Revert "Lock hosted apps to their underlying web origin."

This reverts commit 71426a90. Reason for revert: Causing cookies and localStorage renderer kills involving the Drive app. I found a local repro where an app covers both http and https versions of a site, and a renderer-initiated navigation from http to https does not trigger a process transfer as it should. Original change's description: > Lock hosted apps to their underlying web origin. > > Previously, hosted apps were exempt from LockToOrigin() even in > --site-per-process mode. That meant that hosted apps were not subject > to enforcements such as not allowing access to cookies, passwords, or > local storage of other sites. Worse, it meant that hosted apps could > arbitrarily share a process (e.g., when over process limit), even if > they covered different web sites with --site-per-process. > > This CL starts locking hosted apps to their underlying web origin. If > a frame commits a navigation to URL http://foo.com, which is part of a > hosted app X's web extent, the process for that frame will be locked > to http://foo.com. Note that the SiteInstance for this frame will > still use a site URL based on the effective URL (i.e., > chrome-extension://<ext_id_for_X>/), but the origin lock will not be > based on effective URLs. This requires plumbing to compute the origin > lock as a site URL that does not use an effective URL, and to plumb it > into various places that make process model decisions, such as > RPHI::IsSuitableHost(). > > Bug: 811939, 794315, 791796 > Change-Id: Icc9b3c0a04253e581ea35953f3c566308305db59 > Reviewed-on: https://chromium-review.googlesource.com/959346 > Commit-Queue: Alex Moshchuk <alexmos@chromium.org> > Reviewed-by: Devlin <rdevlin.cronin@chromium.org> > Reviewed-by: Charlie Reis <creis@chromium.org> > Cr-Commit-Position: refs/heads/master@{#583895} TBR=creis@chromium.org,rdevlin.cronin@chromium.org,alexmos@chromium.org Change-Id: Ie459ef9b61eb78b6dad44e253768d8c4234e6abf No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: 811939, 794315, 791796 Reviewed-on: https://chromium-review.googlesource.com/1180308Reviewed-by: Alex Moshchuk <alexmos@chromium.org> Commit-Queue: Alex Moshchuk <alexmos@chromium.org> Cr-Commit-Position: refs/heads/master@{#584231}

Revert "Lock hosted apps to their underlying web origin."
This reverts commit 71426a90. Reason for revert: Causing cookies and localStorage renderer kills involving the Drive app. I found a local repro where an app covers both http and https versions of a site, and a renderer-initiated navigation from http to https does not trigger a process transfer as it should. Original change's description: > Lock hosted apps to their underlying web origin. > > Previously, hosted apps were exempt from LockToOrigin() even in > --site-per-process mode. That meant that hosted apps were not subject > to enforcements such as not allowing access to cookies, passwords, or > local storage of other sites. Worse, it meant that hosted apps could > arbitrarily share a process (e.g., when over process limit), even if > they covered different web sites with --site-per-process. > > This CL starts locking hosted apps to their underlying web origin. If > a frame commits a navigation to URL http://foo.com, which is part of a > hosted app X's web extent, the process for that frame will be locked > to http://foo.com. Note that the SiteInstance for this frame will > still use a site URL based on the effective URL (i.e., > chrome-extension://<ext_id_for_X>/), but the origin lock will not be > based on effective URLs. This requires plumbing to compute the origin > lock as a site URL that does not use an effective URL, and to plumb it > into various places that make process model decisions, such as > RPHI::IsSuitableHost(). > > Bug: 811939, 794315, 791796 > Change-Id: Icc9b3c0a04253e581ea35953f3c566308305db59 > Reviewed-on: https://chromium-review.googlesource.com/959346 > Commit-Queue: Alex Moshchuk <alexmos@chromium.org> > Reviewed-by: Devlin <rdevlin.cronin@chromium.org> > Reviewed-by: Charlie Reis <creis@chromium.org> > Cr-Commit-Position: refs/heads/master@{#583895} TBR=creis@chromium.org,rdevlin.cronin@chromium.org,alexmos@chromium.org Change-Id: Ie459ef9b61eb78b6dad44e253768d8c4234e6abf No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: 811939, 794315, 791796 Reviewed-on: https://chromium-review.googlesource.com/1180308Reviewed-by: Alex Moshchuk <alexmos@chromium.org> Commit-Queue: Alex Moshchuk <alexmos@chromium.org> Cr-Commit-Position: refs/heads/master@{#584231}
218dcacf · Alex Moshchuk · Commit Bot · 2056fcff · 218dcacf · 218dcacf
Commit 218dcacf authored Aug 17, 2018 by Alex Moshchuk Committed by Commit Bot Aug 17, 2018
14 changed files
--- a/chrome/browser/extensions/chrome_content_browser_client_extensions_part.cc
+++ b/chrome/browser/extensions/chrome_content_browser_client_extensions_part.cc
@@ -428,29 +428,28 @@ bool ChromeContentBrowserClientExtensionsPart::DoesSiteRequireDedicatedProcess(
 bool ChromeContentBrowserClientExtensionsPart::ShouldLockToOrigin(
    content::BrowserContext* browser_context,
    const GURL& effective_site_url) {
-  if (!effective_site_url.SchemeIs(kExtensionScheme))
-    return true;
-
-  const Extension* extension = ExtensionRegistry::Get(browser_context)
-                                   ->enabled_extensions()
-                                   .GetExtensionOrAppByURL(effective_site_url);
-  if (!extension)
-    return true;
-
-  // Hosted apps should be locked to their web origin. See
-  // https://crbug.com/794315.
-  if (extension->is_hosted_app())
-    return true;
+  // https://crbug.com/160576 workaround: Origin lock to the chrome-extension://
+  // scheme for a hosted app would kill processes on legitimate requests for the
+  // app's cookies.
+  if (effective_site_url.SchemeIs(extensions::kExtensionScheme)) {
+    const Extension* extension =
+        ExtensionRegistry::Get(browser_context)
+            ->enabled_extensions()
+            .GetExtensionOrAppByURL(effective_site_url);
+    if (extension && extension->is_hosted_app())
+      return false;

-  // Other extensions are allowed to share processes, even in
-  // --site-per-process currently. See https://crbug.com/600441#c1 for some
-  // background on the intersection of extension process reuse and site
-  // isolation.
-  //
-  // TODO(nick): Fix this, possibly by revamping the extensions process model
-  // so that sharing is determined by privilege level, as described in
-  // https://crbug.com/766267.
-  return false;
+    // Extensions are allowed to share processes, even in --site-per-process
+    // currently. See https://crbug.com/600441#c1 for some background on the
+    // intersection of extension process reuse and site isolation.
+    //
+    // TODO(nick): Fix this, possibly by revamping the extensions process model
+    // so that sharing is determined by privilege level, as described in
+    // https://crbug.com/766267
+    if (extension)
+      return false;
+  }
+  return true;
 }

 // static

--- a/chrome/browser/ui/extensions/hosted_app_browsertest.cc
+++ b/chrome/browser/ui/extensions/hosted_app_browsertest.cc
--- a/content/browser/browsing_instance.cc
+++ b/content/browser/browsing_instance.cc
@@ -21,15 +21,16 @@ BrowsingInstance::BrowsingInstance(BrowserContext* browser_context)
 }

 bool BrowsingInstance::HasSiteInstance(const GURL& url) {
-  std::string site = SiteInstance::GetSiteForURL(browser_context_, url)
-                         .possibly_invalid_spec();
+  std::string site =
+      SiteInstanceImpl::GetSiteForURL(browser_context_, url)
+          .possibly_invalid_spec();

  return site_instance_map_.find(site) != site_instance_map_.end();
 }

 scoped_refptr<SiteInstanceImpl> BrowsingInstance::GetSiteInstanceForURL(
    const GURL& url) {
-  std::string site = SiteInstance::GetSiteForURL(browser_context_, url)
+  std::string site = SiteInstanceImpl::GetSiteForURL(browser_context_, url)
                         .possibly_invalid_spec();

  SiteInstanceMap::iterator i = site_instance_map_.find(site);

--- a/content/browser/child_process_security_policy_impl.cc
+++ b/content/browser/child_process_security_policy_impl.cc
@@ -1120,7 +1120,7 @@ bool ChildProcessSecurityPolicyImpl::CanAccessDataForOrigin(int child_id,
  // TODO(creis): We must pass the valid browser_context to convert hosted apps
  // URLs. Currently, hosted apps cannot set cookies in this mode. See
  // http://crbug.com/160576.
-  GURL site_url = SiteInstance::GetSiteForURL(nullptr, url);
+  GURL site_url = SiteInstanceImpl::GetSiteForURL(nullptr, url);

  base::AutoLock lock(lock_);
  SecurityStateMap::iterator state = security_state_.find(child_id);
@@ -1153,7 +1153,7 @@ void ChildProcessSecurityPolicyImpl::LockToOrigin(int child_id,
  DCHECK_CURRENTLY_ON(BrowserThread::UI);

  // "gurl" can be currently empty in some cases, such as file://blah.
-  DCHECK_EQ(SiteInstanceImpl::DetermineProcessLockURL(nullptr, gurl), gurl);
+  DCHECK(SiteInstanceImpl::GetSiteForURL(nullptr, gurl) == gurl);
  base::AutoLock lock(lock_);
  SecurityStateMap::iterator state = security_state_.find(child_id);
  DCHECK(state != security_state_.end());

--- a/content/browser/frame_host/navigator_impl_unittest.cc
+++ b/content/browser/frame_host/navigator_impl_unittest.cc
@@ -133,7 +133,7 @@ TEST_F(NavigatorTestWithBrowserSideNavigation,
  EXPECT_TRUE(main_test_rfh()->navigation_request());
  main_test_rfh()->SendNavigate(entry_id, true, kUrl);
  EXPECT_TRUE(main_test_rfh()->is_active());
-  EXPECT_EQ(SiteInstance::GetSiteForURL(browser_context(), kUrl),
+  EXPECT_EQ(SiteInstanceImpl::GetSiteForURL(browser_context(), kUrl),
            main_test_rfh()->GetSiteInstance()->GetSiteURL());
  EXPECT_EQ(kUrl, contents()->GetLastCommittedURL());

@@ -187,7 +187,7 @@ TEST_F(NavigatorTestWithBrowserSideNavigation,
  // Commit the navigation.
  navigation->Commit();
  EXPECT_TRUE(main_test_rfh()->is_active());
-  EXPECT_EQ(SiteInstance::GetSiteForURL(browser_context(), kUrl2),
+  EXPECT_EQ(SiteInstanceImpl::GetSiteForURL(browser_context(), kUrl2),
            main_test_rfh()->GetSiteInstance()->GetSiteURL());
  EXPECT_EQ(kUrl2, contents()->GetLastCommittedURL());
  EXPECT_FALSE(GetSpeculativeRenderFrameHost(node));
@@ -878,7 +878,7 @@ TEST_F(NavigatorTestWithBrowserSideNavigation,
  // Receive the beforeUnload ACK.
  main_test_rfh()->SendBeforeUnloadACK(true);
  EXPECT_EQ(speculative_rfh, GetSpeculativeRenderFrameHost(node));
-  EXPECT_EQ(SiteInstance::GetSiteForURL(browser_context(), kUrl),
+  EXPECT_EQ(SiteInstanceImpl::GetSiteForURL(browser_context(), kUrl),
            speculative_rfh->GetSiteInstance()->GetSiteURL());
  int32_t site_instance_id = speculative_rfh->GetSiteInstance()->GetId();
  int64_t navigation_id =
@@ -923,7 +923,7 @@ TEST_F(NavigatorTestWithBrowserSideNavigation,
  EXPECT_NE(init_site_instance_id, site_instance_id);
  EXPECT_EQ(init_site_instance_id, main_test_rfh()->GetSiteInstance()->GetId());
  EXPECT_NE(speculative_rfh, main_test_rfh());
-  EXPECT_EQ(SiteInstance::GetSiteForURL(browser_context(), kUrl),
+  EXPECT_EQ(SiteInstanceImpl::GetSiteForURL(browser_context(), kUrl),
            speculative_rfh->GetSiteInstance()->GetSiteURL());

