| blob | 615bc712ec2f92ec5ca1d915be695234f8757b3e |
1 // Copyright 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
7 #include <utility>
45 // static
49 }
66 }
72 // We should always have a current RenderFrameHost except in some tests.
75 // Delete any swapped out RenderFrameHosts.
77 }
83 // Create a RenderViewHost and RenderFrameHost, once we have an instance. It
84 // is important to immediately give this SiteInstance to a RenderViewHost so
85 // that the SiteInstance is ref counted.
93 // Keep track of renderer processes as they start to shut down or are
94 // crashed/killed.
99 }
105 }
111 }
119 }
135 }
140 }
146 // If we have assigned (zero or more) bindings to this NavigationEntry in the
147 // past, make sure we're not granting it different bindings than it had
148 // before. If so, note it and don't give it any bindings, to avoid a
149 // potential privilege escalation.
154 }
156 }
162 // Create a pending RenderFrameHost to use for the navigation.
172 // If the current render_frame_host_ isn't live, we should create it so
173 // that we don't show a sad tab while the dest_render_frame_host fetches
174 // its first page. (Bug 1145340)
177 // Note: we don't call InitRenderView here because we are navigating away
178 // soon anyway, and we don't have the NavigationEntry for this host.
182 }
184 // If the renderer crashed, then try to create a new one to satisfy this
185 // navigation request.
187 // Instruct the destination render frame host to set up a Mojo connection
188 // with the new render frame if necessary. Note that this call needs to
189 // occur before initializing the RenderView; the flow of creating the
190 // RenderView can cause browser-side code to execute that expects the this
191 // RFH's ServiceRegistry to be initialized (e.g., if the site is a WebUI
192 // site that is handled via Mojo, then Mojo WebUI code in //chrome will
193 // add a service to this RFH's ServiceRegistry).
196 // Recreate the opener chain.
200 opener_route_id,
201 MSG_ROUTING_NONE,
205 // Now that we've created a new renderer, be sure to hide it if it isn't
206 // our primary one. Otherwise, we might crash if we try to call Show()
207 // on it later.
212 // Notify here as we won't be calling CommitPending (which does the
213 // notify).
216 }
217 }
219 // If entry includes the request ID of a request that is being transferred,
220 // the destination render frame will take ownership, so release ownership of
221 // the request.
226 }
229 }
234 // If we are cross-navigating, we should stop the pending renderers. This
235 // will lead to a DidFailProvisionalLoad, which will properly destroy them.
239 }
240 }
246 }
249 // If we're waiting for a close ACK, then the tab should close whether there's
250 // a navigation in progress or not. Unfortunately, we also need to check for
251 // cases that we arrive here with no navigation in progress, since there are
252 // some tab closure paths that don't set is_waiting_for_close_ack to true.
253 // TODO(creis): Clean this up in http://crbug.com/418266.
258 // We should always have a pending RFH when there's a cross-process navigation
259 // in progress. Sanity check this for http://crbug.com/276333.
262 // Unload handlers run in the background, so we should never get an
263 // unresponsiveness warning for them.
266 // If the tab becomes unresponsive during beforeunload while doing a
267 // cross-site navigation, proceed with the navigation. (This assumes that
268 // the pending RenderFrameHost is still responsive.)
270 // Haven't gotten around to starting the request, because we're still
271 // waiting for the beforeunload handler to finish. We'll pretend that it
272 // did finish, to let the navigation proceed. Note that there's a danger
273 // that the beforeunload handler will later finish and possibly return
274 // false (meaning the navigation should not proceed), but we'll ignore it
275 // in this case because it took too long.
279 }
280 }
282 }
289 // Ignore if we're not in a cross-site navigation.
294 // Ok to unload the current page, so proceed with the cross-site
295 // navigation. Note that if navigations are not currently suspended, it
296 // might be because the renderer was deemed unresponsive and this call was
297 // already made by ShouldCloseTabOnUnresponsiveRenderer. In that case, it
298 // is ok to do nothing here.
302 proceed_time);
303 }
305 // Current page says to cancel.
308 }
310 // Non-cross site transition means closing the entire tab.
316 // If we're about to close the tab and there's a pending RFH, cancel it.
317 // Otherwise, if the navigation in the pending RFH completes before the
318 // close in the current RFH, we'll lose the tab close.
322 }
324 // This is not a cross-site navigation, the tab is being closed.
326 }
327 }
328 }
338 // We should only get here for transfer navigations. Most cross-process
339 // navigations can just continue and wait to run the unload handler (by
340 // swapping out) when the new navigation commits.
343 // A transfer should only have come from our pending or current RFH.
344 // TODO(creis): We need to handle the case that the pending RFH has changed
345 // in the mean time, while this was being posted from the IO thread. We
346 // should probably cancel the request in that case.
350 // Store the transferring request so that we can release it if the transfer
351 // navigation matches.
354 // Sanity check that the params are for the correct frame and process.
355 // These should match the RenderFrameHost that made the request.
356 // If it started as a cross-process navigation via OpenURL, this is the
357 // pending one. If it wasn't cross-process until the transfer, this is the
358 // current one.
368 // Treat the last URL in the chain as the destination and the remainder as
369 // the redirect chain.
375 // We don't know whether the original request had |user_action| set to true.
376 // However, since we force the navigation to be in the current tab, it
377 // doesn't matter.
383 // The transferring request was only needed during the RequestTransferURL
384 // call, so it is safe to clear at this point.
386 }
394 }
406 }
410 }
418 // We should only hear this from our current renderer.
421 // Even when there is no pending RVH, there may be a pending Web UI.
425 }
428 // The pending cross-site navigation completed, so show the renderer.
433 // A navigation in the original page has taken place. Cancel the pending
434 // one. Only do it for user gesture originated navigations to prevent
435 // page doing any shenanigans to prevent user from navigating.
436 // See https://code.google.com/p/chromium/issues/detail?id=75195
439 }
441 // No one else should be sending us DidNavigate in this state.
443 }
444 }
448 // Notify all RenderFrameHosts but the one that notified us. This is necessary
449 // in case a process swap has occurred while the message was in flight.
456 }
464 }
465 }
469 // Remove any swapped out RVHs from this process, so that we don't try to
470 // swap them back in while the process is exiting. Start by finding them,
471 // since there could be more than one.
478 }
480 // Now delete them.
485 }
486 }
493 // Tell the renderer to suppress any further modal dialogs so that we can swap
494 // it out. This must be done before canceling any current dialog, in case
495 // there is a loop creating additional dialogs.
496 // TODO(creis): Handle modal dialogs in subframe processes.
499 // Now close any modal dialogs that would prevent us from swapping out. This
500 // must be done separately from SwapOut, so that the PageGroupLoadDeferrer is
501 // no longer on the stack when we send the SwapOut message.
504 // If the old RFH is not live, just return as there is no further work to do.
505 // It will be deleted and there will be no proxy created.
506 int32 old_site_instance_id =
511 }
513 // If there are no active frames besides this one, we can delete the old
514 // RenderFrameHost once it runs its unload handler, without replacing it with
515 // a proxy.
519 // Tell the old RenderFrameHost to swap out, with no proxy to replace it.
523 // Also clear out any proxies from this SiteInstance, in case this was the
524 // last one keeping other proxies alive.
528 }
530 // Otherwise there are active views and we need a proxy for the old RFH.
531 // (There should not be one yet.)
538 // Tell the old RenderFrameHost to swap out and be replaced by the proxy.
544 // In --site-per-process, subframes delete their RFH rather than storing it
545 // in the proxy. Schedule it for deletion once the SwapOutACK comes in.
546 // TODO(creis): This will be the default when we remove swappedout://.
549 // We shouldn't get here for subframes, since we only swap subframes when
550 // --site-per-process is used.
553 // The old RenderFrameHost will stay alive inside the proxy so that existing
554 // JavaScript window references to it stay valid.
556 }
557 }
561 // TODO(carlosk): this code is very similar to what can be found in
562 // SwapOutOldFrame and we should see that these are unified at some point.
564 // If the SiteInstance for the pending RFH is being used by others don't
565 // delete the RFH. Just swap it out and it can be reused at a later point.
568 // Any currently suspended navigations are no longer needed.
578 // We won't be coming back, so delete this one.
580 }
581 }
585 // |render_frame_host| will be deleted when its SwapOut ACK is received, or
586 // when the timer times out, or when the RFHM itself is deleted (whichever
587 // comes first).
590 }
597 }
599 }
605 iter++) {
609 }
610 }
612 }
616 }
618 // PlzNavigate
624 // TODO(clamy): When we handle renderer initiated navigations, make sure not
625 // to use a different process for subframes if --site-per-process is not
626 // enabled.
628 // Pick the right RenderFrameHost to commit the navigation.
629 // TODO(clamy): Replace the default values by the right ones.
634 // If the renderer that needs to navigate is not live (it was just created or
635 // it crashed), initialize it.
637 // Recreate the opener chain.
641 opener_route_id,
642 MSG_ROUTING_NONE,
645 }
646 }
648 }
663 }
664 }
666 // static
668 int32 site_instance_id,
674 // Delete the proxy. If it is for a main frame (and thus the RFH is stored
675 // in the proxy) and it was still pending swap out, move the RFH to the
676 // pending deletion list first.
683 }
686 }
689 }
692 // False in the single-process mode, as it makes RVHs to accumulate
693 // in swapped_out_hosts_.
694 // True if we are using process-per-site-instance (default) or
695 // process-per-site (kProcessPerSite).
696 return
699 }
707 // If new_entry already has a SiteInstance, assume it is correct. We only
708 // need to force a swap if it is in a different BrowsingInstance.
712 }
714 // Check for reasons to swap processes even if we are in a process model that
715 // doesn't usually swap (e.g., process-per-tab). Any time we return true,
716 // the new_entry will be rendered in a new SiteInstance AND BrowsingInstance.
720 // Don't force a new BrowsingInstance for debug URLs that are handled in the
721 // renderer process, like javascript: or chrome://crash.
725 // For security, we should transition between processes when one is a Web UI
726 // page and one isn't.
731 // If so, force a swap if destination is not an acceptable URL for Web UI.
732 // Here, data URLs are never allowed.
736 }
738 // Force a swap if it's a Web UI URL.
742 }
743 }
745 // Check with the content client as well. Important to pass
746 // current_effective_url here, which uses the SiteInstance's site if there is
747 // no current_entry.
752 }
754 // We can't switch a RenderView between view source and non-view source mode
755 // without screwing up the session history sometimes (when navigating between
756 // "view-source:http://foo.com/" and "http://foo.com/", Blink doesn't treat
757 // it as a new navigation). So require a BrowsingInstance switch.
762 }
774 }
786 // We do not currently swap processes for navigations in webview tag guests.
790 // Determine if we need a new BrowsingInstance for this entry. If true, this
791 // implies that it will get a new SiteInstance (and likely process), and that
792 // other tabs in the current BrowsingInstance will be unable to script it.
793 // This is used for cases that require a process swap even in the
794 // process-per-tab model, such as WebUI pages.
795 // TODO(clamy): Remove the dependency on the current entry.
807 current_effective_url,
808 current_is_view_source_mode,
809 dest_instance,
811 dest_is_view_source_mode);
816 }
818 // If force_swap is true, we must use a different SiteInstance. If we didn't,
819 // we would have two RenderFrameHosts in the same SiteInstance and the same
820 // frame, resulting in page_id conflicts for their NavigationEntries.
824 }
839 // If the entry has an instance already we should use it.
841 // If we are forcing a swap, this should be in a different BrowsingInstance.
845 }
847 }
849 // If a swap is required, we need to force the SiteInstance AND
850 // BrowsingInstance to be different ones, using CreateForURL.
854 // (UGLY) HEURISTIC, process-per-site only:
855 //
856 // If this navigation is generated, then it probably corresponds to a search
857 // query. Given that search results typically lead to users navigating to
858 // other sites, we don't really want to use the search engine hostname to
859 // determine the site instance for this navigation.
860 //
861 // NOTE: This can be removed once we have a way to transition between
862 // RenderViews in response to a link click.
863 //
868 }
873 // If we haven't used our SiteInstance (and thus RVH) yet, then we can use it
874 // for this entry. We won't commit the SiteInstance to this site until the
875 // navigation commits (in DidNavigate), unless the navigation entry was
876 // restored or it's a Web UI as described below.
878 // If we've already created a SiteInstance for our destination, we don't
879 // want to use this unused SiteInstance; use the existing one. (We don't
880 // do this check if the current_instance has a site, because for now, we
881 // want to compare against the current URL and not the SiteInstance's site.
882 // In this case, there is no current URL, so comparing against the site is
883 // ok. See additional comments below.)
884 //
885 // Also, if the URL should use process-per-site mode and there is an
886 // existing process for the site, we should use it. We can call
887 // GetRelatedSiteInstance() for this, which will eagerly set the site and
888 // thus use the correct process.
893 use_process_per_site) {
895 }
897 // For extensions, Web UI URLs (such as the new tab page), and apps we do
898 // not want to use the current_instance if it has no site, since it will
899 // have a RenderProcessHost of PRIV_NORMAL. Create a new SiteInstance for
900 // this URL instead (with the correct process type).
904 // View-source URLs must use a new SiteInstance and BrowsingInstance.
905 // TODO(nasko): This is the same condition as later in the function. This
906 // should be taken into account when refactoring this method as part of
907 // http://crbug.com/123007.
911 // If we are navigating from a blank SiteInstance to a WebUI, make sure we
912 // create a new SiteInstance.
916 }
918 // Normally the "site" on the SiteInstance is set lazily when the load
919 // actually commits. This is to support better process sharing in case
920 // the site redirects to some other site: we want to use the destination
921 // site in the site instance.
922 //
923 // In the case of session restore, as it loads all the pages immediately
924 // we need to set the site first, otherwise after a restore none of the
925 // pages would share renderers in process-per-site.
926 //
927 // The embedder can request some urls never to be assigned to SiteInstance
928 // through the ShouldAssignSiteForURL() content client method, so that
929 // renderers created for particular chrome urls (e.g. the chrome-native://
930 // scheme) can be reused for subsequent navigations in the same WebContents.
931 // See http://crbug.com/386542.
935 }
938 }
940 // Otherwise, only create a new SiteInstance for a cross-site navigation.
942 // TODO(creis): Once we intercept links and script-based navigations, we
943 // will be able to enforce that all entries in a SiteInstance actually have
944 // the same site, and it will be safe to compare the URL against the
945 // SiteInstance's site, as follows:
946 // const GURL& current_url = current_instance->site();
947 // For now, though, we're in a hybrid model where you only switch
948 // SiteInstances if you type in a cross-site URL. This means we have to
949 // compare the entry's URL to the last committed entry's URL.
952 // The interstitial is currently the last committed entry, but we want to
953 // compare against the last non-interstitial entry.
955 }
957 // View-source URLs must use a new SiteInstance and BrowsingInstance.
958 // We don't need a swap when going from view-source to a debug URL like
959 // chrome://crash, however.
960 // TODO(creis): Refactor this method so this duplicated code isn't needed.
961 // See http://crbug.com/123007.
966 }
968 // Use the source SiteInstance in case of data URLs or about:blank pages,
969 // because the content is then controlled and/or scriptable by the source
970 // SiteInstance.
976 // Use the current SiteInstance for same site navigations, as long as the
977 // process type is correct. (The URL may have been installed as an app since
978 // the last time we visited it.)
984 }
986 // Start the new renderer in a new SiteInstance, but in the current
987 // BrowsingInstance. It is important to immediately give this new
988 // SiteInstance to a RenderViewHost (if it is different than our current
989 // SiteInstance), so that it is ref counted. This will happen in
990 // CreateRenderView.
992 }
996 // If this is a subframe that is potentially out of process from its parent,
997 // don't consider using current_entry's url for SiteInstance selection, since
998 // current_entry's url is for the main frame and may be in a different site
999 // than this frame.
1000 // TODO(creis): Remove this when we can check the FrameNavigationEntry's url.
1001 // See http://crbug.com/369654
1006 // If there is no last non-interstitial entry (and current_instance already
1007 // has a site), then we must have been opened from another tab. We want
1008 // to compare against the URL of the page that opened us, but we can't
1009 // get to it directly. The best we can do is check against the site of
1010 // the SiteInstance. This will be correct when we intercept links and
1011 // script-based navigations, but for now, it could place some pages in a
1012 // new process unnecessarily. We should only hit this case if a page tries
1013 // to open a new tab to an interstitial-inducing URL, and then navigates
1014 // the page to a different same-site URL. (This seems very unlikely in
1015 // practice.)
1019 }
1038 // Create a non-swapped-out RFH with the given opener.
1039 pending_render_frame_host_ =
1042 }
1049 opener_route_id =
1053 // Ensure that the frame tree has RenderFrameProxyHosts for the new
1054 // SiteInstance in all nodes except the current one.
1057 }
1058 }
1060 }
1073 // Create a RVH for main frames, or find the existing one for subframes.
1083 }
1085 // TODO(creis): Pass hidden to RFH.
1091 }
1101 // Swapped out views should always be hidden.
1104 // TODO(nasko): Remove the following CHECK once cross-site navigation no
1105 // longer relies on swapped out RFH for the top-level frame.
1108 }
1115 // We are creating a pending or swapped out RFH here. We should never create
1116 // it in the same SiteInstance as our current RFH.
1119 // Check if we've already created an RFH for this SiteInstance. If so, try
1120 // to re-use the existing one, which has already been initialized. We'll
1121 // remove it from the list of proxy hosts below if it will be active.
1126 // Delete the existing RenderFrameProxyHost, but reuse the RenderFrameHost.
1127 // Prevent the process from exiting while we're trying to use it.
1135 // When a new render view is created by the renderer, the new WebContents
1136 // gets a RenderViewHost in the SiteInstance of its opener WebContents.
1137 // If not used in the first navigation, this RVH is swapped out and is not
1138 // granted bindings, so we may need to grant them when swapping it in.
1144 required_bindings) {
1146 }
1147 }
1148 }
1150 // Create a new RenderFrameHost if we don't find an existing one.
1157 // Prevent the process from exiting while we're trying to navigate in it.
1158 // Otherwise, if the new RFH is swapped out already, store it.
1168 }
1170 success =
1175 // Don't show the main frame's view until we get a DidNavigate from it.
1178 // Init the RFH, so a RenderFrame is created in the renderer.
1181 }
1185 // If a brand new RFH was created, announce it to observers.
1189 }
1190 }
1191 }
1192 }
1194 // Returns the new RFH if it isn't swapped out.
1198 }
1200 }
1203 // A RenderFrameProxyHost should never be created in the same SiteInstance as
1204 // the current RFH.
1216 }
1223 // We may have initialized this RenderViewHost for another RenderFrameHost.
1227 // If the pending navigation is to a WebUI and the RenderView is not in a
1228 // guest process, tell the RenderViewHost about any bindings it will need
1229 // enabled.
1233 // Ensure that we don't create an unprivileged RenderView in a WebUI-enabled
1234 // process unless it's swapped out.
1238 }
1239 }
1242 opener_route_id,
1243 proxy_routing_id,
1244 for_main_frame_navigation);
1245 }
1258 }
1259 // Check whether there is an existing proxy for this frame in this
1260 // SiteInstance. If there is, the new RenderFrame needs to be able to find
1261 // the proxy it is replacing, so that it can fully initialize itself.
1262 // NOTE: This is the only time that a RenderFrameProxyHost can be in the same
1263 // SiteInstance as its RenderFrameHost. This is only the case until the
1264 // RenderFrameHost commits, at which point it will replace and delete the
1265 // RenderFrameProxyHost.
1271 }
1273 parent_routing_id,
1274 proxy_routing_id);
1275 }
1288 }
1293 // First check whether we're going to want to focus the location bar after
1294 // this commit. We do this now because the navigation hasn't formally
1295 // committed yet, so if we've already cleared |pending_web_ui_| the call chain
1296 // this triggers won't be able to figure out what's going on.
1299 // Next commit the Web UI, if any. Either replace |web_ui_| with
1300 // |pending_web_ui_|, or clear |web_ui_| if there is no pending WebUI, or
1301 // leave |web_ui_| as is if reusing it.
1310 }
1312 // It's possible for the pending_render_frame_host_ to be NULL when we aren't
1313 // crossing process boundaries. If so, we just needed to handle the Web UI
1314 // committing above and we're done.
1319 }
1321 // Remember if the page was focused so we can focus the new renderer in
1322 // that case.
1329 // Swap in the pending frame and make it active. Also ensure the FrameTree
1330 // stays in sync.
1336 // The process will no longer try to exit, so we can decrement the count.
1339 // Show the new view (or a sad tab) if necessary.
1342 // In most cases, we need to show the new view.
1344 }
1346 // If the view is gone, then this RenderViewHost died while it was hidden.
1347 // We ignored the RenderProcessGone call at the time, so we should send it
1348 // now to make sure the sad tab shows up, etc.
1353 }
1355 // For top-level frames, also hide the old RenderViewHost's view.
1356 // TODO(creis): As long as show/hide are on RVH, we don't want to hide on
1357 // subframe navigations or we will interfere with the top-level frame.
1361 // Make sure the size is up to date. (Fix for bug 1079768.)
1369 }
1371 // Notify that we've swapped RenderFrameHosts. We do this before shutting down
1372 // the RFH so that we can clean up RendererResources related to the RFH first.
1376 // Swap out the old frame now that the new one is visible.
1377 // This will swap it out and then put it on the proxy list (if there are other
1378 // active views in its SiteInstance) or schedule it for deletion when the swap
1379 // out ack arrives (or immediately if the process isn't live).
1380 // In the --site-per-process case, old subframe RHFs are not kept alive inside
1381 // the proxy.
1386 // If this is a subframe, it should have a CrossProcessFrameConnector
1387 // created already. Use it to link the new RFH's view to the proxy that
1388 // belongs to the parent frame's SiteInstance.
1389 // Note: We do this after swapping out the old RFH because that may create
1390 // the proxy we're looking for.
1395 }
1397 // Since the new RenderFrameHost is now committed, there must be no proxies
1398 // for its SiteInstance. Delete any existing ones.
1404 }
1405 }
1407 // After all is done, there must never be a proxy in the list which has the
1408 // same SiteInstance as the current RenderFrameHost.
1411 }
1414 int32 site_instance_id) {
1415 // First remove any swapped out RFH for this SiteInstance from our own list.
1418 // Use the safe RenderWidgetHost iterator for now to find all RenderViewHosts
1419 // in the SiteInstance, then tell their respective FrameTrees to remove all
1420 // RenderFrameProxyHosts corresponding to them.
1421 // TODO(creis): Replace this with a RenderFrameHostIterator that protects
1422 // against use-after-frees if a later element is deleted before getting to it.
1431 // This deletes all RenderFrameHosts using the |rvh|, which then causes
1432 // |rvh| to Shutdown.
1436 site_instance_id));
1437 }
1438 }
1439 }
1450 // If we are currently navigating cross-process, we want to get back to normal
1451 // and then navigate as usual.
1456 }
1470 TRACE_EVENT_SCOPE_THREAD,
1474 // New SiteInstance: create a pending RFH to navigate.
1477 // This will possibly create (set to NULL) a Web UI object for the pending
1478 // page. We'll use this later to give the page special access. This must
1479 // happen before the new renderer is created below so it will get bindings.
1480 // It must also happen after the above conditional call to CancelPending(),
1481 // otherwise CancelPending may clear the pending_web_ui_ and the page will
1482 // not have its bindings set appropriately.
1488 }
1490 // Check if our current RFH is live before we set up a transition.
1493 // The current RFH is not live. There's no reason to sit around with a
1494 // sad tab or a newly created RFH while we wait for the pending RFH to
1495 // navigate. Just switch to the pending RFH now and go back to non
1496 // cross-navigating (Note that we don't care about on{before}unload
1497 // handlers if the current RFH isn't live.)
1503 }
1504 }
1505 // Otherwise, it's safe to treat this as a pending cross-site transition.
1507 // We now have a pending RFH.
1511 // PlzNavigate: There is no notion of transfer navigations, and the old
1512 // renderer before unload handler has already run at that point, so return
1513 // here.
1517 }
1519 // We need to wait until the beforeunload handler has run, unless we are
1520 // transferring an existing request (in which case it has already run).
1521 // Suspend the new render view (i.e., don't let it send the cross-site
1522 // Navigate message) until we hear back from the old renderer's
1523 // beforeunload handler. If the handler returns false, we'll have to
1524 // cancel the request.
1525 //
1529 // We don't need to stop the old renderer or run beforeunload/unload
1530 // handlers, because those have already been done.
1532 transferred_request_id);
1534 // Also make sure the old render view stops, in case a load is in
1535 // progress. (We don't want to do this for transfers, since it will
1536 // interrupt the transfer with an unexpected DidStopLoading.)
1541 // Unless we are transferring an existing request, we should now tell the
1542 // old render view to run its beforeunload handler, since it doesn't
1543 // otherwise know that the cross-site request is happening. This will
1544 // trigger a call to OnBeforeUnloadACK with the reply.
1546 }
1549 }
1551 // Otherwise the same SiteInstance can be used. Navigate render_frame_host_.
1554 // It's possible to swap out the current RFH and then decide to navigate in it
1555 // anyway (e.g., a cross-process navigation that redirects back to the
1556 // original site). In that case, we have a proxy for the current RFH but
1557 // haven't deleted it yet. The new navigation will swap it back in, so we can
1558 // delete the proxy.
1566 // Make sure the new RenderViewHost has the right bindings.
1571 }
1572 }
1577 }
1579 // The renderer can exit view source mode when any error or cancellation
1580 // happen. We must overwrite to recover the mode.
1585 }
1588 }
1594 }
1605 // We no longer need to prevent the process from exiting.
1612 }
1616 // Swap the two.
1622 // Update the count of top-level frames using this SiteInstance. All
1623 // subframes are in the same BrowsingInstance as the main frame, so we only
1624 // count top-level ones. This makes the value easier for consumers to
1625 // interpret.
1629 }
1633 }
1634 }
1637 }
1645 // If there is a proxy without RFH, it is for a subframe in the SiteInstance
1646 // of |rvh|. Subframes should be ignored in this case.
1650 }
1663 }
1671 }
1681 }
1689 }
1690 }