node->current_frame_host()->ShouldDispatchBeforeUnload( |
| true /* check_subframes_only */); |
| if (should_dispatch_beforeunload) { |
| frame_tree_node->navigation_request()->SetWaitingForRendererResponse(); |
| frame_tree_node->current_frame_host()->DispatchBeforeUnload( |
| RenderFrameHostImpl::BeforeUnloadType::RENDERER_INITIATED_NAVIGATION, |
| NavigationTypeUtils::IsReload( |
| navigation_request->common_params().navigation_type)); |
| return; |
| } |
| |
| // For main frames, NavigationHandle will be created after the call to |
| // |DidStartMainFrameNavigation|, so it receives the most up to date pending |
| // entry from the NavigationController. |
| navigation_request->BeginNavigation(); |
| // DO NOT USE |navigation_request| BEYOND THIS POINT. It might have been |
| // destroyed in BeginNavigation(). |
| // See https://crbug.com/770157. |
| } |
| |
| void NavigatorImpl::RestartNavigationAsCrossDocument( |
| std::unique_ptr<NavigationRequest> navigation_request) { |
| FrameTreeNode* frame_tree_node = navigation_request->frame_tree_node(); |
| // Don't restart the navigation if there is already another ongoing navigation |
| // in the FrameTreeNode. |
| if (frame_tree_node->navigation_request()) |
| return; |
| |
| navigation_request->ResetForCrossDocumentRestart(); |
| frame_tree_node->CreatedNavigationRequest(std::move(navigation_request)); |
| frame_tree_node->navigation_request()->BeginNavigation(); |
| // DO NOT USE THE NAVIGATION REQUEST BEYOND THIS POINT. It might have been |
| // destroyed in BeginNavigation(). |
| // See https://crbug.com/770157. |
| } |
| |
| void NavigatorImpl::OnAbortNavigation(FrameTreeNode* frame_tree_node) { |
| DCHECK(!IsPerNavigationMojoInterfaceEnabled()); |
| NavigationRequest* ongoing_navigation_request = |
| frame_tree_node->navigation_request(); |
| if (!ongoing_navigation_request || |
| ongoing_navigation_request->browser_initiated()) { |
| return; |
| } |
| |
| // Abort the renderer-initiated navigation request. |
| CancelNavigation(frame_tree_node, false); |
| } |
| |
| void NavigatorImpl::CancelNavigation(FrameTreeNode* frame_tree_node, |
| bool inform_renderer) { |
| if (frame_tree_node->navigation_request()) |
| frame_tree_node->navigation_request()->set_net_error(net::ERR_ABORTED); |
| frame_tree_node->ResetNavigationRequest(false, inform_renderer); |
| if (frame_tree_node->IsMainFrame()) |
| navigation_data_.reset(); |
| } |
| |
| void NavigatorImpl::LogResourceRequestTime(base::TimeTicks timestamp, |
| const GURL& url) { |
| if (navigation_data_ && navigation_data_->url_ == url) { |
| navigation_data_->url_job_start_time_ = timestamp; |
| UMA_HISTOGRAM_TIMES( |
| "Navigation.TimeToURLJobStart", |
| navigation_data_->url_job_start_time_ - navigation_data_->start_time_); |
| } |
| } |
| |
| void NavigatorImpl::LogBeforeUnloadTime( |
| const base::TimeTicks& renderer_before_unload_start_time, |
| const base::TimeTicks& renderer_before_unload_end_time) { |
| // Only stores the beforeunload delay if we're tracking a browser initiated |
| // navigation and it happened later than the navigation request. |
| if (navigation_data_ && |
| renderer_before_unload_start_time > navigation_data_->start_time_) { |
| navigation_data_->before_unload_delay_ = |
| renderer_before_unload_end_time - renderer_before_unload_start_time; |
| } |
| } |
| |
| void NavigatorImpl::RecordNavigationMetrics( |
| const LoadCommittedDetails& details, |
| const FrameHostMsg_DidCommitProvisionalLoad_Params& params, |
| SiteInstance* site_instance) { |
| DCHECK(site_instance->HasProcess()); |
| |
| if (!details.is_main_frame || !navigation_data_ || |
| navigation_data_->url_job_start_time_.is_null() || |
| navigation_data_->url_ != params.original_request_url) { |