  // Receive the beforeUnload ACK.
@@ -960,7 +960,7 @@ TEST_F(NavigatorTestWithBrowserSideNavigation,

  // Once commit happens the speculative RenderFrameHost is updated to match the
  // known final SiteInstance.
-  EXPECT_EQ(SiteInstance::GetSiteForURL(browser_context(), kUrlRedirect),
+  EXPECT_EQ(SiteInstanceImpl::GetSiteForURL(browser_context(), kUrlRedirect),
            speculative_rfh->GetSiteInstance()->GetSiteURL());
  int32_t redirect_site_instance_id =
      speculative_rfh->GetSiteInstance()->GetId();

--- a/content/browser/frame_host/render_frame_host_manager.cc
+++ b/content/browser/frame_host/render_frame_host_manager.cc
@@ -1218,8 +1218,7 @@ RenderFrameHostManager::DetermineSiteInstanceForURL(
    // thus use the correct process.
    bool use_process_per_site =
        RenderProcessHost::ShouldUseProcessPerSite(browser_context, dest_url) &&
-        RenderProcessHostImpl::GetSoleProcessHostForURL(browser_context,
-                                                        dest_url);
+        RenderProcessHostImpl::GetProcessHostForSite(browser_context, dest_url);
    if (current_instance_impl->HasRelatedSiteInstance(dest_url) ||
        use_process_per_site) {
      return SiteInstanceDescriptor(browser_context, dest_url,

--- a/content/browser/isolated_origin_browsertest.cc
+++ b/content/browser/isolated_origin_browsertest.cc
@@ -568,12 +568,10 @@ IN_PROC_BROWSER_TEST_F(IsolatedOriginTest, ProcessLimit) {
  // Sanity-check IsSuitableHost values for the current processes.
  BrowserContext* browser_context = web_contents()->GetBrowserContext();
  auto is_suitable_host = [browser_context](RenderProcessHost* process,
-                                            const GURL& url) {
-    GURL site_url(SiteInstance::GetSiteForURL(browser_context, url));
-    GURL lock_url(
-        SiteInstanceImpl::DetermineProcessLockURL(browser_context, url));
-    return RenderProcessHostImpl::IsSuitableHost(process, browser_context,
-                                                 site_url, lock_url);
+                                            GURL url) {
+    return RenderProcessHostImpl::IsSuitableHost(
+        process, browser_context,
+        SiteInstance::GetSiteForURL(browser_context, url));
  };
  EXPECT_TRUE(is_suitable_host(foo_process, foo_url));
  EXPECT_FALSE(is_suitable_host(foo_process, isolated_foo_url));

--- a/content/browser/renderer_host/render_process_host_impl.cc
+++ b/content/browser/renderer_host/render_process_host_impl.cc
--- a/content/browser/renderer_host/render_process_host_impl.h
+++ b/content/browser/renderer_host/render_process_host_impl.h
@@ -266,16 +266,11 @@ class CONTENT_EXPORT RenderProcessHostImpl
  // Implementation of FilterURL below that can be shared with the mock class.
  static void FilterURL(RenderProcessHost* rph, bool empty_allowed, GURL* url);

-  // Returns true if |host| is suitable for rendering a page in the given
-  // |browser_context|, where the page would utilize |site_url| as its
-  // SiteInstance site URL, and its process would be locked to |lock_url|.
-  // |site_url| and |lock_url| may differ in cases where an effective URL is
-  // not the actual site that the process is locked to, which happens for
-  // hosted apps.
+  // Returns true if |host| is suitable for launching a new view with |site_url|
+  // in the given |browser_context|.
  static bool IsSuitableHost(RenderProcessHost* host,
                             BrowserContext* browser_context,
-                             const GURL& site_url,
-                             const GURL& lock_url);
+                             const GURL& site_url);

  // Returns an existing RenderProcessHost for |url| in |browser_context|,
  // if one exists.  Otherwise a new RenderProcessHost should be created and
@@ -283,45 +278,25 @@ class CONTENT_EXPORT RenderProcessHostImpl
  // This should only be used for process-per-site mode, which can be enabled
  // globally with a command line flag or per-site, as determined by
  // SiteInstanceImpl::ShouldUseProcessPerSite.
-  // Important: |url| should be a full URL and *not* a site URL.
-  static RenderProcessHost* GetSoleProcessHostForURL(
+  static RenderProcessHost* GetProcessHostForSite(
      BrowserContext* browser_context,
      const GURL& url);

-  // Variant of the above that takes in a SiteInstance site URL and the
-  // process's origin lock URL, when they are known.
-  static RenderProcessHost* GetSoleProcessHostForSite(
-      BrowserContext* browser_context,
-      const GURL& site_url,
-      const GURL& lock_url);
-
-  // Registers the given |process| to be used for all sites identified by
-  // |site_instance| within |browser_context|.
+  // Registers the given |process| to be used for any instance of |url|
+  // within |browser_context|.
  // This should only be used for process-per-site mode, which can be enabled
  // globally with a command line flag or per-site, as determined by
  // SiteInstanceImpl::ShouldUseProcessPerSite.
-  static void RegisterSoleProcessHostForSite(BrowserContext* browser_context,
-                                             RenderProcessHost* process,
-                                             SiteInstanceImpl* site_instance);
+  static void RegisterProcessHostForSite(
+      BrowserContext* browser_context,
+      RenderProcessHost* process,
+      const GURL& url);

  // Returns a suitable RenderProcessHost to use for |site_instance|. Depending
  // on the SiteInstance's ProcessReusePolicy and its url, this may be an
  // existing RenderProcessHost or a new one.
-  //
-  // This is the main entrypoint into the process assignment logic, which
-  // handles all cases.  These cases include:
-  // - process-per-site: see
-  //   RegisterSoleProcessHostForSite/GetSoleProcessHostForSite.
-  // - TDI: see GetDefaultSubframeProcessHost.
-  // - REUSE_PENDING_OR_COMMITTED reuse policy (for ServiceWorkers and OOPIFs):
-  //   see FindReusableProcessHostForSiteInstance.
-  // - normal process reuse when over process limit:  see
-  //   GetExistingProcessHost.
-  // - using the spare RenderProcessHost when possible: see
-  //   MaybeTakeSpareRenderProcessHost.
-  // - process creation when an existing process couldn't be found: see
-  //   CreateRenderProcessHost.
  static RenderProcessHost* GetProcessHostForSiteInstance(
+      BrowserContext* browser_context,
      SiteInstanceImpl* site_instance);

  // Should be called when |browser_context| is used in a navigation.
@@ -577,19 +552,20 @@ class CONTENT_EXPORT RenderProcessHostImpl
  // Get an existing RenderProcessHost associated with the given browser
  // context, if possible.  The renderer process is chosen randomly from
  // suitable renderers that share the same context and type (determined by the
-  // site url of |site_instance|).
+  // site url).
  // Returns nullptr if no suitable renderer process is available, in which case
  // the caller is free to create a new renderer.
  static RenderProcessHost* GetExistingProcessHost(
-      SiteInstanceImpl* site_instance);
+      content::BrowserContext* browser_context,
+      const GURL& site_url);
  FRIEND_TEST_ALL_PREFIXES(RenderProcessHostUnitTest,
                           GuestsAreNotSuitableHosts);

-  // Returns a RenderProcessHost that is rendering a URL corresponding to
-  // |site_instance| in one of its frames, or that is expecting a navigation to
-  // that SiteInstance.
-  static RenderProcessHost* FindReusableProcessHostForSiteInstance(
-      SiteInstanceImpl* site_instance);
+  // Returns a RenderProcessHost that is rendering |site_url| in one of its
+  // frames, or that is expecting a navigation to |site_url|.
+  static RenderProcessHost* FindReusableProcessHostForSite(
+      BrowserContext* browser_context,
+      const GURL& site_url);

  void CreateMediaStreamDispatcherHost(
      MediaStreamManager* media_stream_manager,

--- a/content/browser/renderer_host/render_process_host_unittest.cc
+++ b/content/browser/renderer_host/render_process_host_unittest.cc
@@ -42,16 +42,12 @@ TEST_F(RenderProcessHostUnitTest, GuestsAreNotSuitableHosts) {
  MockRenderProcessHost guest_host(browser_context());
  guest_host.set_is_for_guests_only(true);

-  scoped_refptr<SiteInstanceImpl> site_instance =
-      SiteInstanceImpl::CreateForURL(browser_context(), test_url);
  EXPECT_FALSE(RenderProcessHostImpl::IsSuitableHost(
-      &guest_host, browser_context(), site_instance->GetSiteURL(),
-      site_instance->lock_url()));
+      &guest_host, browser_context(), test_url));
  EXPECT_TRUE(RenderProcessHostImpl::IsSuitableHost(
-      process(), browser_context(), site_instance->GetSiteURL(),
-      site_instance->lock_url()));
-  EXPECT_EQ(process(),
-            RenderProcessHostImpl::GetExistingProcessHost(site_instance.get()));
+      process(), browser_context(), test_url));
+  EXPECT_EQ(process(), RenderProcessHostImpl::GetExistingProcessHost(
+                           browser_context(), test_url));
 }

 #if !defined(OS_ANDROID) && !defined(OS_CHROMEOS)

--- a/content/browser/site_instance_impl.cc
+++ b/content/browser/site_instance_impl.cc
@@ -104,8 +104,7 @@ bool SiteInstanceImpl::HasProcess() const {
      browsing_instance_->browser_context();
  if (has_site_ &&
      RenderProcessHost::ShouldUseProcessPerSite(browser_context, site_) &&
-      RenderProcessHostImpl::GetSoleProcessHostForSite(browser_context, site_,
-                                                       lock_url_)) {
+      RenderProcessHostImpl::GetProcessHostForSite(browser_context, site_)) {
    return true;
  }

@@ -134,7 +133,8 @@ RenderProcessHost* SiteInstanceImpl::GetProcess() {
      process_reuse_policy_ = ProcessReusePolicy::DEFAULT;
    }

-    process_ = RenderProcessHostImpl::GetProcessHostForSiteInstance(this);
+    process_ = RenderProcessHostImpl::GetProcessHostForSiteInstance(
+        browser_context, this);

    CHECK(process_);
    process_->AddObserver(this);
@@ -144,8 +144,8 @@ RenderProcessHost* SiteInstanceImpl::GetProcess() {
    // at this time, we will register it in SetSite().)
    if (process_reuse_policy_ == ProcessReusePolicy::PROCESS_PER_SITE &&
        has_site_) {
-      RenderProcessHostImpl::RegisterSoleProcessHostForSite(browser_context,
-                                                            process_, this);
+      RenderProcessHostImpl::RegisterProcessHostForSite(browser_context,
+                                                        process_, site_);
    }

    TRACE_EVENT2("navigation", "SiteInstanceImpl::GetProcess",
@@ -182,10 +182,8 @@ void SiteInstanceImpl::SetSite(const GURL& url) {
  // URL is invalid.
  has_site_ = true;
  BrowserContext* browser_context = browsing_instance_->browser_context();
-  site_ =
-      GetSiteForURL(browser_context, url, true /* should_use_effective_urls */);
+  site_ = GetSiteForURL(browser_context, url);
  original_url_ = url;
-  lock_url_ = DetermineProcessLockURL(browser_context, url);

  // Now that we have a site, register it with the BrowsingInstance.  This
  // ensures that we won't create another SiteInstance for this site within
@@ -205,8 +203,8 @@ void SiteInstanceImpl::SetSite(const GURL& url) {

