-
Paul Miller authored
WebUINavigationThrottle blocks WebUI (chrome://...) pages from loading non-WebUI pages in subframes. When a renderer navigates to a WebUI page, a "WebUI bindings" bit is set in that renderer's ChildProcessSecurityPolicyImpl::SecurityState, and it remains for the lifetime of the renderer process. WebUINavigationThrottles are created for renderers with this bit set. In multi-process mode, navigating away from the WebUI page creates a fresh renderer with a fresh SecurityState, so subsequent non-WebUI pages are again able to load non-WebUI subframes. In single-process mode, the WebUI bit remains. After visiting a WebUI page, iframes on all other pages will be broken until Chrome is restarted. This breaks Android WebView as well, since WebView uses single-process on old Android versions and low-memory devices. It breaks CTS because testOnSafeBrowsingHit loads chrome://safe-browsing/match?type=malware, which sets the bit, and then testShouldOverrideUrlLoadingOnCreateWindow tries to use an iframe. Fix this by not creating a WebUINavigationThrottle in single-process mode. BUG=924799 Change-Id: I5a61f45dc065681f0e6b97e0b205e804edbd7402 Reviewed-on: https://chromium-review.googlesource.com/c/1432953 Commit-Queue: Paul Miller <paulmiller@chromium.org> Reviewed-by:
Nasko Oskov <nasko@chromium.org> Cr-Commit-Position: refs/heads/master@{#626267}
8a5d9397