| return; |
| } |
| |
| base::TimeDelta time_to_commit = |
| base::TimeTicks::Now() - navigation_data_->start_time_; |
| UMA_HISTOGRAM_TIMES("Navigation.TimeToCommit", time_to_commit); |
| |
| time_to_commit -= navigation_data_->before_unload_delay_; |
| base::TimeDelta time_to_network = navigation_data_->url_job_start_time_ - |
| navigation_data_->start_time_ - |
| navigation_data_->before_unload_delay_; |
| if (navigation_data_->is_restoring_from_last_session_) { |
| UMA_HISTOGRAM_TIMES( |
| "Navigation.TimeToCommit_SessionRestored_BeforeUnloadDiscounted", |
| time_to_commit); |
| UMA_HISTOGRAM_TIMES( |
| "Navigation.TimeToURLJobStart_SessionRestored_BeforeUnloadDiscounted", |
| time_to_network); |
| navigation_data_.reset(); |
| return; |
| } |
| bool navigation_created_new_renderer_process = |
| site_instance->GetProcess()->GetInitTimeForNavigationMetrics() > |
| navigation_data_->start_time_; |
| if (navigation_created_new_renderer_process) { |
| UMA_HISTOGRAM_TIMES( |
| "Navigation.TimeToCommit_NewRenderer_BeforeUnloadDiscounted", |
| time_to_commit); |
| UMA_HISTOGRAM_TIMES( |
| "Navigation.TimeToURLJobStart_NewRenderer_BeforeUnloadDiscounted", |
| time_to_network); |
| } else { |
| UMA_HISTOGRAM_TIMES( |
| "Navigation.TimeToCommit_ExistingRenderer_BeforeUnloadDiscounted", |
| time_to_commit); |
| UMA_HISTOGRAM_TIMES( |
| "Navigation.TimeToURLJobStart_ExistingRenderer_BeforeUnloadDiscounted", |
| time_to_network); |
| } |
| navigation_data_.reset(); |
| } |
| |
| NavigationEntryImpl* |
| NavigatorImpl::GetNavigationEntryForRendererInitiatedNavigation( |
| const mojom::CommonNavigationParams& common_params, |
| FrameTreeNode* frame_tree_node) { |
| if (!frame_tree_node->IsMainFrame()) |
| return nullptr; |
| |
| // If there is no browser-initiated pending entry for this navigation and it |
| // is not for the error URL, create a pending entry and ensure the address bar |
| // updates accordingly. We don't know the referrer or extra headers at this |
| // point, but the referrer will be set properly upon commit. This does not |
| // set the SiteInstance for the pending entry, because it may change |
| // before the URL commits. |
| NavigationEntryImpl* pending_entry = controller_->GetPendingEntry(); |
| bool has_browser_initiated_pending_entry = |
| pending_entry && !pending_entry->is_renderer_initiated(); |
| if (has_browser_initiated_pending_entry) |
| return nullptr; |
| |
| // A pending navigation entry is created in OnBeginNavigation(). The renderer |
| // sends a provisional load notification after that. We don't want to create |
| // a duplicate navigation entry here. |
| bool renderer_provisional_load_to_pending_url = |
| pending_entry && pending_entry->is_renderer_initiated() && |
| (pending_entry->GetURL() == common_params.url); |
| if (renderer_provisional_load_to_pending_url) |
| return nullptr; |
| |
| // If there is a transient entry, creating a new pending entry will result |
| // in deleting it, which leads to inconsistent state. |
| bool has_transient_entry = !!controller_->GetTransientEntry(); |
| if (has_transient_entry) |
| return nullptr; |
| |
| std::unique_ptr<NavigationEntryImpl> entry = |
| NavigationEntryImpl::FromNavigationEntry( |
| NavigationController::CreateNavigationEntry( |
| common_params.url, content::Referrer(), |
| common_params.initiator_origin, ui::PAGE_TRANSITION_LINK, |
| true /* is_renderer_initiated */, std::string(), |
| controller_->GetBrowserContext(), |
| nullptr /* blob_url_loader_factory */)); |
| |
| controller_->SetPendingEntry(std::move(entry)); |
| if (delegate_) |
| delegate_->NotifyChangedNavigationState(content::INVALIDATE_TYPE_URL); |
| |
| return controller_->GetPendingEntry(); |
| } |
| |
| } // namespace content |