Skip to content
Commit 2cfb83bb authored by Lingqi Chi's avatar Lingqi Chi Committed by Chromium LUCI CQ
Browse files

Prerender: Inform all RFHIs in prerendering tree of the activation 

Currently some RFHIs are not informed when we activate the renderer
documents, as their lifecycle states are kSpeculative or kPendingCommit.
A typical case can be like:
1. prerendering document creates an iframe.
2. the iframe navigates to a cross-origin URL.
3. since the URL is cross-origin, the browser creates a speculative
   RenderFrameHostImpl for it.
4. since the navigation is a cross-origin navigation,
   PrerenderSubframeNavigationThrottle defers the navigation. So it
   cannot be committed to the corresponding RFHI, and the RFHI's
   lifecycle state is not changed.
And when activating the page, we execute the following steps[1]:
5. first we inform RFHIs in the prerendering tree of the activation
   and RFHIs will loose Mojo capability control, because renderers may
   send some kCancel interfaces[2] to the browser once they know that they
   are activated.
6. then we inform renderer documents of the activation, and they will
   execute post-activation steps.
7. after the main frame of the prerendered page is activated,
   PrerenderSubframeNavigationThrottle resumes the paused navigations
   (cross-origin subframe navigations).
8. the cross-origin navigations are committed to renderer documents.
   (Please note that at this moment, the lifecycle states of
   corresponding RFHIs are kSpeculative.
9. the cross-origin renderer documents may send some kCancel interfaces.

Given this workflow, kSpeculative RFHIs should be informed of the
activation as well. So this CL switches to using
ForEachRenderFrameHostIncludingSpeculative instead of
ForEachRenderFrameHost when informing RFHIs of the activation.

[1] https://docs.google.com/document/d/1_l1LDUALf8PbZIz5y_UYNGZmYCMKNpePDLBHn-gTsTM/edit#bookmark=id.apf3kkg7wtqq
[2] kCancel interfaces mean: interfaces whose binder policies are set to
kCancel. This kind of policy is used to allow browser process to cancel
prerendering when it receives a binding request and doesn't know how to
handle it correctly. (so it drops the prerender context and stops
prernedering)

Bug: 1268714
Change-Id: I8faf41fb327dede819cf5b0f65245cb82f962175
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3325333


Reviewed-by: default avatarHiroki Nakagawa <nhiroki@chromium.org>
Reviewed-by: default avatarSreeja Kamishetty <sreejakshetty@chromium.org>
Reviewed-by: default avatarRakina Zata Amni <rakina@chromium.org>
Commit-Queue: Lingqi Chi <lingqi@chromium.org>
Cr-Commit-Position: refs/heads/main@{#958037}
parent bdbff5bf
Show whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment