blob: 624c724f3b32baca0f4e609d52ec9764d8cd0e68 [file] [log] [blame]
danakjc492bf82020-09-09 20:02:441// Copyright 2013 The Chromium Authors. All rights reserved.
2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
5#ifndef CONTENT_BROWSER_RENDERER_HOST_FRAME_TREE_NODE_H_
6#define CONTENT_BROWSER_RENDERER_HOST_FRAME_TREE_NODE_H_
7
8#include <stddef.h>
9
10#include <memory>
11#include <string>
12#include <vector>
13
14#include "base/gtest_prod_util.h"
15#include "base/macros.h"
16#include "base/memory/ref_counted.h"
17#include "content/browser/renderer_host/frame_tree.h"
18#include "content/browser/renderer_host/frame_tree_node_blame_context.h"
19#include "content/browser/renderer_host/navigator.h"
20#include "content/browser/renderer_host/render_frame_host_impl.h"
21#include "content/browser/renderer_host/render_frame_host_manager.h"
22#include "content/common/content_export.h"
23#include "content/common/frame_replication_state.h"
24#include "services/network/public/mojom/content_security_policy.mojom-forward.h"
25#include "third_party/blink/public/common/frame/frame_policy.h"
26#include "third_party/blink/public/common/frame/user_activation_state.h"
27#include "third_party/blink/public/mojom/frame/frame_owner_element_type.mojom.h"
28#include "third_party/blink/public/mojom/frame/frame_owner_properties.mojom.h"
29#include "third_party/blink/public/mojom/frame/user_activation_update_types.mojom.h"
30#include "third_party/blink/public/mojom/security_context/insecure_request_policy.mojom-forward.h"
31
32#include "url/gurl.h"
33#include "url/origin.h"
34
35namespace content {
36
37class NavigationRequest;
38class RenderFrameHostImpl;
39class NavigationEntryImpl;
40
41// When a page contains iframes, its renderer process maintains a tree structure
42// of those frames. We are mirroring this tree in the browser process. This
43// class represents a node in this tree and is a wrapper for all objects that
44// are frame-specific (as opposed to page-specific).
45//
46// Each FrameTreeNode has a current RenderFrameHost, which can change over
47// time as the frame is navigated. Any immediate subframes of the current
48// document are tracked using FrameTreeNodes owned by the current
49// RenderFrameHost, rather than as children of FrameTreeNode itself. This
50// allows subframe FrameTreeNodes to stay alive while a RenderFrameHost is
51// still alive - for example while pending deletion, after a new current
52// RenderFrameHost has replaced it.
53class CONTENT_EXPORT FrameTreeNode {
54 public:
55 class Observer {
56 public:
57 // Invoked when a FrameTreeNode is being destroyed.
58 virtual void OnFrameTreeNodeDestroyed(FrameTreeNode* node) {}
59
60 // Invoked when a FrameTreeNode becomes focused.
61 virtual void OnFrameTreeNodeFocused(FrameTreeNode* node) {}
62
63 virtual ~Observer() {}
64 };
65
66 static const int kFrameTreeNodeInvalidId;
67
68 // Returns the FrameTreeNode with the given global |frame_tree_node_id|,
69 // regardless of which FrameTree it is in.
70 static FrameTreeNode* GloballyFindByID(int frame_tree_node_id);
71
72 // Returns the FrameTreeNode for the given |rfh|. Same as
73 // rfh->frame_tree_node(), but also supports nullptrs.
74 static FrameTreeNode* From(RenderFrameHost* rfh);
75
76 // Callers are are expected to initialize sandbox flags separately after
77 // calling the constructor.