    // Ensure the process is registered for this site if necessary.
    if (should_use_process_per_site) {
-      RenderProcessHostImpl::RegisterSoleProcessHostForSite(browser_context,
-                                                            process_, this);
+      RenderProcessHostImpl::RegisterProcessHostForSite(
+          browser_context, process_, site_);
    }
  }
 }
@@ -264,13 +262,9 @@ bool SiteInstanceImpl::HasWrongProcessForURL(const GURL& url) {

  // If the site URL is an extension (e.g., for hosted apps or WebUI) but the
  // process is not (or vice versa), make sure we notice and fix it.
-  GURL site_url =
-      SiteInstance::GetSiteForURL(browsing_instance_->browser_context(), url);
-  GURL origin_lock =
-      DetermineProcessLockURL(browsing_instance_->browser_context(), url);
+  GURL site_url = GetSiteForURL(browsing_instance_->browser_context(), url);
  return !RenderProcessHostImpl::IsSuitableHost(
-      GetProcess(), browsing_instance_->browser_context(), site_url,
-      origin_lock);
+      GetProcess(), browsing_instance_->browser_context(), site_url);
 }

 scoped_refptr<SiteInstanceImpl>
@@ -421,32 +415,12 @@ bool SiteInstanceImpl::IsSameWebSite(BrowserContext* browser_context,

 // static
 GURL SiteInstance::GetSiteForURL(BrowserContext* browser_context,
-                                 const GURL& url) {
-  // By default, GetSiteForURL will resolve |real_url| to an effective URL
-  // before computing its site.
-  return SiteInstanceImpl::GetSiteForURL(browser_context, url,
-                                         true /* should_use_effective_urls */);
-}
-
-// static
-GURL SiteInstanceImpl::DetermineProcessLockURL(BrowserContext* browser_context,
-                                               const GURL& url) {
-  // For the process lock URL, convert |url| to a site without resolving |url|
-  // to an effective URL.
-  return SiteInstanceImpl::GetSiteForURL(browser_context, url,
-                                         false /* should_use_effective_urls */);
-}
-
-GURL SiteInstanceImpl::GetSiteForURL(BrowserContext* browser_context,
-                                     const GURL& real_url,
-                                     bool should_use_effective_urls) {
+                                 const GURL& real_url) {
  // TODO(fsamuel, creis): For some reason appID is not recognized as a host.
  if (real_url.SchemeIs(kGuestScheme))
    return real_url;

-  GURL url = should_use_effective_urls
-                 ? SiteInstanceImpl::GetEffectiveURL(browser_context, real_url)
-                 : real_url;
+  GURL url = SiteInstanceImpl::GetEffectiveURL(browser_context, real_url);
  url::Origin origin = url::Origin::Create(url);

  // Isolated origins should use the full origin as their site URL. A subdomain
@@ -548,7 +522,7 @@ bool SiteInstanceImpl::DoesSiteRequireDedicatedProcess(
    return true;

  // Always require a dedicated process for isolated origins.
-  GURL site_url = SiteInstance::GetSiteForURL(browser_context, url);
+  GURL site_url = GetSiteForURL(browser_context, url);
  auto* policy = ChildProcessSecurityPolicyImpl::GetInstance();
  if (policy->IsIsolatedOrigin(url::Origin::Create(site_url)))
    return true;
@@ -631,7 +605,7 @@ void SiteInstanceImpl::LockToOriginIfNeeded() {

