render_frame_host_manager.cc revision 116680a4aac90f2aa7413d9095a592090648e557
1// Copyright 2013 The Chromium Authors. All rights reserved. 2// Use of this source code is governed by a BSD-style license that can be 3// found in the LICENSE file. 4 5#include "content/browser/frame_host/render_frame_host_manager.h" 6 7#include <utility> 8 9#include "base/command_line.h" 10#include "base/debug/trace_event.h" 11#include "base/logging.h" 12#include "base/stl_util.h" 13#include "content/browser/child_process_security_policy_impl.h" 14#include "content/browser/devtools/render_view_devtools_agent_host.h" 15#include "content/browser/frame_host/cross_site_transferring_request.h" 16#include "content/browser/frame_host/debug_urls.h" 17#include "content/browser/frame_host/interstitial_page_impl.h" 18#include "content/browser/frame_host/navigation_controller_impl.h" 19#include "content/browser/frame_host/navigation_entry_impl.h" 20#include "content/browser/frame_host/navigation_request.h" 21#include "content/browser/frame_host/navigation_request_info.h" 22#include "content/browser/frame_host/navigator.h" 23#include "content/browser/frame_host/render_frame_host_factory.h" 24#include "content/browser/frame_host/render_frame_host_impl.h" 25#include "content/browser/frame_host/render_frame_proxy_host.h" 26#include "content/browser/renderer_host/render_process_host_impl.h" 27#include "content/browser/renderer_host/render_view_host_factory.h" 28#include "content/browser/renderer_host/render_view_host_impl.h" 29#include "content/browser/site_instance_impl.h" 30#include "content/browser/webui/web_ui_controller_factory_registry.h" 31#include "content/browser/webui/web_ui_impl.h" 32#include "content/common/view_messages.h" 33#include "content/public/browser/content_browser_client.h" 34#include "content/public/browser/notification_service.h" 35#include "content/public/browser/notification_types.h" 36#include "content/public/browser/render_widget_host_iterator.h" 37#include "content/public/browser/render_widget_host_view.h" 38#include "content/public/browser/user_metrics.h" 39#include "content/public/browser/web_ui_controller.h" 40#include "content/public/common/content_switches.h" 41#include "content/public/common/url_constants.h" 42 43namespace content { 44 45RenderFrameHostManager::PendingNavigationParams::PendingNavigationParams( 46 const GlobalRequestID& global_request_id, 47 scoped_ptr<CrossSiteTransferringRequest> cross_site_transferring_request, 48 const std::vector<GURL>& transfer_url_chain, 49 Referrer referrer, 50 PageTransition page_transition, 51 int render_frame_id, 52 bool should_replace_current_entry) 53 : global_request_id(global_request_id), 54 cross_site_transferring_request(cross_site_transferring_request.Pass()), 55 transfer_url_chain(transfer_url_chain), 56 referrer(referrer), 57 page_transition(page_transition), 58 render_frame_id(render_frame_id), 59 should_replace_current_entry(should_replace_current_entry) { 60} 61 62RenderFrameHostManager::PendingNavigationParams::~PendingNavigationParams() {} 63 64bool RenderFrameHostManager::ClearRFHsPendingShutdown(FrameTreeNode* node) { 65 node->render_manager()->pending_delete_hosts_.clear(); 66 return true; 67} 68 69RenderFrameHostManager::RenderFrameHostManager( 70 FrameTreeNode* frame_tree_node, 71 RenderFrameHostDelegate* render_frame_delegate, 72 RenderViewHostDelegate* render_view_delegate, 73 RenderWidgetHostDelegate* render_widget_delegate, 74 Delegate* delegate) 75 : frame_tree_node_(frame_tree_node), 76 delegate_(delegate), 77 cross_navigation_pending_(false), 78 render_frame_delegate_(render_frame_delegate), 79 render_view_delegate_(render_view_delegate), 80 render_widget_delegate_(render_widget_delegate), 81 interstitial_page_(NULL), 82 weak_factory_(this) { 83 DCHECK(frame_tree_node_); 84} 85 86RenderFrameHostManager::~RenderFrameHostManager() { 87 if (pending_render_frame_host_) 88 CancelPending(); 89 90 // We should always have a current RenderFrameHost except in some tests. 91 SetRenderFrameHost(scoped_ptr<RenderFrameHostImpl>()); 92 93 // Delete any swapped out RenderFrameHosts. 94 STLDeleteValues(&proxy_hosts_); 95} 96 97void RenderFrameHostManager::Init(BrowserContext* browser_context, 98 SiteInstance* site_instance, 99 int view_routing_id, 100 int frame_routing_id) { 101 // Create a RenderViewHost and RenderFrameHost, once we have an instance. It 102 // is important to immediately give this SiteInstance to a RenderViewHost so 103 // that the SiteInstance is ref counted. 104 if (!site_instance) 105 site_instance = SiteInstance::Create(browser_context); 106 107 SetRenderFrameHost(CreateRenderFrameHost(site_instance, 108 view_routing_id, 109 frame_routing_id, 110 false, 111 delegate_->IsHidden())); 112 113 // Keep track of renderer processes as they start to shut down or are 114 // crashed/killed. 115 registrar_.Add(this, NOTIFICATION_RENDERER_PROCESS_CLOSED, 116 NotificationService::AllSources()); 117 registrar_.Add(this, NOTIFICATION_RENDERER_PROCESS_CLOSING, 118 NotificationService::AllSources()); 119} 120 121RenderViewHostImpl* RenderFrameHostManager::current_host() const { 122 if (!render_frame_host_) 123 return NULL; 124 return render_frame_host_->render_view_host(); 125} 126 127RenderViewHostImpl* RenderFrameHostManager::pending_render_view_host() const { 128 if (!pending_render_frame_host_) 129 return NULL; 130 return pending_render_frame_host_->render_view_host(); 131} 132 133RenderWidgetHostView* RenderFrameHostManager::GetRenderWidgetHostView() const { 134 if (interstitial_page_) 135 return interstitial_page_->GetView(); 136 if (!render_frame_host_) 137 return NULL; 138 return render_frame_host_->render_view_host()->GetView(); 139} 140 141RenderFrameProxyHost* RenderFrameHostManager::GetProxyToParent() { 142 if (frame_tree_node_->IsMainFrame()) 143 return NULL; 144 145 RenderFrameProxyHostMap::iterator iter = 146 proxy_hosts_.find(frame_tree_node_->parent() 147 ->render_manager() 148 ->current_frame_host() 149 ->GetSiteInstance() 150 ->GetId()); 151 if (iter == proxy_hosts_.end()) 152 return NULL; 153 154 return iter->second; 155} 156 157void RenderFrameHostManager::SetPendingWebUI(const NavigationEntryImpl& entry) { 158 pending_web_ui_.reset( 159 delegate_->CreateWebUIForRenderManager(entry.GetURL())); 160 pending_and_current_web_ui_.reset(); 161 162 // If we have assigned (zero or more) bindings to this NavigationEntry in the 163 // past, make sure we're not granting it different bindings than it had 164 // before. If so, note it and don't give it any bindings, to avoid a 165 // potential privilege escalation. 166 if (pending_web_ui_.get() && 167 entry.bindings() != NavigationEntryImpl::kInvalidBindings && 168 pending_web_ui_->GetBindings() != entry.bindings()) { 169 RecordAction( 170 base::UserMetricsAction("ProcessSwapBindingsMismatch_RVHM")); 171 pending_web_ui_.reset(); 172 } 173} 174 175RenderFrameHostImpl* RenderFrameHostManager::Navigate( 176 const NavigationEntryImpl& entry) { 177 TRACE_EVENT0("browser", "RenderFrameHostManager:Navigate"); 178 // Create a pending RenderFrameHost to use for the navigation. 179 RenderFrameHostImpl* dest_render_frame_host = UpdateStateForNavigate(entry); 180 if (!dest_render_frame_host) 181 return NULL; // We weren't able to create a pending render frame host. 182 183 // If the current render_frame_host_ isn't live, we should create it so 184 // that we don't show a sad tab while the dest_render_frame_host fetches 185 // its first page. (Bug 1145340) 186 if (dest_render_frame_host != render_frame_host_ && 187 !render_frame_host_->render_view_host()->IsRenderViewLive()) { 188 // Note: we don't call InitRenderView here because we are navigating away 189 // soon anyway, and we don't have the NavigationEntry for this host. 190 delegate_->CreateRenderViewForRenderManager( 191 render_frame_host_->render_view_host(), MSG_ROUTING_NONE, 192 MSG_ROUTING_NONE, frame_tree_node_->IsMainFrame()); 193 } 194 195 // If the renderer crashed, then try to create a new one to satisfy this 196 // navigation request. 197 if (!dest_render_frame_host->render_view_host()->IsRenderViewLive()) { 198 // Recreate the opener chain. 