78 FrameTreeNode(
79 FrameTree* frame_tree,
80 RenderFrameHostImpl* parent,
81 blink::mojom::TreeScopeType scope,
82 const std::string& name,
83 const std::string& unique_name,
84 bool is_created_by_script,
85 const base::UnguessableToken& devtools_frame_token,
86 const blink::mojom::FrameOwnerProperties& frame_owner_properties,
87 blink::mojom::FrameOwnerElementType owner_type);
88
89 ~FrameTreeNode();
90
91 void AddObserver(Observer* observer);
92 void RemoveObserver(Observer* observer);
93
94 bool IsMainFrame() const;
95
Alexander Timin45b716c2020-11-06 01:40:3196 struct ResetForNavigationResult {
97 bool changed_frame_policy = false;
98 };
99
danakjc492bf82020-09-09 20:02:44100 // Clears any state in this node which was set by the document itself (CSP
101 // Headers, Feature Policy Headers, and CSP-set sandbox flags), and notifies
102 // proxies as appropriate. Invoked after committing navigation to a new
103 // document (since the new document comes with a fresh set of CSP and
104 // Feature-Policy HTTP headers).
Alexander Timin45b716c2020-11-06 01:40:31105 // Returns the details of the reset result — whether any important state (e.g.
106 // frame policy headers) was lost during the update.
107 ResetForNavigationResult ResetForNavigation(
108 bool was_served_from_back_forward_cache);
danakjc492bf82020-09-09 20:02:44109
110 FrameTree* frame_tree() const { return frame_tree_; }
111 Navigator& navigator() { return frame_tree()->navigator(); }
112
113 RenderFrameHostManager* render_manager() { return &render_manager_; }
114 int frame_tree_node_id() const { return frame_tree_node_id_; }
115 const std::string& frame_name() const { return replication_state_.name; }
116
117 const std::string& unique_name() const {
118 return replication_state_.unique_name;
119 }
120
121 // See comment on the member declaration.
122 const base::UnguessableToken& devtools_frame_token() const {
123 return devtools_frame_token_;
124 }
125
126 size_t child_count() const { return current_frame_host()->child_count(); }
127
128 unsigned int depth() const { return depth_; }
129
130 RenderFrameHostImpl* parent() const { return parent_; }
131
132 FrameTreeNode* opener() const { return opener_; }
133
134 FrameTreeNode* original_opener() const { return original_opener_; }
135
Wolfgang Beyerd8809db2020-09-30 15:29:39136 const base::Optional<base::UnguessableToken>& opener_devtools_frame_token() {
137 return opener_devtools_frame_token_;
138 }
139
danakjc492bf82020-09-09 20:02:44140 // Gets the total number of descendants to this FrameTreeNode in addition to
141 // this node.
142 size_t GetFrameTreeSize() const;
143
144 // Assigns a new opener for this node and, if |opener| is non-null, registers
145 // an observer that will clear this node's opener if |opener| is ever
146 // destroyed.
147 void SetOpener(FrameTreeNode* opener);
148
149 // Assigns the initial opener for this node, and if |opener| is non-null,
150 // registers an observer that will clear this node's opener if |opener| is
151 // ever destroyed. The value set here is the root of the tree.
152 //
153 // It is not possible to change the opener once it was set.
154 void SetOriginalOpener(FrameTreeNode* opener);
155
Wolfgang Beyerd8809db2020-09-30 15:29:39156 // Assigns an opener frame id for this node. This string id is only set once
157 // and cannot be changed. It persists, even if the |opener| is destroyed. It
158 // is used for attribution in the DevTools frontend.
159 void SetOpenerDevtoolsFrameToken(
160 base::UnguessableToken opener_devtools_frame_token);
161
danakjc492bf82020-09-09 20:02:44162 FrameTreeNode* child_at(size_t index) const {
163 return current_frame_host()->child_at(index);
164 }
165
166 // Returns the URL of the last committed page in the current frame.
167 const GURL& current_url() const {
168 return current_frame_host()->GetLastCommittedURL();
169 }
170
171 // Sets the last committed URL for this frame and updates
172 // has_committed_real_load accordingly.
173 void SetCurrentURL(const GURL& url);
174
175 // Returns true iff SetCurrentURL has been called with a non-blank URL.
