GitLab

When there's an ongoing navigation, if the app loada a JavaScript URL we create
a temporary NavigationRequest in NavigatorImpl::RequestNavigation. However the
call to RenderFrameHostManager::GetFrameHostForNavigation was resetting the
speculative RFH of the original NavigationRequest since the site instance of a
JavaScript load is always the same as the existing frame.

This is a reland of r523264 with an extra fix to ensure that the RFH is
initialized.

Bug: 793432
Change-Id: I7a029d907f5c133c00ce096d9d733cb8194fcd43
Reviewed-on: https://chromium-review.googlesource.com/822970Reviewed-by: Nasko Oskov <nasko@chromium.org>
Commit-Queue: John Abd-El-Malek <jam@chromium.org>
Cr-Commit-Position: refs/heads/master@{#523489}