mirror of
synced 2025-03-19 13:30:13 +01:00
The behavior has changed as follows with NetworkService enabled: - All pending and in-progress requests will now be aborted when the CEF context or associated browser is destroyed. The OnResourceLoadComplete callback will now also be called in this case for in-progress requests that have a handler. - The CefResourceHandler::Cancel method will now always be called when resource handling is complete, irrespective of whether handling completed successfully. - Request callbacks that arrive after the OnBeforeClose callback for the associated browser (which may happen for in-progress requests that are aborted on browser destruction) will now always have a non-nullptr CefBrowser parameter. - Allow empty parameters to CefRequest and CefResponse methods where it makes sense (e.g. resetting default response state, or clearing a referrer value). - Fixed a reference loop that was keeping CefResourceHandler objects from being destroyed if they were holding a callback reference (from ProcessRequest, ReadResponse, etc.) during CEF context or associated browser destruction. - Fixed an issue where the main frame was not detached on browser destruction which could cause a crash due to RFH use-after-free (see issue #2498). To test: All unit tests pass as expected.
370 lines
11 KiB
370 lines
11 KiB
// Copyright (c) 2012 The Chromium Embedded Framework Authors. All rights
// reserved. Use of this source code is governed by a BSD-style license that can
// be found in the LICENSE file.
#include "libcef/browser/browser_info.h"
#include "libcef/browser/browser_host_impl.h"
#include "libcef/browser/thread_util.h"
#include "libcef/common/values_impl.h"
#include "base/logging.h"
#include "content/browser/frame_host/frame_tree_node.h"
#include "content/browser/frame_host/render_frame_host_impl.h"
#include "content/public/browser/render_process_host.h"
#include "ipc/ipc_message.h"
CefBrowserInfo::FrameInfo::~FrameInfo() {
if (frame_ && !is_main_frame_) {
// Disassociate sub-frames from the browser.
CefBrowserInfo::CefBrowserInfo(int browser_id,
bool is_popup,
bool is_windowless,
CefRefPtr<CefDictionaryValue> extra_info)
: browser_id_(browser_id),
extra_info_(extra_info) {
DCHECK_GT(browser_id, 0);
CefBrowserInfo::~CefBrowserInfo() {}
CefRefPtr<CefBrowserHostImpl> CefBrowserInfo::browser() const {
base::AutoLock lock_scope(lock_);
return browser_;
void CefBrowserInfo::SetBrowser(CefRefPtr<CefBrowserHostImpl> browser) {
base::AutoLock lock_scope(lock_);
browser_ = browser;
if (!browser) {
void CefBrowserInfo::MaybeCreateFrame(content::RenderFrameHost* host,
bool is_guest_view) {
const auto frame_id = CefFrameHostImpl::MakeFrameId(host);
const int frame_tree_node_id = host->GetFrameTreeNodeId();
const bool is_main_frame = (host->GetParent() == nullptr);
// A speculative RFH will be created in response to a browser-initiated
// cross-origin navigation (e.g. via LoadURL) and eventually either discarded
// or swapped in based on whether the navigation is committed. We'll create a
// frame object for the speculative RFH so that it can be found by
// frame/routing ID. However, we won't replace the main frame with a
// speculative RFH until after it's swapped in, and we'll generally prefer to
// return a non-speculative RFH for the same node ID if one exists.
const bool is_speculative = (static_cast<content::RenderFrameHostImpl*>(host)
->current_frame_host() != host);
base::AutoLock lock_scope(lock_);
const auto it = frame_id_map_.find(frame_id);
if (it != frame_id_map_.end()) {
auto info = it->second;
// Check that the frame info hasn't changed unexpectedly.
DCHECK_EQ(info->frame_id_, frame_id);
DCHECK_EQ(info->frame_tree_node_id_, frame_tree_node_id);
DCHECK_EQ(info->is_guest_view_, is_guest_view);
DCHECK_EQ(info->is_main_frame_, is_main_frame);
if (!info->is_guest_view_ && info->is_speculative_ && !is_speculative) {
// Upgrade the frame info from speculative to non-speculative.
if (info->is_main_frame_) {
if (main_frame_) {
// Update the existing main frame object.
info->frame_ = main_frame_;
} else {
// Set the main frame object.
main_frame_ = info->frame_;
info->is_speculative_ = false;
auto frame_info = new FrameInfo;
frame_info->host_ = host;
frame_info->frame_id_ = frame_id;
frame_info->frame_tree_node_id_ = frame_tree_node_id;
frame_info->is_guest_view_ = is_guest_view;
frame_info->is_main_frame_ = is_main_frame;
frame_info->is_speculative_ = is_speculative;
// Guest views don't get their own CefBrowser or CefFrame objects.
if (!is_guest_view) {
if (is_main_frame && main_frame_ && !is_speculative) {
// Update the existing main frame object.
frame_info->frame_ = main_frame_;
} else {
// Create a new frame object.
frame_info->frame_ = new CefFrameHostImpl(this, host);
if (is_main_frame && !is_speculative) {
main_frame_ = frame_info->frame_;
// Check that the frame info hasn't changed unexpectedly.
DCHECK_EQ(frame_id, frame_info->frame_->GetIdentifier());
DCHECK_EQ(frame_info->is_main_frame_, frame_info->frame_->IsMain());
host->GetProcess()->GetID(), host->GetRoutingID(), frame_tree_node_id,
is_main_frame, is_guest_view);
// Populate the lookup maps.
frame_id_map_.insert(std::make_pair(frame_id, frame_info));
// And finally set the ownership.
void CefBrowserInfo::RemoveFrame(content::RenderFrameHost* host) {
base::AutoLock lock_scope(lock_);
const auto frame_id = CefFrameHostImpl::MakeFrameId(host);
auto it = frame_id_map_.find(frame_id);
DCHECK(it != frame_id_map_.end());
auto frame_info = it->second;
host->GetProcess()->GetID(), host->GetRoutingID(),
frame_info->frame_tree_node_id_, frame_info->is_main_frame_,
// Remove from the lookup maps.
