bfcache: Fix SecurityExploitBrowsertest.InvalidBeginNavigationInitiator.

The FrameHostInterceptor observe RenderFrameHost creation and destruction. In its constructor, it simulate observing RenderFrameHost creation for every active RenderFrameHost. It misses the ones in the BackForwardCache. This causes a mismatch later when it observe a RenderFrameHost deletion. Change-Id: Ifabf5eab92f3275d71e5a7d760f44e4178e00d6a Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1816509 Commit-Queue: Arthur Sonzogni <arthursonzogni@chromium.org> Reviewed-by: Alex Moshchuk <alexmos@chromium.org> Cr-Commit-Position: refs/heads/master@{#705020}

bfcache: Fix SecurityExploitBrowsertest.InvalidBeginNavigationInitiator.
The FrameHostInterceptor observe RenderFrameHost creation and destruction. In its constructor, it simulate observing RenderFrameHost creation for every active RenderFrameHost. It misses the ones in the BackForwardCache. This causes a mismatch later when it observe a RenderFrameHost deletion. Change-Id: Ifabf5eab92f3275d71e5a7d760f44e4178e00d6a Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1816509 Commit-Queue: Arthur Sonzogni <arthursonzogni@chromium.org> Reviewed-by: Alex Moshchuk <alexmos@chromium.org> Cr-Commit-Position: refs/heads/master@{#705020}
0a164974 · arthursonzogni · Commit Bot · b3eaa571 · 0a164974 · 0a164974
Commit 0a164974 authored Oct 11, 2019 by arthursonzogni Committed by Commit Bot Oct 11, 2019
2 changed files
--- a/content/browser/security_exploit_browsertest.cc
+++ b/content/browser/security_exploit_browsertest.cc
@@ -1329,9 +1329,18 @@ IN_PROC_BROWSER_TEST_F(SecurityExploitBrowserTest,
  // platforms without site-per-process.
  IsolateOrigin("a.com");

+  // IsolateOrigin internally performs navigations which get stored into the
+  // back-forward cache. It needs to be flushed. The
+  // BeginNavigationInitiatorReplacer below will simulate receiving
+  // RenderFrameCreated() on every active RenderFrameHost, but it will miss the
+  // ones in the BackForwardCache. This would causes a mismatch later when it
+  // will observe RenderFrameDeleted.
+  WebContentsImpl* web_contents =
+      static_cast<WebContentsImpl*>(shell()->web_contents());
+  web_contents->GetController().GetBackForwardCache().Flush();
+
  // Prepare to intercept BeginNavigation mojo IPC.  This has to be done before
  // the test creates the RenderFrameHostImpl that is the target of the IPC.
-  WebContents* web_contents = shell()->web_contents();
  BeginNavigationInitiatorReplacer injector(
      web_contents, url::Origin::Create(GURL("http://b.com")));


--- a/testing/buildbot/filters/bfcache.content_browsertests.filter
+++ b/testing/buildbot/filters/bfcache.content_browsertests.filter
@@ -80,10 +80,6 @@
 # https://crbug.com/1004786
 -SitePerProcessBrowserTest.TestChildProcessImportance

-# In debug mode. The FrameHostInterceptor fails, because it doesn't take into
-# account pages in the BackForwardCache.
-SecurityExploitBrowserTest.InvalidBeginNavigationInitiator
-
 # NOTREACHED() is hit in RenderFrameHostManager::GetFrameHostForNavigation,
 # because, "A frame that's pending deletion should never be navigated.".
 -NavigationControllerBrowserTest.PageStateWithIframeAfterForwardInCompetingFrames