199 int opener_route_id = delegate_->CreateOpenerRenderViewsForRenderManager( 200 dest_render_frame_host->GetSiteInstance()); 201 if (!InitRenderView(dest_render_frame_host->render_view_host(), 202 opener_route_id, 203 MSG_ROUTING_NONE, 204 frame_tree_node_->IsMainFrame())) 205 return NULL; 206 207 // Now that we've created a new renderer, be sure to hide it if it isn't 208 // our primary one. Otherwise, we might crash if we try to call Show() 209 // on it later. 210 if (dest_render_frame_host != render_frame_host_ && 211 dest_render_frame_host->render_view_host()->GetView()) { 212 dest_render_frame_host->render_view_host()->GetView()->Hide(); 213 } else { 214 // Notify here as we won't be calling CommitPending (which does the 215 // notify). 216 delegate_->NotifySwappedFromRenderManager( 217 NULL, render_frame_host_.get(), frame_tree_node_->IsMainFrame()); 218 } 219 } 220 221 // If entry includes the request ID of a request that is being transferred, 222 // the destination render frame will take ownership, so release ownership of 223 // the request. 224 if (pending_nav_params_ && 225 pending_nav_params_->global_request_id == 226 entry.transferred_global_request_id()) { 227 pending_nav_params_->cross_site_transferring_request->ReleaseRequest(); 228 } 229 230 return dest_render_frame_host; 231} 232 233void RenderFrameHostManager::Stop() { 234 render_frame_host_->render_view_host()->Stop(); 235 236 // If we are cross-navigating, we should stop the pending renderers. This 237 // will lead to a DidFailProvisionalLoad, which will properly destroy them. 238 if (cross_navigation_pending_) { 239 pending_render_frame_host_->render_view_host()->Send(new ViewMsg_Stop( 240 pending_render_frame_host_->render_view_host()->GetRoutingID())); 241 } 242} 243 244void RenderFrameHostManager::SetIsLoading(bool is_loading) { 245 render_frame_host_->render_view_host()->SetIsLoading(is_loading); 246 if (pending_render_frame_host_) 247 pending_render_frame_host_->render_view_host()->SetIsLoading(is_loading); 248} 249 250bool RenderFrameHostManager::ShouldCloseTabOnUnresponsiveRenderer() { 251 if (!cross_navigation_pending_) 252 return true; 253 254 // We should always have a pending RFH when there's a cross-process navigation 255 // in progress. Sanity check this for http://crbug.com/276333. 256 CHECK(pending_render_frame_host_); 257 258 // If the tab becomes unresponsive during {before}unload while doing a 259 // cross-site navigation, proceed with the navigation. (This assumes that 260 // the pending RenderFrameHost is still responsive.) 261 if (render_frame_host_->render_view_host()->IsWaitingForUnloadACK()) { 262 // The request has been started and paused while we're waiting for the 263 // unload handler to finish. We'll pretend that it did. The pending 264 // renderer will then be swapped in as part of the usual DidNavigate logic. 265 // (If the unload handler later finishes, this call will be ignored because 266 // the pending_nav_params_ state will already be cleaned up.) 267 current_host()->OnSwappedOut(true); 268 } else if (render_frame_host_->render_view_host()-> 269 is_waiting_for_beforeunload_ack()) { 270 // Haven't gotten around to starting the request, because we're still 271 // waiting for the beforeunload handler to finish. We'll pretend that it 272 // did finish, to let the navigation proceed. Note that there's a danger 273 // that the beforeunload handler will later finish and possibly return 274 // false (meaning the navigation should not proceed), but we'll ignore it 275 // in this case because it took too long. 276 if (pending_render_frame_host_->render_view_host()-> 277 are_navigations_suspended()) { 278 pending_render_frame_host_->render_view_host()->SetNavigationsSuspended( 279 false, base::TimeTicks::Now()); 280 } 281 } 282 return false; 283} 284 285void RenderFrameHostManager::OnBeforeUnloadACK( 286 bool for_cross_site_transition, 287 bool proceed, 288 const base::TimeTicks& proceed_time) { 289 if (for_cross_site_transition) { 290 // Ignore if we're not in a cross-site navigation. 291 if (!cross_navigation_pending_) 292 return; 293 294 if (proceed) { 295 // Ok to unload the current page, so proceed with the cross-site 296 // navigation. Note that if navigations are not currently suspended, it 297 // might be because the renderer was deemed unresponsive and this call was 298 // already made by ShouldCloseTabOnUnresponsiveRenderer. In that case, it 299 // is ok to do nothing here. 300 if (pending_render_frame_host_ && 301 pending_render_frame_host_->render_view_host()-> 302 are_navigations_suspended()) { 303 pending_render_frame_host_->render_view_host()-> 304 SetNavigationsSuspended(false, proceed_time); 305 } 306 } else { 307 // Current page says to cancel. 308 CancelPending(); 309 cross_navigation_pending_ = false; 310 } 311 } else { 312 // Non-cross site transition means closing the entire tab. 313 bool proceed_to_fire_unload; 314 delegate_->BeforeUnloadFiredFromRenderManager(proceed, proceed_time, 315 &proceed_to_fire_unload); 316 317 if (proceed_to_fire_unload) { 318 // If we're about to close the tab and there's a pending RFH, cancel it. 319 // Otherwise, if the navigation in the pending RFH completes before the 320 // close in the current RFH, we'll lose the tab close. 321 if (pending_render_frame_host_) { 322 CancelPending(); 323 cross_navigation_pending_ = false; 324 } 325 326 // This is not a cross-site navigation, the tab is being closed. 327 render_frame_host_->render_view_host()->ClosePage(); 328 } 329 } 330} 331 332void RenderFrameHostManager::OnCrossSiteResponse( 333 RenderFrameHostImpl* pending_render_frame_host, 334 const GlobalRequestID& global_request_id, 335 scoped_ptr<CrossSiteTransferringRequest> cross_site_transferring_request, 336 const std::vector<GURL>& transfer_url_chain, 337 const Referrer& referrer, 338 PageTransition page_transition, 339 bool should_replace_current_entry) { 340 // This should be called either when the pending RFH is ready to commit or 341 // when we realize that the current RFH's request requires a transfer. 342 DCHECK(pending_render_frame_host == pending_render_frame_host_ || 343 pending_render_frame_host == render_frame_host_); 344 345 // TODO(creis): Eventually we will want to check all navigation responses 346 // here, but currently we pass information for a transfer if 347 // ShouldSwapProcessesForRedirect returned true in the network stack. 348 // In that case, we should set up a transfer after the unload handler runs. 349 // If |cross_site_transferring_request| is NULL, we will just run the unload 350 // handler and resume. 351 pending_nav_params_.reset(new PendingNavigationParams( 352 global_request_id, cross_site_transferring_request.Pass(), 353 transfer_url_chain, referrer, page_transition, 354 pending_render_frame_host->GetRoutingID(), 355 should_replace_current_entry)); 356 357 // Run the unload handler of the current page. 358 SwapOutOldPage(); 359} 360 361void RenderFrameHostManager::OnDeferredAfterResponseStarted( 362 const GlobalRequestID& global_request_id, 363 RenderFrameHostImpl* pending_render_frame_host) { 364 DCHECK(!response_started_id_.get()); 365 366 response_started_id_.reset(new GlobalRequestID(global_request_id)); 367} 368 369void RenderFrameHostManager::ResumeResponseDeferredAtStart() { 370 DCHECK(response_started_id_.get()); 371 372 RenderProcessHostImpl* process = 373 static_cast<RenderProcessHostImpl*>(render_frame_host_->GetProcess()); 374 process->ResumeResponseDeferredAtStart(*response_started_id_); 375 376 render_frame_host_->SetHasPendingTransitionRequest(false); 377 378 response_started_id_.reset(); 379} 380 381void RenderFrameHostManager::SwappedOut( 382 RenderFrameHostImpl* render_frame_host) { 383 // Make sure this is from our current RFH, and that we have a pending 384 // navigation from OnCrossSiteResponse. (There may be no pending navigation 385 // for data URLs that don't make network requests, for example.) If not, 386 // just return early and ignore. 387 if (render_frame_host != render_frame_host_ || !pending_nav_params_.get()) { 388 pending_nav_params_.reset(); 389 return; 390 } 391 392 // Now that the unload handler has run, we need to either initiate the 393 // pending transfer (if there is one) or resume the paused response (if not). 