176 bool has_committed_real_load() const { return has_committed_real_load_; }
177
178 // Returns whether the frame's owner element in the parent document is
179 // collapsed, that is, removed from the layout as if it did not exist, as per
180 // request by the embedder (of the content/ layer).
181 bool is_collapsed() const { return is_collapsed_; }
182
183 // Sets whether to collapse the frame's owner element in the parent document,
184 // that is, to remove it from the layout as if it did not exist, as per
185 // request by the embedder (of the content/ layer). Cannot be called for main
186 // frames.
187 //
188 // This only has an effect for <iframe> owner elements, and is a no-op when
189 // called on sub-frames hosted in <frame>, <object>, and <embed> elements.
190 void SetCollapsed(bool collapsed);
191
192 // Returns the origin of the last committed page in this frame.
193 // WARNING: To get the last committed origin for a particular
194 // RenderFrameHost, use RenderFrameHost::GetLastCommittedOrigin() instead,
195 // which will behave correctly even when the RenderFrameHost is not the
196 // current one for this frame (such as when it's pending deletion).
197 const url::Origin& current_origin() const {
198 return replication_state_.origin;
199 }
200
201 // Set the current origin and notify proxies about the update.
202 void SetCurrentOrigin(const url::Origin& origin,
203 bool is_potentially_trustworthy_unique_origin);
204
205 // Set the current name and notify proxies about the update.
206 void SetFrameName(const std::string& name, const std::string& unique_name);
207
208 // Add CSP headers to replication state, notify proxies about the update.
209 void AddContentSecurityPolicies(
210 std::vector<network::mojom::ContentSecurityPolicyHeaderPtr> headers);
211
212 // Sets the current insecure request policy, and notifies proxies about the
213 // update.
214 void SetInsecureRequestPolicy(blink::mojom::InsecureRequestPolicy policy);
215
216 // Sets the current set of insecure urls to upgrade, and notifies proxies
217 // about the update.
218 void SetInsecureNavigationsSet(
219 const std::vector<uint32_t>& insecure_navigations_set);
220
221 // Returns the latest frame policy (sandbox flags and container policy) for
222 // this frame. This includes flags inherited from parent frames and the latest
223 // flags from the <iframe> element hosting this frame. The returned policies
224 // may not yet have taken effect, since "sandbox" and "allow" attribute
225 // updates in an <iframe> element take effect on next navigation. To retrieve
226 // the currently active policy for this frame, use effective_frame_policy().
227 const blink::FramePolicy& pending_frame_policy() const {
228 return pending_frame_policy_;
229 }
230
231 // Update this frame's sandbox flags and container policy. This is called
232 // when a parent frame updates the "sandbox" attribute in the <iframe> element
233 // for this frame, or any of the attributes which affect the container policy
234 // ("allowfullscreen", "allowpaymentrequest", "allow", and "src".)
235 // These policies won't take effect until next navigation. If this frame's
236 // parent is itself sandboxed, the parent's sandbox flags are combined with
237 // those in |frame_policy|.
238 // Attempting to change the container policy on the main frame will have no
239 // effect.
240 void SetPendingFramePolicy(blink::FramePolicy frame_policy);
241
242 // Returns the currently active frame policy for this frame, including the
243 // sandbox flags which were present at the time the document was loaded, and
244 // the feature policy container policy, which is set by the iframe's
245 // allowfullscreen, allowpaymentrequest, and allow attributes, along with the
246 // origin of the iframe's src attribute (which may be different from the URL
247 // of the document currently loaded into the frame). This does not include
248 // policy changes that have been made by updating the containing iframe
249 // element attributes since the frame was last navigated; use
250 // pending_frame_policy() for those.
251 const blink::FramePolicy& effective_frame_policy() const {
252 return replication_state_.frame_policy;
253 }
254
255 // Set the frame_policy provided in function parameter as active frame policy,
256 // while leaving pending_frame_policy_ untouched.
