Consume before DocumentLoader::StartLoading to avoid a crash.

Otherwise Frame::Client() returns null for detached frames.

The following tests cover this case:
- fast/frames/subframe-load-crash-main.html
- fast/parser/xhtml-synchronous-detach-crash.html

Bug: 865629
Change-Id: Id244983b638244d2ef52a34e2489da0b3d6c2144
Reviewed-on: https://chromium-review.googlesource.com/1145228
Commit-Queue: Mustaq Ahmed <mustaq@chromium.org>
Reviewed-by: Daniel Cheng <dcheng@chromium.org>
Cr-Commit-Position: refs/heads/master@{#579536}

third_party/blink/renderer/core/loader/frame_loader.cc

@@ -930,6 +930,14 @@ void FrameLoader::StartNavigation(const FrameLoadRequest& passed_request,
                                             resource_request);
   DCHECK(provisional_document_loader_);
 
+  // TODO(csharrison): In M70 when UserActivation v2 should ship, we can remove
+  // the check that the pages are equal, because consumption should not be
+  // shared across pages.
+  if (frame_->IsMainFrame() && origin_document &&
+      frame_->GetPage() == origin_document->GetPage()) {
+    Frame::ConsumeTransientUserActivation(frame_);
+  }
+
   // TODO(dgozman): there is still a possibility of
   // |kNavigationPolicyCurrentTab| when starting a navigation. Perhaps, we can
   // just call CommitNavigation in this case instead, maybe from client side?
@@ -944,14 +952,6 @@ void FrameLoader::StartNavigation(const FrameLoadRequest& passed_request,
     probe::frameScheduledClientNavigation(frame_);
   }
 
-  // TODO(csharrison): In M70 when UserActivation v2 should ship, we can remove
-  // the check that the pages are equal, because consumption should not be
-  // shared across pages.
-  if (frame_->IsMainFrame() && origin_document &&
-      frame_->GetPage() == origin_document->GetPage()) {
-    Frame::ConsumeTransientUserActivation(frame_);
-  }
-
   TakeObjectSnapshot();
 }