394 // TODO(creis): The blank swapped out page is visible during this time, but 395 // we can shorten this by delivering the response directly, rather than 396 // forcing an identical request to be made. 397 if (pending_nav_params_->cross_site_transferring_request) { 398 // Sanity check that the params are for the correct frame and process. 399 // These should match the RenderFrameHost that made the request. 400 // If it started as a cross-process navigation via OpenURL, this is the 401 // pending one. If it wasn't cross-process until the transfer, this is the 402 // current one. 403 int render_frame_id = pending_render_frame_host_ ? 404 pending_render_frame_host_->GetRoutingID() : 405 render_frame_host_->GetRoutingID(); 406 DCHECK_EQ(render_frame_id, pending_nav_params_->render_frame_id); 407 int process_id = pending_render_frame_host_ ? 408 pending_render_frame_host_->GetProcess()->GetID() : 409 render_frame_host_->GetProcess()->GetID(); 410 DCHECK_EQ(process_id, pending_nav_params_->global_request_id.child_id); 411 412 // Treat the last URL in the chain as the destination and the remainder as 413 // the redirect chain. 414 CHECK(pending_nav_params_->transfer_url_chain.size()); 415 GURL transfer_url = pending_nav_params_->transfer_url_chain.back(); 416 pending_nav_params_->transfer_url_chain.pop_back(); 417 418 // We don't know whether the original request had |user_action| set to true. 419 // However, since we force the navigation to be in the current tab, it 420 // doesn't matter. 421 render_frame_host->frame_tree_node()->navigator()->RequestTransferURL( 422 render_frame_host, 423 transfer_url, 424 pending_nav_params_->transfer_url_chain, 425 pending_nav_params_->referrer, 426 pending_nav_params_->page_transition, 427 CURRENT_TAB, 428 pending_nav_params_->global_request_id, 429 pending_nav_params_->should_replace_current_entry, 430 true); 431 } else if (pending_render_frame_host_) { 432 RenderProcessHostImpl* pending_process = 433 static_cast<RenderProcessHostImpl*>( 434 pending_render_frame_host_->GetProcess()); 435 pending_process->ResumeDeferredNavigation( 436 pending_nav_params_->global_request_id); 437 } 438 pending_nav_params_.reset(); 439} 440 441void RenderFrameHostManager::DidNavigateFrame( 442 RenderFrameHostImpl* render_frame_host) { 443 if (!cross_navigation_pending_) { 444 DCHECK(!pending_render_frame_host_); 445 446 // We should only hear this from our current renderer. 447 DCHECK_EQ(render_frame_host_, render_frame_host); 448 449 // Even when there is no pending RVH, there may be a pending Web UI. 450 if (pending_web_ui()) 451 CommitPending(); 452 return; 453 } 454 455 if (render_frame_host == pending_render_frame_host_) { 456 // The pending cross-site navigation completed, so show the renderer. 457 // If it committed without sending network requests (e.g., data URLs), 458 // then we still need to swap out the old RFH first and run its unload 459 // handler, only if it hasn't happened yet. OK for that to happen in the 460 // background. 461 if (pending_render_frame_host_->render_view_host()-> 462 HasPendingCrossSiteRequest() && 463 pending_render_frame_host_->render_view_host()->rvh_state() == 464 RenderViewHostImpl::STATE_DEFAULT) { 465 SwapOutOldPage(); 466 } 467 468 CommitPending(); 469 cross_navigation_pending_ = false; 470 } else if (render_frame_host == render_frame_host_) { 471 // A navigation in the original page has taken place. Cancel the pending 472 // one. 473 CancelPending(); 474 cross_navigation_pending_ = false; 475 } else { 476 // No one else should be sending us DidNavigate in this state. 477 DCHECK(false); 478 } 479} 480 481// TODO(creis): Take in RenderFrameHost instead, since frames can have openers. 482void RenderFrameHostManager::DidDisownOpener(RenderViewHost* render_view_host) { 483 // Notify all swapped out hosts, including the pending RVH. 484 for (RenderFrameProxyHostMap::iterator iter = proxy_hosts_.begin(); 485 iter != proxy_hosts_.end(); 486 ++iter) { 487 DCHECK_NE(iter->second->GetSiteInstance(), 488 current_frame_host()->GetSiteInstance()); 489 iter->second->GetRenderViewHost()->DisownOpener(); 490 } 491} 492 493void RenderFrameHostManager::RendererProcessClosing( 494 RenderProcessHost* render_process_host) { 495 // Remove any swapped out RVHs from this process, so that we don't try to 496 // swap them back in while the process is exiting. Start by finding them, 497 // since there could be more than one. 498 std::list<int> ids_to_remove; 499 for (RenderFrameProxyHostMap::iterator iter = proxy_hosts_.begin(); 500 iter != proxy_hosts_.end(); 501 ++iter) { 502 if (iter->second->GetProcess() == render_process_host) 503 ids_to_remove.push_back(iter->first); 504 } 505 506 // Now delete them. 507 while (!ids_to_remove.empty()) { 508 delete proxy_hosts_[ids_to_remove.back()]; 509 proxy_hosts_.erase(ids_to_remove.back()); 510 ids_to_remove.pop_back(); 511 } 512} 513 514void RenderFrameHostManager::SwapOutOldPage() { 515 // Should only see this while we have a pending renderer or transfer. 516 CHECK(cross_navigation_pending_ || pending_nav_params_.get()); 517 518 // Tell the renderer to suppress any further modal dialogs so that we can swap 519 // it out. This must be done before canceling any current dialog, in case 520 // there is a loop creating additional dialogs. 521 // TODO(creis): Handle modal dialogs in subframe processes. 522 render_frame_host_->render_view_host()->SuppressDialogsUntilSwapOut(); 523 524 // Now close any modal dialogs that would prevent us from swapping out. This 525 // must be done separately from SwapOut, so that the PageGroupLoadDeferrer is 526 // no longer on the stack when we send the SwapOut message. 527 delegate_->CancelModalDialogsForRenderManager(); 528 529 // Create the RenderFrameProxyHost that will replace the 530 // RenderFrameHost which is swapping out. If one exists, ensure it is deleted 531 // from the map and not leaked. 532 RenderFrameProxyHostMap::iterator iter = proxy_hosts_.find( 533 render_frame_host_->GetSiteInstance()->GetId()); 534 if (iter != proxy_hosts_.end()) { 535 delete iter->second; 536 proxy_hosts_.erase(iter); 537 } 538 539 RenderFrameProxyHost* proxy = new RenderFrameProxyHost( 540 render_frame_host_->GetSiteInstance(), frame_tree_node_); 541 proxy_hosts_[render_frame_host_->GetSiteInstance()->GetId()] = proxy; 542 543 // Tell the old frame it is being swapped out. This will fire the unload 544 // handler in the background (without firing the beforeunload handler a second 545 // time). When the navigation completes, we will send a message to the 546 // ResourceDispatcherHost, allowing the pending RVH's response to resume. 547 render_frame_host_->SwapOut(proxy); 548 549 // ResourceDispatcherHost has told us to run the onunload handler, which 550 // means it is not a download or unsafe page, and we are going to perform the 551 // navigation. Thus, we no longer need to remember that the RenderFrameHost 552 // is part of a pending cross-site request. 553 if (pending_render_frame_host_) { 554 pending_render_frame_host_->render_view_host()-> 555 SetHasPendingCrossSiteRequest(false); 556 } 557} 558 559void RenderFrameHostManager::ClearPendingShutdownRFHForSiteInstance( 560 int32 site_instance_id, 561 RenderFrameHostImpl* rfh) { 562 RFHPendingDeleteMap::iterator iter = 563 pending_delete_hosts_.find(site_instance_id); 564 if (iter != pending_delete_hosts_.end() && iter->second.get() == rfh) 565 pending_delete_hosts_.erase(site_instance_id); 566} 567 568void RenderFrameHostManager::ResetProxyHosts() { 569 STLDeleteValues(&proxy_hosts_); 570} 571 572void RenderFrameHostManager::OnBeginNavigation( 573 const FrameHostMsg_BeginNavigation_Params& params) { 574 // TODO(clamy): Check if navigations are blocked and if so, return 575 // immediately. 576 NavigationRequestInfo info(params); 577 578 info.first_party_for_cookies = frame_tree_node_->IsMainFrame() ? 579 params.url : frame_tree_node_->frame_tree()->root()->current_url(); 580 info.is_main_frame = frame_tree_node_->IsMainFrame(); 581 info.parent_is_main_frame = !frame_tree_node_->parent() ? 