257 bool CommitFramePolicy(const blink::FramePolicy& frame_policy);
258
259 const blink::mojom::FrameOwnerProperties& frame_owner_properties() {
260 return frame_owner_properties_;
261 }
262
263 void set_frame_owner_properties(
264 const blink::mojom::FrameOwnerProperties& frame_owner_properties) {
265 frame_owner_properties_ = frame_owner_properties;
266 }
267
268 const network::mojom::ContentSecurityPolicy* csp_attribute() {
269 return csp_attribute_.get();
270 }
271
272 void set_csp_attribute(
273 network::mojom::ContentSecurityPolicyPtr parsed_csp_attribute) {
274 csp_attribute_ = std::move(parsed_csp_attribute);
275 }
276
277 bool HasSameOrigin(const FrameTreeNode& node) const {
278 return replication_state_.origin.IsSameOriginWith(
279 node.replication_state_.origin);
280 }
281
282 const FrameReplicationState& current_replication_state() const {
283 return replication_state_;
284 }
285
286 RenderFrameHostImpl* current_frame_host() const {
287 return render_manager_.current_frame_host();
288 }
289
290 // Return the node immediately preceding this node in its parent's children,
291 // or nullptr if there is no such node.
292 FrameTreeNode* PreviousSibling() const;
293
294 // Return the node immediately following this node in its parent's children,
295 // or nullptr if there is no such node.
296 FrameTreeNode* NextSibling() const;
297
298 // Returns true if this node is in a loading state.
299 bool IsLoading() const;
300
Alex Moshchuk9b0fd822020-10-26 23:08:15301 // Returns true if this node has a cross-document navigation in progress.
302 bool HasPendingCrossDocumentNavigation() const;
303
danakjc492bf82020-09-09 20:02:44304 NavigationRequest* navigation_request() { return navigation_request_.get(); }
305
306 // Transfers the ownership of the NavigationRequest to |render_frame_host|.
307 // From ReadyToCommit to DidCommit, the NavigationRequest is owned by the
308 // RenderFrameHost that is committing the navigation.
309 void TransferNavigationRequestOwnership(
310 RenderFrameHostImpl* render_frame_host);
311
312 // Takes ownership of |navigation_request| and makes it the current
313 // NavigationRequest of this frame. This corresponds to the start of a new
314 // navigation. If there was an ongoing navigation request before calling this
315 // function, it is canceled. |navigation_request| should not be null.
316 void CreatedNavigationRequest(
317 std::unique_ptr<NavigationRequest> navigation_request);
318
319 // Resets the current navigation request. If |keep_state| is true, any state
320 // created by the NavigationRequest (e.g. speculative RenderFrameHost,
321 // loading state) will not be reset by the function.
322 void ResetNavigationRequest(bool keep_state);
323
324 // A RenderFrameHost in this node started loading.
325 // |to_different_document| will be true unless the load is a fragment
326 // navigation, or triggered by history.pushState/replaceState.
327 // |was_previously_loading| is false if the FrameTree was not loading before.
328 // The caller is required to provide this boolean as the delegate should only
329 // be notified if the FrameTree went from non-loading to loading state.
330 // However, when it is called, the FrameTree should be in a loading state.
331 void DidStartLoading(bool to_different_document, bool was_previously_loading);
332
333 // A RenderFrameHost in this node stopped loading.
334 void DidStopLoading();
335
336 // The load progress for a RenderFrameHost in this node was updated to
337 // |load_progress|. This will notify the FrameTree which will in turn notify
338 // the WebContents.
339 void DidChangeLoadProgress(double load_progress);
340
341 // Called when the user directed the page to stop loading. Stops all loads
342 // happening in the FrameTreeNode. This method should be used with
343 // FrameTree::ForEach to stop all loads in the entire FrameTree.
344 bool StopLoading();
345
346 // Returns the time this frame was last focused.
347 base::TimeTicks last_focus_time() const { return last_focus_time_; }
348
349 // Called when this node becomes focused. Updates the node's last focused
350 // time and notifies observers.
