Ignore calls to CredentialsContainer whose responsible document was detached.

The `window.opener` might be storing a reference to `window.navigator.credentials`,
and call methods on it after the opened `window` is navigated away and hence its
relevant settings object's responsible document is already destroyed.

We should ignore calls to navigator.credentials methods in this case and not crash.

Bug: 797900
Change-Id: I6507cb30b8d9d967a1d218135388fc833d215c69
Reviewed-on: https://chromium-review.googlesource.com/848914Reviewed-by: Kentaro Hara <haraken@chromium.org>
Commit-Queue: Balazs Engedy <engedy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#527004}

third_party/WebKit/LayoutTests/http/tests/credentialmanager/credentialscontainer-detached.html

+<!DOCTYPE html>
+<title>Credential Manager: invoke methods after the relevant document has been detached.</title>
+<script src="../resources/testharness.js"></script>
+<script src="../resources/testharnessreport.js"></script>
+<script>
+
+async_test(t => {
+  let openedWindow = window.open("./resources/notify-opener-on-load.html");
+  let eventWatcher = new EventWatcher(t, window, ["message"]);
+  let navigatorCredentials = null;
+  eventWatcher.wait_for("message")
+    .then(_ => {
+      navigatorCredentials = openedWindow.navigator.credentials;
+      window.setTimeout(_ => openedWindow.location.reload());
+      return eventWatcher.wait_for("message");
+    })
+  .then(t.step_func_done(_ => {
+    assert_equals(navigatorCredentials.get(), undefined,
+        "navigator.credentials.get() should not crash nor return a Promise.");
+    assert_equals(navigatorCredentials.create(), undefined,
+        "navigator.credentials.create() should not crash nor return a Promise.");
+    assert_equals(
+        navigatorCredentials.store(new PasswordCredential({id: 'a', password: 'b'})),
+        undefined,
+        "navigator.credentials.store() should not crash nor return a Promise.");
+    assert_equals(navigatorCredentials.preventSilentAccess(), undefined,
+        "navigator.credentials.preventSilentAccess() should not crash nor return a Promise.");
+   }));
+});
+
+</script>

third_party/WebKit/LayoutTests/http/tests/credentialmanager/resources/notify-opener-on-load.html

+<!DOCTYPE html>
+<script>
+window.addEventListener("load", _ => window.opener.postMessage("loaded", "*"));
+</script>

third_party/WebKit/Source/modules/credentialmanager/CredentialsContainer.cpp

@@ -100,8 +100,16 @@ bool IsSameOriginWithAncestors(const Frame* frame) {
 bool CheckSecurityRequirementsBeforeRequest(
     ScriptPromiseResolver* resolver,
     RequiredOriginType required_origin_type) {
-  // Credential Management is not exposed to Workers or Worklets, so the current
-  // realm execution context must have a responsible browsing context.
+  // Ignore calls if the current realm execution context is no longer valid,
+  // e.g., because the responsible document was detached.
+  DCHECK(resolver->GetExecutionContext());
+  if (resolver->GetExecutionContext()->IsContextDestroyed()) {
+    resolver->Reject();
+    return false;
+  }
+
+  // The API is not exposed to Workers or Worklets, so if the current realm
+  // execution context is valid, it must have a responsible browsing context.
   SECURITY_CHECK(resolver->GetFrame());
 
   String error_message;