  ChildProcessSecurityPolicyImpl* policy =
      ChildProcessSecurityPolicyImpl::GetInstance();
-  auto lock_state = policy->CheckOriginLock(process_->GetID(), lock_url());
+  auto lock_state = policy->CheckOriginLock(process_->GetID(), site_);
  if (ShouldLockToOrigin(GetBrowserContext(), site_)) {
    // Sanity check that this won't try to assign an origin lock to a <webview>
    // process, which can't be locked.
@@ -643,7 +617,7 @@ void SiteInstanceImpl::LockToOriginIfNeeded() {
        // strong protection. If only some sites are isolated, we need
        // additional logic to prevent the non-isolated sites from requesting
        // resources for isolated sites. https://crbug.com/509125
-        process_->LockToOrigin(lock_url());
+        process_->LockToOrigin(site_);
        break;
      }
      case CheckOriginLockResult::HAS_WRONG_LOCK:
@@ -654,7 +628,7 @@ void SiteInstanceImpl::LockToOriginIfNeeded() {
        base::debug::SetCrashKeyString(
            bad_message::GetKilledProcessOriginLockKey(),
            policy->GetOriginLock(process_->GetID()).spec());
-        CHECK(false) << "Trying to lock a process to " << lock_url()
+        CHECK(false) << "Trying to lock a process to " << site_
                     << " but the process is already locked to "
                     << policy->GetOriginLock(process_->GetID());
        break;

--- a/content/browser/site_instance_impl.h
+++ b/content/browser/site_instance_impl.h
@@ -116,29 +116,11 @@ class CONTENT_EXPORT SiteInstanceImpl final : public SiteInstance,
  // May be empty if this SiteInstance does not have a |site_|.
  const GURL& original_url() { return original_url_; }

-  // Returns the URL which should be used in a LockToOrigin call for this
-  // SiteInstance's process.
-  const GURL& lock_url() { return lock_url_; }
-
  // True if |url| resolves to an effective URL that is different from |url|.
  // See GetEffectiveURL().  This will be true for hosted apps as well as NTP
  // URLs.
  static bool HasEffectiveURL(BrowserContext* browser_context, const GURL& url);

-  // Returns the site for the given URL, which includes only the scheme and
-  // registered domain.  Returns an empty GURL if the URL has no host.
-  // |use_effective_urls| specifies whether to resolve |url| to an effective
-  // URL (via ContentBrowserClient::GetEffectiveURL()) before determining the
-  // site.
-  static GURL GetSiteForURL(BrowserContext* context,
-                            const GURL& url,
-                            bool use_effective_urls);
-
-  // Returns the URL to which a process should be locked for the given URL.
-  // This is computed similarly to the site URL (see GetSiteForURL), but
-  // without resolving effective URLs.
-  static GURL DetermineProcessLockURL(BrowserContext* context, const GURL& url);
-
  // Returns the SiteInstance, related to this one, that should be used
  // for subframes when an oopif is required, but a dedicated process is not.
  // This SiteInstance will be created if it doesn't already exist. There is
@@ -293,12 +275,6 @@ class CONTENT_EXPORT SiteInstanceImpl final : public SiteInstance,
  // The URL which was used to set the |site_| for this SiteInstance.
  GURL original_url_;

-  // The URL to use when locking a process to this SiteInstance's site via
-  // LockToOrigin().  This is the same as |site_| except for cases involving
-  // effective URLs, such as hosted apps.  In those cases, this URL is a site
-  // URL that is computed without the use of effective URLs.
-  GURL lock_url_;
-
  // The ProcessReusePolicy to use when creating a RenderProcessHost for this
  // SiteInstance.
  ProcessReusePolicy process_reuse_policy_;

--- a/content/browser/site_instance_impl_unittest.cc
+++ b/content/browser/site_instance_impl_unittest.cc
--- a/content/public/browser/site_instance.h
+++ b/content/public/browser/site_instance.h
@@ -170,9 +170,7 @@ class CONTENT_EXPORT SiteInstance : public base::RefCounted<SiteInstance> {
                            const GURL& dest_url);

  // Returns the site for the given URL, which includes only the scheme and
-  // registered domain.  Returns an empty GURL if the URL has no host. Prior to
-  // determining the site, |url| is resolved to an effective URL via
-  // ContentBrowserClient::GetEffectiveURL().
+  // registered domain.  Returns an empty GURL if the URL has no host.
  static GURL GetSiteForURL(BrowserContext* context, const GURL& url);

 protected: