Destroy SSLErrorHandler on new navigations so that it can properly be recreated.

Since |SSLErrorHandler| was a |WebContentsUserData| tied to the lifetime of a
|WebContents|, it wasn't properly deleted when the |WebContents| was reloaded
or navigated to another page. This CL removes the error handler explicitly and
adds browser tests to assert reload/navigate behavior.

BUG=453875

Review URL: https://codereview.chromium.org/1004283004

Cr-Commit-Position: refs/heads/master@{#321603}

chrome/browser/ssl/ssl_error_handler.cc

@@ -4,6 +4,7 @@
 
 #include "chrome/browser/ssl/ssl_error_handler.h"
 
+#include "base/callback_helpers.h"
 #include "base/metrics/field_trial.h"
 #include "base/metrics/histogram.h"
 #include "base/time/time.h"
@@ -126,7 +127,8 @@ SSLErrorHandler::SSLErrorHandler(content::WebContents* web_contents,
                                  const GURL& request_url,
                                  int options_mask,
                                  const base::Callback<void(bool)>& callback)
-    : web_contents_(web_contents),
+    : content::WebContentsObserver(web_contents),
+      web_contents_(web_contents),
       cert_error_(cert_error),
       ssl_info_(ssl_info),
       request_url_(request_url),
@@ -223,3 +225,17 @@ void SSLErrorHandler::Observe(
   }
 #endif
 }
+
+// Destroy the error handler on all new navigations. This ensures that the
+// handler is properly recreated when a hanging page is navigated to an SSL
+// error, even when the tab's WebContents doesn't change.
+void SSLErrorHandler::DidStartNavigationToPendingEntry(
+    const GURL& url,
+    content::NavigationController::ReloadType reload_type) {
+  // Need to explicity deny the certificate via the callback, otherwise memory
+  // is leaked.
+  if (!callback_.is_null()) {
+    base::ResetAndReturn(&callback_).Run(false);
+  }
+  web_contents_->RemoveUserData(UserDataKey());
+}

chrome/browser/ssl/ssl_error_handler.h

@@ -13,6 +13,7 @@
 #include "chrome/browser/chrome_notification_types.h"
 #include "content/public/browser/notification_observer.h"
 #include "content/public/browser/notification_registrar.h"
+#include "content/public/browser/web_contents_observer.h"
 #include "content/public/browser/web_contents_user_data.h"
 #include "net/ssl/ssl_info.h"
 #include "url/gurl.h"
@@ -35,6 +36,7 @@ class WebContents;
 // captive_portal::CaptivePortalService which can only be accessed on the UI
 // thread.
 class SSLErrorHandler : public content::WebContentsUserData<SSLErrorHandler>,
+                        public content::WebContentsObserver,
                         public content::NotificationObserver {
  public:
   // Type of the delay to display the SSL interstitial.
@@ -91,12 +93,17 @@ class SSLErrorHandler : public content::WebContentsUserData<SSLErrorHandler>,
       const content::NotificationSource& source,
       const content::NotificationDetails& details) override;
 
+  // content::WebContentsObserver:
+  void DidStartNavigationToPendingEntry(
+      const GURL& url,
+      content::NavigationController::ReloadType reload_type) override;
+
   content::WebContents* web_contents_;
   const int cert_error_;
   const net::SSLInfo ssl_info_;
   const GURL request_url_;
   const int options_mask_;
-  const base::Callback<void(bool)> callback_;
+  base::Callback<void(bool)> callback_;
 
   content::NotificationRegistrar registrar_;
   base::OneShotTimer<SSLErrorHandler> timer_;