582 false : frame_tree_node_->parent()->IsMainFrame(); 583 info.is_showing = GetRenderWidgetHostView()->IsShowing(); 584 585 navigation_request_.reset( 586 new NavigationRequest(info, frame_tree_node_->frame_tree_node_id())); 587 navigation_request_->BeginNavigation(params.request_body); 588 // TODO(clamy): If we have no live RenderFrameHost to handle the request (eg 589 // cross-site navigation) spawn one speculatively here and keep track of it. 590} 591 592void RenderFrameHostManager::Observe( 593 int type, 594 const NotificationSource& source, 595 const NotificationDetails& details) { 596 switch (type) { 597 case NOTIFICATION_RENDERER_PROCESS_CLOSED: 598 case NOTIFICATION_RENDERER_PROCESS_CLOSING: 599 RendererProcessClosing( 600 Source<RenderProcessHost>(source).ptr()); 601 break; 602 603 default: 604 NOTREACHED(); 605 } 606} 607 608bool RenderFrameHostManager::ClearProxiesInSiteInstance( 609 int32 site_instance_id, 610 FrameTreeNode* node) { 611 RenderFrameProxyHostMap::iterator iter = 612 node->render_manager()->proxy_hosts_.find(site_instance_id); 613 if (iter != node->render_manager()->proxy_hosts_.end()) { 614 RenderFrameProxyHost* proxy = iter->second; 615 // If the RVH is pending swap out, it needs to switch state to 616 // pending shutdown. Otherwise it is deleted. 617 if (proxy->GetRenderViewHost()->rvh_state() == 618 RenderViewHostImpl::STATE_PENDING_SWAP_OUT) { 619 scoped_ptr<RenderFrameHostImpl> swapped_out_rfh = 620 proxy->PassFrameHostOwnership(); 621 622 swapped_out_rfh->SetPendingShutdown(base::Bind( 623 &RenderFrameHostManager::ClearPendingShutdownRFHForSiteInstance, 624 node->render_manager()->weak_factory_.GetWeakPtr(), 625 site_instance_id, 626 swapped_out_rfh.get())); 627 RFHPendingDeleteMap::iterator pending_delete_iter = 628 node->render_manager()->pending_delete_hosts_.find(site_instance_id); 629 if (pending_delete_iter == 630 node->render_manager()->pending_delete_hosts_.end() || 631 pending_delete_iter->second.get() != swapped_out_rfh) { 632 node->render_manager()->pending_delete_hosts_[site_instance_id] = 633 linked_ptr<RenderFrameHostImpl>(swapped_out_rfh.release()); 634 } 635 } 636 delete proxy; 637 node->render_manager()->proxy_hosts_.erase(site_instance_id); 638 } 639 640 return true; 641} 642 643bool RenderFrameHostManager::ShouldTransitionCrossSite() { 644 // False in the single-process mode, as it makes RVHs to accumulate 645 // in swapped_out_hosts_. 646 // True if we are using process-per-site-instance (default) or 647 // process-per-site (kProcessPerSite). 648 return 649 !CommandLine::ForCurrentProcess()->HasSwitch(switches::kSingleProcess) && 650 !CommandLine::ForCurrentProcess()->HasSwitch(switches::kProcessPerTab); 651} 652 653bool RenderFrameHostManager::ShouldSwapBrowsingInstancesForNavigation( 654 const NavigationEntry* current_entry, 655 const NavigationEntryImpl* new_entry) const { 656 DCHECK(new_entry); 657 658 // If new_entry already has a SiteInstance, assume it is correct. We only 659 // need to force a swap if it is in a different BrowsingInstance. 660 if (new_entry->site_instance()) { 661 return !new_entry->site_instance()->IsRelatedSiteInstance( 662 render_frame_host_->GetSiteInstance()); 663 } 664 665 // Check for reasons to swap processes even if we are in a process model that 666 // doesn't usually swap (e.g., process-per-tab). Any time we return true, 667 // the new_entry will be rendered in a new SiteInstance AND BrowsingInstance. 668 669 // We use the effective URL here, since that's what is used in the 670 // SiteInstance's site and when we later call IsSameWebSite. If there is no 671 // current_entry, check the current SiteInstance's site, which might already 672 // be committed to a Web UI URL (such as the NTP). 673 BrowserContext* browser_context = 674 delegate_->GetControllerForRenderManager().GetBrowserContext(); 675 const GURL& current_url = (current_entry) ? 676 SiteInstanceImpl::GetEffectiveURL(browser_context, 677 current_entry->GetURL()) : 678 render_frame_host_->GetSiteInstance()->GetSiteURL(); 679 const GURL& new_url = SiteInstanceImpl::GetEffectiveURL(browser_context, 680 new_entry->GetURL()); 681 682 // Don't force a new BrowsingInstance for debug URLs that are handled in the 683 // renderer process, like javascript: or chrome://crash. 684 if (IsRendererDebugURL(new_url)) 685 return false; 686 687 // For security, we should transition between processes when one is a Web UI 688 // page and one isn't. 689 if (WebUIControllerFactoryRegistry::GetInstance()->UseWebUIForURL( 690 browser_context, current_url)) { 691 // If so, force a swap if destination is not an acceptable URL for Web UI. 692 // Here, data URLs are never allowed. 693 if (!WebUIControllerFactoryRegistry::GetInstance()->IsURLAcceptableForWebUI( 694 browser_context, new_url)) { 695 return true; 696 } 697 } else { 698 // Force a swap if it's a Web UI URL. 699 if (WebUIControllerFactoryRegistry::GetInstance()->UseWebUIForURL( 700 browser_context, new_url)) { 701 return true; 702 } 703 } 704 705 // Check with the content client as well. Important to pass current_url here, 706 // which uses the SiteInstance's site if there is no current_entry. 707 if (GetContentClient()->browser()->ShouldSwapBrowsingInstancesForNavigation( 708 render_frame_host_->GetSiteInstance(), 709 current_url, new_url)) { 710 return true; 711 } 712 713 // We can't switch a RenderView between view source and non-view source mode 714 // without screwing up the session history sometimes (when navigating between 715 // "view-source:http://foo.com/" and "http://foo.com/", Blink doesn't treat 716 // it as a new navigation). So require a BrowsingInstance switch. 717 if (current_entry && 718 current_entry->IsViewSourceMode() != new_entry->IsViewSourceMode()) 719 return true; 720 721 return false; 722} 723 724bool RenderFrameHostManager::ShouldReuseWebUI( 725 const NavigationEntry* current_entry, 726 const NavigationEntryImpl* new_entry) const { 727 NavigationControllerImpl& controller = 728 delegate_->GetControllerForRenderManager(); 729 return current_entry && web_ui_.get() && 730 (WebUIControllerFactoryRegistry::GetInstance()->GetWebUIType( 731 controller.GetBrowserContext(), current_entry->GetURL()) == 732 WebUIControllerFactoryRegistry::GetInstance()->GetWebUIType( 733 controller.GetBrowserContext(), new_entry->GetURL())); 734} 735 736SiteInstance* RenderFrameHostManager::GetSiteInstanceForEntry( 737 const NavigationEntryImpl& entry, 738 SiteInstance* current_instance, 739 bool force_browsing_instance_swap) { 740 // Determine which SiteInstance to use for navigating to |entry|. 741 const GURL& dest_url = entry.GetURL(); 742 NavigationControllerImpl& controller = 743 delegate_->GetControllerForRenderManager(); 744 BrowserContext* browser_context = controller.GetBrowserContext(); 745 746 // If the entry has an instance already we should use it. 747 if (entry.site_instance()) { 748 // If we are forcing a swap, this should be in a different BrowsingInstance. 749 if (force_browsing_instance_swap) { 750 CHECK(!entry.site_instance()->IsRelatedSiteInstance( 751 render_frame_host_->GetSiteInstance())); 752 } 753 return entry.site_instance(); 754 } 755 756 // If a swap is required, we need to force the SiteInstance AND 757 // BrowsingInstance to be different ones, using CreateForURL. 758 if (force_browsing_instance_swap) 759 return SiteInstance::CreateForURL(browser_context, dest_url); 760 761 // (UGLY) HEURISTIC, process-per-site only: 762 // 763 // If this navigation is generated, then it probably corresponds to a search 764 // query. Given that search results typically lead to users navigating to 765 // other sites, we don't really want to use the search engine hostname to 766 // determine the site instance for this navigation. 767 // 768 // NOTE: This can be removed once we have a way to transition between 769 // RenderViews in response to a link click. 770 // 771 if (CommandLine::ForCurrentProcess()->HasSwitch(switches::kProcessPerSite) && 772 PageTransitionCoreTypeIs(entry.GetTransitionType(), 773 PAGE_TRANSITION_GENERATED)) { 774 return current_instance; 775 } 776 777 SiteInstanceImpl* current_site_instance = 778 static_cast<SiteInstanceImpl*>(current_instance); 779 780 // If we haven't used our SiteInstance (and thus RVH) yet, then we can use it 781 // for this entry. We won't commit the SiteInstance to this site until the 782 // navigation commits (in DidNavigate), unless the navigation entry was 783 // restored or it's a Web UI as described below. 784 if (!current_site_instance->HasSite()) { 785 // If we've already created a SiteInstance for our destination, we don't 786 // want to use this unused SiteInstance; use the existing one. (We don't 787 // do this check if the current_instance has a site, because for now, we 788 // want to compare against the current URL and not the SiteInstance's site. 789 // In this case, there is no current URL, so comparing against the site is 790 // ok. See additional comments below.) 791 // 792 // Also, if the URL should use process-per-site mode and there is an 793 // existing process for the site, we should use it. We can call 794 // GetRelatedSiteInstance() for this, which will eagerly set the site and 795 // thus use the correct process. 796 bool use_process_per_site = 797 RenderProcessHost::ShouldUseProcessPerSite(browser_context, dest_url) && 798 RenderProcessHostImpl::GetProcessHostForSite(browser_context, dest_url); 799 if (current_site_instance->HasRelatedSiteInstance(dest_url) || 800 use_process_per_site) { 801 return current_site_instance->GetRelatedSiteInstance(dest_url); 802 } 803 804 // For extensions, Web UI URLs (such as the new tab page), and apps we do 805 // not want to use the current_instance if it has no site, since it will 806 // have a RenderProcessHost of PRIV_NORMAL. Create a new SiteInstance for 807 // this URL instead (with the correct process type). 808 if (current_site_instance->HasWrongProcessForURL(dest_url)) 809 return current_site_instance->GetRelatedSiteInstance(dest_url); 810 811 // View-source URLs must use a new SiteInstance and BrowsingInstance. 812 // TODO(nasko): This is the same condition as later in the function. This 813 // should be taken into account when refactoring this method as part of 814 // http://crbug.com/123007. 815 if (entry.IsViewSourceMode()) 816 return SiteInstance::CreateForURL(browser_context, dest_url); 817 818 // If we are navigating from a blank SiteInstance to a WebUI, make sure we 819 // create a new SiteInstance. 820 if (WebUIControllerFactoryRegistry::GetInstance()->UseWebUIForURL( 821 browser_context, dest_url)) { 822 return SiteInstance::CreateForURL(browser_context, dest_url); 823 } 824 825 // Normally the "site" on the SiteInstance is set lazily when the load 826 // actually commits. This is to support better process sharing in case 827 // the site redirects to some other site: we want to use the destination 828 // site in the site instance. 829 // 830 // In the case of session restore, as it loads all the pages immediately 831 // we need to set the site first, otherwise after a restore none of the 832 // pages would share renderers in process-per-site. 833 // 834 // The embedder can request some urls never to be assigned to SiteInstance 835 // through the ShouldAssignSiteForURL() content client method, so that 836 // renderers created for particular chrome urls (e.g. the chrome-native:// 837 // scheme) can be reused for subsequent navigations in the same WebContents. 838 // See http://crbug.com/386542. 839 if (entry.restore_type() != NavigationEntryImpl::RESTORE_NONE && 840 GetContentClient()->browser()->ShouldAssignSiteForURL(dest_url)) { 841 current_site_instance->SetSite(dest_url); 842 } 843 844 return current_site_instance; 845 } 846 847 // Otherwise, only create a new SiteInstance for a cross-site navigation. 848 849 // TODO(creis): Once we intercept links and script-based navigations, we 850 // will be able to enforce that all entries in a SiteInstance actually have 851 // the same site, and it will be safe to compare the URL against the 852 // SiteInstance's site, as follows: 853 // const GURL& current_url = current_instance->site(); 854 // For now, though, we're in a hybrid model where you only switch 855 // SiteInstances if you type in a cross-site URL. This means we have to 856 // compare the entry's URL to the last committed entry's URL. 857 NavigationEntry* current_entry = controller.GetLastCommittedEntry(); 858 if (interstitial_page_) { 859 // The interstitial is currently the last committed entry, but we want to 860 // compare against the last non-interstitial entry. 861 current_entry = controller.GetEntryAtOffset(-1); 862 } 863 // If there is no last non-interstitial entry (and current_instance already 864 // has a site), then we must have been opened from another tab. We want 865 // to compare against the URL of the page that opened us, but we can't 866 // get to it directly. The best we can do is check against the site of 867 // the SiteInstance. This will be correct when we intercept links and 868 // script-based navigations, but for now, it could place some pages in a 869 // new process unnecessarily. We should only hit this case if a page tries 870 // to open a new tab to an interstitial-inducing URL, and then navigates 871 // the page to a different same-site URL. (This seems very unlikely in 872 // practice.) 873 const GURL& current_url = (current_entry) ? current_entry->GetURL() : 874 current_instance->GetSiteURL(); 875 876 // View-source URLs must use a new SiteInstance and BrowsingInstance. 877 // We don't need a swap when going from view-source to a debug URL like 878 // chrome://crash, however. 879 // TODO(creis): Refactor this method so this duplicated code isn't needed. 880 // See http://crbug.com/123007. 881 if (current_entry && 882 current_entry->IsViewSourceMode() != entry.IsViewSourceMode() && 883 !IsRendererDebugURL(dest_url)) { 884 return SiteInstance::CreateForURL(browser_context, dest_url); 885 } 886 887 // Use the current SiteInstance for same site navigations, as long as the 888 // process type is correct. (The URL may have been installed as an app since 889 // the last time we visited it.) 890 if (SiteInstance::IsSameWebSite(browser_context, current_url, dest_url) && 891 !current_site_instance->HasWrongProcessForURL(dest_url)) { 892 return current_instance; 893 } 894 895 // Start the new renderer in a new SiteInstance, but in the current 896 // BrowsingInstance. It is important to immediately give this new 897 // SiteInstance to a RenderViewHost (if it is different than our current 898 // SiteInstance), so that it is ref counted. This will happen in 899 // CreateRenderView. 900 return current_instance->GetRelatedSiteInstance(dest_url); 901} 902 903scoped_ptr<RenderFrameHostImpl> RenderFrameHostManager::CreateRenderFrameHost( 904 SiteInstance* site_instance, 905 int view_routing_id, 906 int frame_routing_id, 907 bool swapped_out, 908 bool hidden) { 909 if (frame_routing_id == MSG_ROUTING_NONE) 910 frame_routing_id = site_instance->GetProcess()->GetNextRoutingID(); 911 912 // Create a RVH for main frames, or find the existing one for subframes. 913 FrameTree* frame_tree = frame_tree_node_->frame_tree(); 914 RenderViewHostImpl* render_view_host = NULL; 915 if (frame_tree_node_->IsMainFrame()) { 916 render_view_host = frame_tree->CreateRenderViewHostForMainFrame( 917 site_instance, view_routing_id, frame_routing_id, swapped_out, hidden); 918 } else { 919 render_view_host = frame_tree->GetRenderViewHostForSubFrame(site_instance); 920 921 // If we haven't found a RVH for a subframe RFH, it's because we currently 922 // do not create top-level RFHs for pending subframe navigations. Create 923 // the RVH here for now. 924 // TODO(creis): Mirror the frame tree so this check isn't necessary. 925 if (!render_view_host) { 926 render_view_host = frame_tree->CreateRenderViewHostForMainFrame( 927 site_instance, view_routing_id, frame_routing_id, swapped_out, 928 hidden); 929 } 930 } 931 932 // TODO(creis): Pass hidden to RFH. 933 scoped_ptr<RenderFrameHostImpl> render_frame_host = 934 make_scoped_ptr(RenderFrameHostFactory::Create(render_view_host, 935 render_frame_delegate_, 936 frame_tree, 937 frame_tree_node_, 938 frame_routing_id, 939 swapped_out).release()); 940 return render_frame_host.Pass(); 941} 942 943int RenderFrameHostManager::CreateRenderFrame( 944 SiteInstance* instance, 945 int opener_route_id, 946 bool swapped_out, 947 bool hidden) { 948 CHECK(instance); 949 DCHECK(!swapped_out || hidden); // Swapped out views should always be hidden. 950 951 scoped_ptr<RenderFrameHostImpl> new_render_frame_host; 952 RenderFrameHostImpl* frame_to_announce = NULL; 953 int routing_id = MSG_ROUTING_NONE; 954 955 // We are creating a pending or swapped out RFH here. We should never create 956 // it in the same SiteInstance as our current RFH. 957 CHECK_NE(render_frame_host_->GetSiteInstance(), instance); 958 959 // Check if we've already created an RFH for this SiteInstance. If so, try 960 // to re-use the existing one, which has already been initialized. We'll 961 // remove it from the list of swapped out hosts if it commits. 962 RenderFrameProxyHost* proxy = GetRenderFrameProxyHost(instance); 963 964 if (proxy) { 965 routing_id = proxy->GetRenderViewHost()->GetRoutingID(); 966 // Delete the existing RenderFrameProxyHost, but reuse the RenderFrameHost. 967 // Prevent the process from exiting while we're trying to use it. 968 if (!swapped_out) { 969 new_render_frame_host = proxy->PassFrameHostOwnership(); 970 new_render_frame_host->GetProcess()->AddPendingView(); 971 972 proxy_hosts_.erase(instance->GetId()); 973 delete proxy; 974 975 // When a new render view is created by the renderer, the new WebContents 976 // gets a RenderViewHost in the SiteInstance of its opener WebContents. 977 // If not used in the first navigation, this RVH is swapped out and is not 978 // granted bindings, so we may need to grant them when swapping it in. 979 if (pending_web_ui() && 980 !new_render_frame_host->GetProcess()->IsIsolatedGuest()) { 981 int required_bindings = pending_web_ui()->GetBindings(); 982 RenderViewHost* rvh = new_render_frame_host->render_view_host(); 983 if ((rvh->GetEnabledBindings() & required_bindings) != 984 required_bindings) { 985 rvh->AllowBindings(required_bindings); 986 } 987 } 988 } 989 } else { 990 // Create a new RenderFrameHost if we don't find an existing one. 991 new_render_frame_host = CreateRenderFrameHost( 992 instance, MSG_ROUTING_NONE, MSG_ROUTING_NONE, swapped_out, hidden); 993 RenderViewHostImpl* render_view_host = 994 new_render_frame_host->render_view_host(); 995 int proxy_routing_id = MSG_ROUTING_NONE; 996 997 // Prevent the process from exiting while we're trying to navigate in it. 998 // Otherwise, if the new RFH is swapped out already, store it. 999 if (!swapped_out) { 1000 new_render_frame_host->GetProcess()->AddPendingView(); 1001 } else { 1002 proxy = new RenderFrameProxyHost( 1003 new_render_frame_host->GetSiteInstance(), frame_tree_node_); 1004 proxy_hosts_[instance->GetId()] = proxy; 1005 proxy->TakeFrameHostOwnership(new_render_frame_host.Pass()); 1006 proxy_routing_id = proxy->GetRoutingID(); 1007 } 1008 1009 bool success = InitRenderView( 1010 render_view_host, opener_route_id, proxy_routing_id, 1011 frame_tree_node_->IsMainFrame()); 1012 if (success && frame_tree_node_->IsMainFrame()) { 1013 // Don't show the main frame's view until we get a DidNavigate from it. 1014 render_view_host->GetView()->Hide(); 1015 } else if (!swapped_out && pending_render_frame_host_) { 1016 CancelPending(); 1017 } 1018 routing_id = render_view_host->GetRoutingID(); 1019 frame_to_announce = new_render_frame_host.get(); 1020 } 1021 1022 // Use this as our new pending RFH if it isn't swapped out. 1023 if (!swapped_out) 1024 pending_render_frame_host_ = new_render_frame_host.Pass(); 1025 1026 // If a brand new RFH was created, announce it to observers. 1027 if (frame_to_announce) 1028 render_frame_delegate_->RenderFrameCreated(frame_to_announce); 1029 1030 return routing_id; 1031} 1032 1033bool RenderFrameHostManager::InitRenderView(RenderViewHost* render_view_host, 1034 int opener_route_id, 1035 int proxy_routing_id, 1036 bool for_main_frame) { 1037 // We may have initialized this RenderViewHost for another RenderFrameHost. 1038 if (render_view_host->IsRenderViewLive()) 1039 return true; 1040 1041 // If the pending navigation is to a WebUI and the RenderView is not in a 1042 // guest process, tell the RenderViewHost about any bindings it will need 1043 // enabled. 1044 if (pending_web_ui() && !render_view_host->GetProcess()->IsIsolatedGuest()) { 1045 render_view_host->AllowBindings(pending_web_ui()->GetBindings()); 1046 } else { 1047 // Ensure that we don't create an unprivileged RenderView in a WebUI-enabled 1048 // process unless it's swapped out. 1049 RenderViewHostImpl* rvh_impl = 1050 static_cast<RenderViewHostImpl*>(render_view_host); 1051 if (!rvh_impl->IsSwappedOut()) { 1052 CHECK(!ChildProcessSecurityPolicyImpl::GetInstance()->HasWebUIBindings( 1053 render_view_host->GetProcess()->GetID())); 1054 } 1055 } 1056 1057 return delegate_->CreateRenderViewForRenderManager( 1058 render_view_host, opener_route_id, proxy_routing_id, for_main_frame); 1059} 1060 1061void RenderFrameHostManager::CommitPending() { 1062 // First check whether we're going to want to focus the location bar after 1063 // this commit. We do this now because the navigation hasn't formally 1064 // committed yet, so if we've already cleared |pending_web_ui_| the call chain 1065 // this triggers won't be able to figure out what's going on. 1066 bool will_focus_location_bar = delegate_->FocusLocationBarByDefault(); 1067 1068 // We expect SwapOutOldPage to have canceled any modal dialogs and told the 1069 // renderer to suppress any further dialogs until it is swapped out. However, 1070 // crash reports indicate that it's still possible for modal dialogs to exist 1071 // at this point, which poses a risk if we delete their RenderViewHost below. 1072 // Cancel them again to be safe. http://crbug.com/324320. 1073 delegate_->CancelModalDialogsForRenderManager(); 1074 1075 // Next commit the Web UI, if any. Either replace |web_ui_| with 1076 // |pending_web_ui_|, or clear |web_ui_| if there is no pending WebUI, or 1077 // leave |web_ui_| as is if reusing it. 1078 DCHECK(!(pending_web_ui_.get() && pending_and_current_web_ui_.get())); 1079 if (pending_web_ui_) { 1080 web_ui_.reset(pending_web_ui_.release()); 1081 } else if (!pending_and_current_web_ui_.get()) { 1082 web_ui_.reset(); 1083 } else { 1084 DCHECK_EQ(pending_and_current_web_ui_.get(), web_ui_.get()); 1085 pending_and_current_web_ui_.reset(); 1086 } 1087 1088 // It's possible for the pending_render_frame_host_ to be NULL when we aren't 1089 // crossing process boundaries. If so, we just needed to handle the Web UI 1090 // committing above and we're done. 1091 if (!pending_render_frame_host_) { 1092 if (will_focus_location_bar) 1093 delegate_->SetFocusToLocationBar(false); 1094 return; 1095 } 1096 1097 // Remember if the page was focused so we can focus the new renderer in 1098 // that case. 1099 bool focus_render_view = !will_focus_location_bar && 1100 render_frame_host_->render_view_host()->GetView() && 1101 render_frame_host_->render_view_host()->GetView()->HasFocus(); 1102 1103 // TODO(creis): As long as show/hide are on RVH, we don't want to do them for 1104 // subframe navigations or they'll interfere with the top-level page. 1105 bool is_main_frame = frame_tree_node_->IsMainFrame(); 1106 1107 // Swap in the pending frame and make it active. Also ensure the FrameTree 1108 // stays in sync. 1109 scoped_ptr<RenderFrameHostImpl> old_render_frame_host = 1110 SetRenderFrameHost(pending_render_frame_host_.Pass()); 1111 if (is_main_frame) 1112 render_frame_host_->render_view_host()->AttachToFrameTree(); 1113 1114 // The process will no longer try to exit, so we can decrement the count. 1115 render_frame_host_->GetProcess()->RemovePendingView(); 1116 1117 // If the view is gone, then this RenderViewHost died while it was hidden. 1118 // We ignored the RenderProcessGone call at the time, so we should send it now 1119 // to make sure the sad tab shows up, etc. 1120 if (!render_frame_host_->render_view_host()->GetView()) { 1121 delegate_->RenderProcessGoneFromRenderManager( 1122 render_frame_host_->render_view_host()); 1123 } else if (!delegate_->IsHidden()) { 1124 render_frame_host_->render_view_host()->GetView()->Show(); 1125 } 1126 1127 // If the old view is live and top-level, hide it now that the new one is 1128 // visible. 