351 void DidFocus();
352
353 // Called when the user closed the modal dialogue for BeforeUnload and
354 // cancelled the navigation. This should stop any load happening in the
355 // FrameTreeNode.
356 void BeforeUnloadCanceled();
357
358 // Returns the BlameContext associated with this node.
359 FrameTreeNodeBlameContext& blame_context() { return blame_context_; }
360
361 // Updates the user activation state in the browser frame tree and in the
362 // frame trees in all renderer processes except the renderer for this node
363 // (which initiated the update). Returns |false| if the update tries to
364 // consume an already consumed/expired transient state, |true| otherwise. See
365 // the comment on user_activation_state_ below.
366 //
367 // The |notification_type| parameter is used for histograms, only for the case
368 // |update_state == kNotifyActivation|.
369 bool UpdateUserActivationState(
370 blink::mojom::UserActivationUpdateType update_type,
371 blink::mojom::UserActivationNotificationType notification_type);
372
373 void OnSetHadStickyUserActivationBeforeNavigation(bool value);
374
375 // Returns the sandbox flags currently in effect for this frame. This includes
376 // flags inherited from parent frames, the currently active flags from the
377 // <iframe> element hosting this frame, as well as any flags set from a
378 // Content-Security-Policy HTTP header. This does not include flags that have
379 // have been updated in an <iframe> element but have not taken effect yet; use
380 // pending_frame_policy() for those. To see the flags which will take effect
381 // on navigation (which does not include the CSP-set flags), use
382 // effective_frame_policy().
383 network::mojom::WebSandboxFlags active_sandbox_flags() const {
384 return replication_state_.active_sandbox_flags;
385 }
386
387 // Updates the active sandbox flags in this frame, in response to a
388 // Content-Security-Policy header adding additional flags, in addition to
389 // those given to this frame by its parent, or in response to the
390 // Feature-Policy header being set. Note that on navigation, these updates
391 // will be cleared, and the flags in the pending frame policy will be applied
392 // to the frame.
Alexander Timin45b716c2020-11-06 01:40:31393 // Returns true iff this operation has changed state of either sandbox flags
394 // or feature policy.
395 bool UpdateFramePolicyHeaders(
danakjc492bf82020-09-09 20:02:44396 network::mojom::WebSandboxFlags sandbox_flags,
397 const blink::ParsedFeaturePolicy& parsed_header);
398
399 // Returns whether the frame received a user gesture on a previous navigation
400 // on the same eTLD+1.
401 bool has_received_user_gesture_before_nav() const {
402 return replication_state_.has_received_user_gesture_before_nav;
403 }
404
405 // When a tab is discarded, WebContents sets was_discarded on its
406 // root FrameTreeNode.
407 // In addition, when a child frame is created, this bit is passed on from
408 // parent to child.
409 // When a navigation request is created, was_discarded is passed on to the
410 // request and reset to false in FrameTreeNode.
411 void set_was_discarded() { was_discarded_ = true; }
412 bool was_discarded() const { return was_discarded_; }
413
414 // Returns the sticky bit of the User Activation v2 state of the
415 // |FrameTreeNode|.
416 bool HasStickyUserActivation() const {
417 return user_activation_state_.HasBeenActive();
418 }
419
420 // Returns the transient bit of the User Activation v2 state of the
421 // |FrameTreeNode|.
422 bool HasTransientUserActivation() {
423 return user_activation_state_.IsActive();
424 }
425
426 // Remove history entries for all frames created by script in this frame's
427 // subtree. If a frame created by a script is removed, then its history entry
428 // will never be reused - this saves memory.
429 void PruneChildFrameNavigationEntries(NavigationEntryImpl* entry);
430
431 blink::mojom::FrameOwnerElementType frame_owner_element_type() const {
432 return replication_state_.frame_owner_element_type;
433 }
434 // Only meaningful to call on a root frame. The value of |feature_state| will
435 // be nontrivial if there is an opener which is restricted in some of the
436 // feature policies.
437 void SetOpenerFeaturePolicyState(
438 const blink::FeaturePolicyFeatureState& feature_state);
439
440 void SetAdFrameType(blink::mojom::AdFrameType ad_frame_type);
441
arthursonzogni034bb9c2020-10-01 08:29:56442 // The initial popup URL for new window opened using:
443 // `window.open(initial_popup_url)`.
444 // An empty GURL otherwise.
445 //
446 // [WARNING] There is no guarantee the FrameTreeNode will ever host a
447 // document served from this URL. The FrameTreeNode always starts hosting the
448 // initial empty document and attempts a navigation toward this URL. However
449 // the navigation might be delayed, redirected and even cancelled.
450 void SetInitialPopupURL(const GURL& initial_popup_url);
451 const GURL& initial_popup_url() const { return initial_popup_url_; }
452
453 // The origin of the document that used window.open() to create this frame.
454 // Otherwise, an opaque Origin with a nonce different from all previously
455 // existing Origins.
456 void SetPopupCreatorOrigin(const url::Origin& popup_creator_origin);
457 const url::Origin& popup_creator_origin() const {
458 return popup_creator_origin_;
459 }
460
danakjc492bf82020-09-09 20:02:44461 private:
462 FRIEND_TEST_ALL_PREFIXES(SitePerProcessFeaturePolicyBrowserTest,
463 ContainerPolicyDynamic);
464 FRIEND_TEST_ALL_PREFIXES(SitePerProcessFeaturePolicyBrowserTest,
465 ContainerPolicySandboxDynamic);
466
467 class OpenerDestroyedObserver;
468
469 FrameTreeNode* GetSibling(int relative_offset) const;
470
471 // The |notification_type| parameter is used for histograms only.
472 bool NotifyUserActivation(
473 blink::mojom::UserActivationNotificationType notification_type);
474
475 bool ConsumeTransientUserActivation();
476
477 bool ClearUserActivation();
478
479 // Verify that the renderer process is allowed to set user activation on this
480 // frame by checking whether this frame's RenderWidgetHost had previously seen
481 // an input event that might lead to user activation. If user activation
482 // should be allowed, this returns true and also clears corresponding pending
483 // user activation state in the widget. Otherwise, this returns false.
484 bool VerifyUserActivation();
485
486 // The next available browser-global FrameTreeNode ID.
487 static int next_frame_tree_node_id_;
488
489 // The FrameTree that owns us.
490 FrameTree* frame_tree_; // not owned.
491
492 // Manages creation and swapping of RenderFrameHosts for this frame.
493 RenderFrameHostManager render_manager_;
494
495 // A browser-global identifier for the frame in the page, which stays stable
496 // even if the frame does a cross-process navigation.
497 const int frame_tree_node_id_;
498
499 // The RenderFrameHost owning this FrameTreeNode, which cannot change for the
500 // life of this FrameTreeNode. |nullptr| if this node is the root.
501 RenderFrameHostImpl* const parent_;
502
503 // Number of edges from this node to the root. 0 if this is the root.
504 const unsigned int depth_;
505
506 // The frame that opened this frame, if any. Will be set to null if the
507 // opener is closed, or if this frame disowns its opener by setting its
508 // window.opener to null.
509 FrameTreeNode* opener_;
510
511 // An observer that clears this node's |opener_| if the opener is destroyed.
512 // This observer is added to the |opener_|'s observer list when the |opener_|
513 // is set to a non-null node, and it is removed from that list when |opener_|
514 // changes or when this node is destroyed. It is also cleared if |opener_|
515 // is disowned.
516 std::unique_ptr<OpenerDestroyedObserver> opener_observer_;
517
518 // The frame that opened this frame, if any. Contrary to opener_, this
519 // cannot be changed unless the original opener is destroyed.
520 FrameTreeNode* original_opener_;
521
Wolfgang Beyerd8809db2020-09-30 15:29:39522 // The devtools frame token of the frame which opened this frame. This is
523 // not cleared even if the opener is destroyed or disowns the frame.
524 base::Optional<base::UnguessableToken> opener_devtools_frame_token_;
525
danakjc492bf82020-09-09 20:02:44526 // An observer that clears this node's |original_opener_| if the opener is
527 // destroyed.
528 std::unique_ptr<OpenerDestroyedObserver> original_opener_observer_;
529
arthursonzogni034bb9c2020-10-01 08:29:56530 // When created by an opener, the URL specified in window.open(url)
531 // Please refer to {Get,Set}InitialPopupURL() documentation.
532 GURL initial_popup_url_;
533
534 // When created using window.open, the origin of the creator.
535 // Please refer to {Get,Set}PopupCreatorOrigin() documentation.
536 url::Origin popup_creator_origin_;
537
danakjc492bf82020-09-09 20:02:44538 // Whether this frame has committed any real load, replacing its initial
539 // about:blank page.
540 bool has_committed_real_load_;
541
542 // Whether the frame's owner element in the parent document is collapsed.
543 bool is_collapsed_;
544
545 // Track information that needs to be replicated to processes that have
546 // proxies for this frame.
547 FrameReplicationState replication_state_;
548
549 // Track the pending sandbox flags and container policy for this frame. When a
550 // parent frame dynamically updates 'sandbox', 'allow', 'allowfullscreen',
551 // 'allowpaymentrequest' or 'src' attributes, the updated policy for the frame
552 // is stored here, and transferred into replication_state_.frame_policy when
553 // they take effect on the next frame navigation.
554 blink::FramePolicy pending_frame_policy_;
555
556 // Whether the frame was created by javascript. This is useful to prune
557 // history entries when the frame is removed (because frames created by
558 // scripts are never recreated with the same unique name - see
559 // https://crbug.com/500260).
560 bool is_created_by_script_;
561
562 // Used for devtools instrumentation and trace-ability. The token is
563 // propagated to Blink's LocalFrame and both Blink and content/
564 // can tag calls and requests with this token in order to attribute them
565 // to the context frame.
566 // |devtools_frame_token_| is only defined by the browser process and is never
567 // sent back from the renderer in the control calls. It should be never used
568 // to look up the FrameTreeNode instance.
569 base::UnguessableToken devtools_frame_token_;
570
571 // Tracks the scrolling and margin properties for this frame. These
572 // properties affect the child renderer but are stored on its parent's
573 // frame element. When this frame's parent dynamically updates these
574 // properties, we update them here too.
575 //
576 // Note that dynamic updates only take effect on the next frame navigation.
577 blink::mojom::FrameOwnerProperties frame_owner_properties_;
578
579 // Contains the current parsed value of the 'csp' attribute of this frame.
580 network::mojom::ContentSecurityPolicyPtr csp_attribute_;
581
582 // Owns an ongoing NavigationRequest until it is ready to commit. It will then
583 // be reset and a RenderFrameHost will be responsible for the navigation.
584 std::unique_ptr<NavigationRequest> navigation_request_;
585
586 // List of objects observing this FrameTreeNode.
587 base::ObserverList<Observer>::Unchecked observers_;
588
589 base::TimeTicks last_focus_time_;
590
591 bool was_discarded_;
592
593 // The user activation state of the current frame. See |UserActivationState|
594 // for details on how this state is maintained.
595 blink::UserActivationState user_activation_state_;
596
597 // A helper for tracing the snapshots of this FrameTreeNode and attributing
598 // browser process activities to this node (when possible). It is unrelated
599 // to the core logic of FrameTreeNode.
600 FrameTreeNodeBlameContext blame_context_;
601
602 DISALLOW_COPY_AND_ASSIGN(FrameTreeNode);
603};
604
605} // namespace content
606
607#endif // CONTENT_BROWSER_RENDERER_HOST_FRAME_TREE_NODE_H_