Fix AllowSignedExchange crashing when closing incognito window

The PrefetchURLLoader's lifetime is managed using
mojo::MakeStrongBinding, which means it may live until after the
BrowserContext is destroyed. Instead of keeping the browser context
around to check if signed exchange is allowed, we check in the
constructor and cache the value.

Bug: 1016373
Change-Id: Ia6722ed37a8213078be856b11b9dde70ef230e8d
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1881379
Commit-Queue: Clark DuVall <cduvall@chromium.org>
Reviewed-by: Kinuko Yasuda <kinuko@chromium.org>
Cr-Commit-Position: refs/heads/master@{#709973}

content/browser/loader/prefetch_url_loader.cc

@@ -52,16 +52,18 @@ PrefetchURLLoader::PrefetchURLLoader(
       client_binding_(this),
       forwarding_client_(std::move(client)),
       url_loader_throttles_getter_(url_loader_throttles_getter),
-      browser_context_(browser_context),
       signed_exchange_prefetch_metric_recorder_(
           std::move(signed_exchange_prefetch_metric_recorder)),
       accept_langs_(accept_langs),
       recursive_prefetch_token_generator_(
-          std::move(recursive_prefetch_token_generator)) {
+          std::move(recursive_prefetch_token_generator)),
+      is_signed_exchange_handling_enabled_(
+          signed_exchange_utils::IsSignedExchangeHandlingEnabled(
+              browser_context)) {
   DCHECK(network_loader_factory_);
   RecordPrefetchRedirectHistogram(PrefetchRedirect::kPrefetchMade);
 
-  if (IsSignedExchangeHandlingEnabled()) {
+  if (is_signed_exchange_handling_enabled_) {
     // Set the SignedExchange accept header.
     // (https://wicg.github.io/webpackage/draft-yasskin-http-origin-signed-responses.html#internet-media-type-applicationsigned-exchange).
     resource_request_.headers.SetHeader(
@@ -71,7 +73,7 @@ PrefetchURLLoader::PrefetchURLLoader(
       prefetched_signed_exchange_cache_adapter_ =
           std::make_unique<PrefetchedSignedExchangeCacheAdapter>(
               std::move(prefetched_signed_exchange_cache),
-              BrowserContext::GetBlobStorageContext(browser_context_),
+              BrowserContext::GetBlobStorageContext(browser_context),
               resource_request.url, this);
     }
   }
@@ -146,7 +148,7 @@ void PrefetchURLLoader::ResumeReadingBodyFromNet() {
 
 void PrefetchURLLoader::OnReceiveResponse(
     network::mojom::URLResponseHeadPtr response) {
-  if (IsSignedExchangeHandlingEnabled() &&
+  if (is_signed_exchange_handling_enabled_ &&
       signed_exchange_utils::ShouldHandleAsSignedHTTPExchange(
           resource_request_.url, response)) {
     DCHECK(!signed_exchange_prefetch_handler_);
@@ -279,9 +281,4 @@ void PrefetchURLLoader::OnNetworkConnectionError() {
   forwarding_client_.reset();
 }
 
-bool PrefetchURLLoader::IsSignedExchangeHandlingEnabled() {
-  return signed_exchange_utils::IsSignedExchangeHandlingEnabled(
-      browser_context_);
-}
-
 }  // namespace content

content/browser/loader/prefetch_url_loader.h

@@ -123,8 +123,6 @@ class CONTENT_EXPORT PrefetchURLLoader : public network::mojom::URLLoader,
 
   void OnNetworkConnectionError();
 
-  bool IsSignedExchangeHandlingEnabled();
-
   const int frame_tree_node_id_;
 
   // Set in the constructor and updated when redirected.
@@ -140,7 +138,6 @@ class CONTENT_EXPORT PrefetchURLLoader : public network::mojom::URLLoader,
   network::mojom::URLLoaderClientPtr forwarding_client_;
 
   URLLoaderThrottlesGetter url_loader_throttles_getter_;
-  BrowserContext* browser_context_;
 
   std::unique_ptr<mojo::DataPipeDrainer> pipe_drainer_;
 
@@ -159,6 +156,10 @@ class CONTENT_EXPORT PrefetchURLLoader : public network::mojom::URLLoader,
 
   RecursivePrefetchTokenGenerator recursive_prefetch_token_generator_;
 
+  // TODO(kinuko): This value can become stale if the preference is updated.
+  // Make this listen to the changes if it becomes a real concern.
+  bool is_signed_exchange_handling_enabled_ = false;
+
   DISALLOW_COPY_AND_ASSIGN(PrefetchURLLoader);
 };