// A new RFH with the same node ID may be added before the old RFH is deleted,
// or this might be a speculative RFH. Therefore only delete the map entry if
// it's currently pointing to the to-be-deleted frame info object.
if (frame_tree_node_id_map_.find(frame_info->frame_tree_node_id_)->second ==
frame_info) {
// And finally delete the frame info.
auto it2 = frame_info_set_.find(frame_info);
CefRefPtr<CefFrameHostImpl> CefBrowserInfo::GetMainFrame() {
base::AutoLock lock_scope(lock_);
if (!main_frame_) {
// Create a temporary object that will eventually be updated with real
// routing information.
main_frame_ =
new CefFrameHostImpl(this, true, CefFrameHostImpl::kInvalidFrameId);
return main_frame_;
CefRefPtr<CefFrameHostImpl> CefBrowserInfo::CreateTempSubFrame(
int64_t parent_frame_id) {
CefRefPtr<CefFrameHostImpl> parent = GetFrameForId(parent_frame_id);
if (!parent)
parent = GetMainFrame();
return new CefFrameHostImpl(this, false, parent->GetIdentifier());
CefRefPtr<CefFrameHostImpl> CefBrowserInfo::GetFrameForHost(
const content::RenderFrameHost* host,
bool* is_guest_view) const {
if (is_guest_view)
*is_guest_view = false;
if (!host)
return nullptr;
return GetFrameForId(CefFrameHostImpl::MakeFrameId(host), is_guest_view);
CefRefPtr<CefFrameHostImpl> CefBrowserInfo::GetFrameForRoute(
int32_t render_process_id,
int32_t render_routing_id,
bool* is_guest_view) const {
if (is_guest_view)
*is_guest_view = false;
if (render_process_id < 0 || render_routing_id < 0)
return nullptr;
return GetFrameForId(
CefFrameHostImpl::MakeFrameId(render_process_id, render_routing_id),
CefRefPtr<CefFrameHostImpl> CefBrowserInfo::GetFrameForId(
int64_t frame_id,
bool* is_guest_view) const {
if (is_guest_view)
*is_guest_view = false;
if (frame_id < 0)
return nullptr;
base::AutoLock lock_scope(lock_);
const auto it = frame_id_map_.find(frame_id);
if (it != frame_id_map_.end()) {
const auto info = it->second;
if (info->is_guest_view_) {
if (is_guest_view)
*is_guest_view = true;
return nullptr;
if (info->is_speculative_) {
if (info->is_main_frame_ && main_frame_) {
// Always prefer the non-speculative main frame.
return main_frame_;
} else {
// Always prefer an existing non-speculative frame for the same node ID.
bool is_guest_view_tmp;
auto frame = GetFrameForFrameTreeNodeInternal(info->frame_tree_node_id_,
if (is_guest_view_tmp) {
if (is_guest_view)
*is_guest_view = true;
return nullptr;
if (frame)
return frame;
LOG(WARNING) << "Returning a speculative frame for frame id " << frame_id;
return info->frame_;
return nullptr;
CefRefPtr<CefFrameHostImpl> CefBrowserInfo::GetFrameForFrameTreeNode(
int frame_tree_node_id,
bool* is_guest_view) const {
if (is_guest_view)
*is_guest_view = false;
if (frame_tree_node_id < 0)
return nullptr;
base::AutoLock lock_scope(lock_);
return GetFrameForFrameTreeNodeInternal(frame_tree_node_id, is_guest_view);
CefBrowserInfo::FrameHostList CefBrowserInfo::GetAllFrames() const {
base::AutoLock lock_scope(lock_);
FrameHostList frames;
for (const auto& info : frame_info_set_) {
if (info->frame_ && !info->is_speculative_)
return frames;
void CefBrowserInfo::MaybeUpdateFrameTreeNodeIdMap(FrameInfo* info) {
auto it = frame_tree_node_id_map_.find(info->frame_tree_node_id_);
const bool has_entry = (it != frame_tree_node_id_map_.end());
if (has_entry && it->second == info) {
// Already mapping to |info|.
// Don't replace an existing node ID entry with a speculative RFH, but do
// add an entry if one doesn't already exist.
if (!info->is_speculative_ || !has_entry) {
// A new RFH with the same node ID may be added before the old RFH is
// deleted. To avoid duplicate entries in the map remove the old entry, if
// any, before adding the new entry.
if (has_entry)
std::make_pair(info->frame_tree_node_id_, info));
CefRefPtr<CefFrameHostImpl> CefBrowserInfo::GetFrameForFrameTreeNodeInternal(
int frame_tree_node_id,
bool* is_guest_view) const {
if (is_guest_view)
*is_guest_view = false;
const auto it = frame_tree_node_id_map_.find(frame_tree_node_id);
if (it != frame_tree_node_id_map_.end()) {
const auto info = it->second;
LOG_IF(WARNING, info->is_speculative_)
<< "Returning a speculative frame for node id " << frame_tree_node_id;
if (info->is_guest_view_) {
if (is_guest_view)
*is_guest_view = true;
return nullptr;
return info->frame_;
return nullptr;
void CefBrowserInfo::RemoveAllFrames() {
// Clear the lookup maps.
// Explicitly Detach main frames.
for (auto& info : frame_info_set_) {
if (info->frame_ && info->is_main_frame_)
if (main_frame_) {
main_frame_ = nullptr;
// And finally delete the frame info.