1129 int32 old_site_instance_id = 1130 old_render_frame_host->GetSiteInstance()->GetId(); 1131 if (old_render_frame_host->render_view_host()->GetView()) { 1132 if (is_main_frame) { 1133 old_render_frame_host->render_view_host()->GetView()->Hide(); 1134 old_render_frame_host->render_view_host()->WasSwappedOut(base::Bind( 1135 &RenderFrameHostManager::ClearPendingShutdownRFHForSiteInstance, 1136 weak_factory_.GetWeakPtr(), 1137 old_site_instance_id, 1138 old_render_frame_host.get())); 1139 } else { 1140 // TODO(creis): We'll need to set this back to false if we navigate back. 1141 old_render_frame_host->set_swapped_out(true); 1142 } 1143 } 1144 1145 // Make sure the size is up to date. (Fix for bug 1079768.) 1146 delegate_->UpdateRenderViewSizeForRenderManager(); 1147 1148 if (will_focus_location_bar) { 1149 delegate_->SetFocusToLocationBar(false); 1150 } else if (focus_render_view && 1151 render_frame_host_->render_view_host()->GetView()) { 1152 render_frame_host_->render_view_host()->GetView()->Focus(); 1153 } 1154 1155 // Notify that we've swapped RenderFrameHosts. We do this before shutting down 1156 // the RFH so that we can clean up RendererResources related to the RFH first. 1157 delegate_->NotifySwappedFromRenderManager( 1158 old_render_frame_host.get(), render_frame_host_.get(), is_main_frame); 1159 1160 // If the old RFH is not live, just return as there is no work to do. 1161 if (!old_render_frame_host->render_view_host()->IsRenderViewLive()) { 1162 return; 1163 } 1164 1165 // If the old RFH is live, we are swapping it out and should keep track of 1166 // it in case we navigate back to it, or it is waiting for the unload event 1167 // to execute in the background. 1168 // TODO(creis): Swap out the subframe in --site-per-process. 1169 if (!CommandLine::ForCurrentProcess()->HasSwitch(switches::kSitePerProcess)) 1170 DCHECK(old_render_frame_host->is_swapped_out() || 1171 !RenderViewHostImpl::IsRVHStateActive( 1172 old_render_frame_host->render_view_host()->rvh_state())); 1173 1174 // If the RenderViewHost backing the RenderFrameHost is pending shutdown, 1175 // the RenderFrameHost should be put in the map of RenderFrameHosts pending 1176 // shutdown. Otherwise, it is stored in the map of proxy hosts. 1177 if (old_render_frame_host->render_view_host()->rvh_state() == 1178 RenderViewHostImpl::STATE_PENDING_SHUTDOWN) { 1179 // The proxy for this RenderFrameHost is created when sending the 1180 // SwapOut message, so check if it already exists and delete it. 1181 RenderFrameProxyHostMap::iterator iter = 1182 proxy_hosts_.find(old_site_instance_id); 1183 if (iter != proxy_hosts_.end()) { 1184 delete iter->second; 1185 proxy_hosts_.erase(iter); 1186 } 1187 RFHPendingDeleteMap::iterator pending_delete_iter = 1188 pending_delete_hosts_.find(old_site_instance_id); 1189 if (pending_delete_iter == pending_delete_hosts_.end() || 1190 pending_delete_iter->second.get() != old_render_frame_host) { 1191 pending_delete_hosts_[old_site_instance_id] = 1192 linked_ptr<RenderFrameHostImpl>(old_render_frame_host.release()); 1193 } 1194 } else { 1195 // Capture the active view count on the old RFH SiteInstance, since the 1196 // ownership will be passed into the proxy and the pointer will be invalid. 1197 int active_view_count = 1198 static_cast<SiteInstanceImpl*>(old_render_frame_host->GetSiteInstance()) 1199 ->active_view_count(); 1200 1201 RenderFrameProxyHostMap::iterator iter = 1202 proxy_hosts_.find(old_site_instance_id); 1203 CHECK(iter != proxy_hosts_.end()); 1204 iter->second->TakeFrameHostOwnership(old_render_frame_host.Pass()); 1205 1206 // If there are no active views in this SiteInstance, it means that 1207 // this RFH was the last active one in the SiteInstance. Now that we 1208 // know that all RFHs are swapped out, we can delete all the RFHs and RVHs 1209 // in this SiteInstance. 1210 if (!active_view_count) { 1211 ShutdownRenderFrameHostsInSiteInstance(old_site_instance_id); 1212 } else { 1213 // If this is a subframe, it should have a CrossProcessFrameConnector 1214 // created already and we just need to link it to the proper view in the 1215 // new process. 1216 if (!is_main_frame) { 1217 RenderFrameProxyHost* proxy = GetProxyToParent(); 1218 if (proxy) { 1219 proxy->SetChildRWHView( 1220 render_frame_host_->render_view_host()->GetView()); 1221 } 1222 } 1223 } 1224 } 1225} 1226 1227void RenderFrameHostManager::ShutdownRenderFrameHostsInSiteInstance( 1228 int32 site_instance_id) { 1229 // First remove any swapped out RFH for this SiteInstance from our own list. 1230 ClearProxiesInSiteInstance(site_instance_id, frame_tree_node_); 1231 1232 // Use the safe RenderWidgetHost iterator for now to find all RenderViewHosts 1233 // in the SiteInstance, then tell their respective FrameTrees to remove all 1234 // RenderFrameProxyHosts corresponding to them. 1235 // TODO(creis): Replace this with a RenderFrameHostIterator that protects 1236 // against use-after-frees if a later element is deleted before getting to it. 1237 scoped_ptr<RenderWidgetHostIterator> widgets( 1238 RenderWidgetHostImpl::GetAllRenderWidgetHosts()); 1239 while (RenderWidgetHost* widget = widgets->GetNextHost()) { 1240 if (!widget->IsRenderView()) 1241 continue; 1242 RenderViewHostImpl* rvh = 1243 static_cast<RenderViewHostImpl*>(RenderViewHost::From(widget)); 1244 if (site_instance_id == rvh->GetSiteInstance()->GetId()) { 1245 // This deletes all RenderFrameHosts using the |rvh|, which then causes 1246 // |rvh| to Shutdown. 1247 FrameTree* tree = rvh->GetDelegate()->GetFrameTree(); 1248 tree->ForEach(base::Bind( 1249 &RenderFrameHostManager::ClearProxiesInSiteInstance, 1250 site_instance_id)); 1251 } 1252 } 1253} 1254 1255RenderFrameHostImpl* RenderFrameHostManager::UpdateStateForNavigate( 1256 const NavigationEntryImpl& entry) { 1257 // If we are currently navigating cross-process, we want to get back to normal 1258 // and then navigate as usual. 1259 if (cross_navigation_pending_) { 1260 if (pending_render_frame_host_) 1261 CancelPending(); 1262 cross_navigation_pending_ = false; 1263 } 1264 1265 // render_frame_host_'s SiteInstance and new_instance will not be deleted 1266 // before the end of this method, so we don't have to worry about their ref 1267 // counts dropping to zero. 1268 SiteInstance* current_instance = render_frame_host_->GetSiteInstance(); 1269 SiteInstance* new_instance = current_instance; 1270 1271 // We do not currently swap processes for navigations in webview tag guests. 1272 bool is_guest_scheme = current_instance->GetSiteURL().SchemeIs(kGuestScheme); 1273 1274 // Determine if we need a new BrowsingInstance for this entry. If true, this 1275 // implies that it will get a new SiteInstance (and likely process), and that 1276 // other tabs in the current BrowsingInstance will be unable to script it. 1277 // This is used for cases that require a process swap even in the 1278 // process-per-tab model, such as WebUI pages. 1279 const NavigationEntry* current_entry = 1280 delegate_->GetLastCommittedNavigationEntryForRenderManager(); 1281 bool force_swap = !is_guest_scheme && 1282 ShouldSwapBrowsingInstancesForNavigation(current_entry, &entry); 1283 if (!is_guest_scheme && (ShouldTransitionCrossSite() || force_swap)) 1284 new_instance = GetSiteInstanceForEntry(entry, current_instance, force_swap); 1285 1286 // If force_swap is true, we must use a different SiteInstance. If we didn't, 1287 // we would have two RenderFrameHosts in the same SiteInstance and the same 1288 // frame, resulting in page_id conflicts for their NavigationEntries. 1289 if (force_swap) 1290 CHECK_NE(new_instance, current_instance); 1291 1292 if (new_instance != current_instance) { 1293 // New SiteInstance: create a pending RFH to navigate. 1294 DCHECK(!cross_navigation_pending_); 1295 1296 // This will possibly create (set to NULL) a Web UI object for the pending 1297 // page. We'll use this later to give the page special access. This must 1298 // happen before the new renderer is created below so it will get bindings. 1299 // It must also happen after the above conditional call to CancelPending(), 1300 // otherwise CancelPending may clear the pending_web_ui_ and the page will 1301 // not have its bindings set appropriately. 1302 SetPendingWebUI(entry); 1303 1304 // Ensure that we have created RFHs for the new RFH's opener chain if 1305 // we are staying in the same BrowsingInstance. This allows the pending RFH 1306 // to send cross-process script calls to its opener(s). 1307 int opener_route_id = MSG_ROUTING_NONE; 1308 if (new_instance->IsRelatedSiteInstance(current_instance)) { 1309 opener_route_id = 1310 delegate_->CreateOpenerRenderViewsForRenderManager(new_instance); 1311 } 1312 1313 // Create a non-swapped-out pending RFH with the given opener and navigate 1314 // it. 1315 int route_id = CreateRenderFrame(new_instance, opener_route_id, false, 1316 delegate_->IsHidden()); 1317 if (route_id == MSG_ROUTING_NONE) 1318 return NULL; 1319 1320 // Check if our current RFH is live before we set up a transition. 1321 if (!render_frame_host_->render_view_host()->IsRenderViewLive()) { 1322 if (!cross_navigation_pending_) { 1323 // The current RFH is not live. There's no reason to sit around with a 1324 // sad tab or a newly created RFH while we wait for the pending RFH to 1325 // navigate. Just switch to the pending RFH now and go back to non 1326 // cross-navigating (Note that we don't care about on{before}unload 1327 // handlers if the current RFH isn't live.) 1328 CommitPending(); 1329 return render_frame_host_.get(); 1330 } else { 1331 NOTREACHED(); 1332 return render_frame_host_.get(); 1333 } 1334 } 1335 // Otherwise, it's safe to treat this as a pending cross-site transition. 1336 1337 // We need to wait until the beforeunload handler has run, unless we are 1338 // transferring an existing request (in which case it has already run). 1339 // Suspend the new render view (i.e., don't let it send the cross-site 1340 // Navigate message) until we hear back from the old renderer's 1341 // beforeunload handler. If the handler returns false, we'll have to 1342 // cancel the request. 1343 DCHECK(!pending_render_frame_host_->render_view_host()-> 1344 are_navigations_suspended()); 1345 bool is_transfer = 1346 entry.transferred_global_request_id() != GlobalRequestID(); 1347 if (is_transfer) { 1348 // We don't need to stop the old renderer or run beforeunload/unload 1349 // handlers, because those have already been done. 1350 DCHECK(pending_nav_params_->global_request_id == 1351 entry.transferred_global_request_id()); 1352 } else { 1353 // Also make sure the old render view stops, in case a load is in 1354 // progress. (We don't want to do this for transfers, since it will 1355 // interrupt the transfer with an unexpected DidStopLoading.) 1356 render_frame_host_->render_view_host()->Send(new ViewMsg_Stop( 1357 render_frame_host_->render_view_host()->GetRoutingID())); 1358 1359 pending_render_frame_host_->render_view_host()->SetNavigationsSuspended( 1360 true, base::TimeTicks()); 1361 1362 // Tell the CrossSiteRequestManager that this RVH has a pending cross-site 1363 // request, so that ResourceDispatcherHost will know to tell us to run the 1364 // old page's unload handler before it sends the response. 1365 // TODO(creis): This needs to be on the RFH. 1366 pending_render_frame_host_->render_view_host()-> 1367 SetHasPendingCrossSiteRequest(true); 1368 } 1369 1370 // We now have a pending RFH. 1371 DCHECK(!cross_navigation_pending_); 1372 cross_navigation_pending_ = true; 1373 1374 // Unless we are transferring an existing request, we should now 1375 // tell the old render view to run its beforeunload handler, since it 1376 // doesn't otherwise know that the cross-site request is happening. This 1377 // will trigger a call to OnBeforeUnloadACK with the reply. 1378 if (!is_transfer) 1379 render_frame_host_->DispatchBeforeUnload(true); 1380 1381 return pending_render_frame_host_.get(); 1382 } 1383 1384 // Otherwise the same SiteInstance can be used. Navigate render_frame_host_. 1385 DCHECK(!cross_navigation_pending_); 1386 if (ShouldReuseWebUI(current_entry, &entry)) { 1387 pending_web_ui_.reset(); 1388 pending_and_current_web_ui_ = web_ui_->AsWeakPtr(); 1389 } else { 1390 SetPendingWebUI(entry); 1391 1392 // Make sure the new RenderViewHost has the right bindings. 1393 if (pending_web_ui() && 1394 !render_frame_host_->GetProcess()->IsIsolatedGuest()) { 1395 render_frame_host_->render_view_host()->AllowBindings( 1396 pending_web_ui()->GetBindings()); 1397 } 1398 } 1399 1400 if (pending_web_ui() && 1401 render_frame_host_->render_view_host()->IsRenderViewLive()) { 1402 pending_web_ui()->GetController()->RenderViewReused( 1403 render_frame_host_->render_view_host()); 1404 } 1405 1406 // The renderer can exit view source mode when any error or cancellation 1407 // happen. We must overwrite to recover the mode. 1408 if (entry.IsViewSourceMode()) { 1409 render_frame_host_->render_view_host()->Send( 1410 new ViewMsg_EnableViewSourceMode( 1411 render_frame_host_->render_view_host()->GetRoutingID())); 1412 } 1413 1414 return render_frame_host_.get(); 1415} 1416 1417void RenderFrameHostManager::CancelPending() { 1418 scoped_ptr<RenderFrameHostImpl> pending_render_frame_host = 1419 pending_render_frame_host_.Pass(); 1420 1421 RenderViewDevToolsAgentHost::OnCancelPendingNavigation( 1422 pending_render_frame_host->render_view_host(), 1423 render_frame_host_->render_view_host()); 1424 1425 // We no longer need to prevent the process from exiting. 1426 pending_render_frame_host->GetProcess()->RemovePendingView(); 1427 1428 // If the SiteInstance for the pending RFH is being used by others, don't 1429 // delete the RFH, just swap it out and it can be reused at a later point. 1430 SiteInstanceImpl* site_instance = static_cast<SiteInstanceImpl*>( 1431 pending_render_frame_host->GetSiteInstance()); 1432 if (site_instance->active_view_count() > 1) { 1433 // Any currently suspended navigations are no longer needed. 1434 pending_render_frame_host->render_view_host()->CancelSuspendedNavigations(); 1435 1436 RenderFrameProxyHost* proxy = 1437 new RenderFrameProxyHost(site_instance, frame_tree_node_); 1438 proxy_hosts_[site_instance->GetId()] = proxy; 1439 pending_render_frame_host->SwapOut(proxy); 1440 proxy->TakeFrameHostOwnership(pending_render_frame_host.Pass()); 1441 } else { 1442 // We won't be coming back, so delete this one. 1443 pending_render_frame_host.reset(); 1444 } 1445 1446 pending_web_ui_.reset(); 1447 pending_and_current_web_ui_.reset(); 1448} 1449 1450scoped_ptr<RenderFrameHostImpl> RenderFrameHostManager::SetRenderFrameHost( 1451 scoped_ptr<RenderFrameHostImpl> render_frame_host) { 1452 // Swap the two. 1453 scoped_ptr<RenderFrameHostImpl> old_render_frame_host = 1454 render_frame_host_.Pass(); 1455 render_frame_host_ = render_frame_host.Pass(); 1456 1457 if (frame_tree_node_->IsMainFrame()) { 1458 // Update the count of top-level frames using this SiteInstance. All 1459 // subframes are in the same BrowsingInstance as the main frame, so we only 1460 // count top-level ones. This makes the value easier for consumers to 1461 // interpret. 1462 if (render_frame_host_) { 1463 static_cast<SiteInstanceImpl*>(render_frame_host_->GetSiteInstance())-> 1464 IncrementRelatedActiveContentsCount(); 1465 } 1466 if (old_render_frame_host) { 1467 static_cast<SiteInstanceImpl*>(old_render_frame_host->GetSiteInstance())-> 1468 DecrementRelatedActiveContentsCount(); 1469 } 1470 } 1471 1472 return old_render_frame_host.Pass(); 1473} 1474 1475bool RenderFrameHostManager::IsRVHOnSwappedOutList( 1476 RenderViewHostImpl* rvh) const { 1477 RenderFrameProxyHost* proxy = GetRenderFrameProxyHost( 1478 rvh->GetSiteInstance()); 1479 if (!proxy) 1480 return false; 1481 return IsOnSwappedOutList(proxy->render_frame_host()); 1482} 1483 1484bool RenderFrameHostManager::IsOnSwappedOutList( 1485 RenderFrameHostImpl* rfh) const { 1486 if (!rfh->GetSiteInstance()) 1487 return false; 1488 1489 RenderFrameProxyHostMap::const_iterator iter = proxy_hosts_.find( 1490 rfh->GetSiteInstance()->GetId()); 1491 if (iter == proxy_hosts_.end()) 1492 return false; 1493 1494 return iter->second->render_frame_host() == rfh; 1495} 1496 1497RenderViewHostImpl* RenderFrameHostManager::GetSwappedOutRenderViewHost( 1498 SiteInstance* instance) const { 1499 RenderFrameProxyHost* proxy = GetRenderFrameProxyHost(instance); 1500 if (proxy) 1501 return proxy->GetRenderViewHost(); 1502 return NULL; 1503} 1504 1505RenderFrameProxyHost* RenderFrameHostManager::GetRenderFrameProxyHost( 1506 SiteInstance* instance) const { 1507 RenderFrameProxyHostMap::const_iterator iter = 1508 proxy_hosts_.find(instance->GetId()); 1509 if (iter != proxy_hosts_.end()) 1510 return iter->second; 1511 1512 return NULL; 1513} 1514 1515} // namespace content 1516