This is a race with the DidCommitProvisionalLoad IPC. The geolocation service [1] is not associated with legacy IPC, so there's no ordering guarantees...

We should try to land engedy's CL to rebind remote interfaces and make sure the binder registry provides the security context at binding to prevent this race.

[1] https://cs.chromium.org/chromium/src/content/browser/frame_host/render_frame_host_impl.cc?rcl=66651e7000cf55dc7abddda278c1418ed687461f&l=2953

dcheng@, does Mojo queue up requests made on the interface until the impl side of it is bound? I assume yes, but want to double check.

Yes, messages are queued on the receiving end of pipe until someone (e.g. a
Binding to an impl) reads them.

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/0d7cc8b3b2f5145860f3d05020450b0e16db9b40

commit 0d7cc8b3b2f5145860f3d05020450b0e16db9b40
Author: Raymes Khoury <raymes@chromium.org>
Date: Tue Oct 03 23:01:59 2017

Add a temporary hack to fix a race condition with FP layout tests

A race condition means that navigation may not reach the browser process
before a permission request does. This adds a hack to ensure that
navigation has reached the browser by waiting for a cross-origin iframe
to load.

BUG= 689802 , 769189 

Change-Id: I26dba360e322cf31c0ec200985a6908de9a82c35
Reviewed-on: https://chromium-review.googlesource.com/688382
Reviewed-by: Ian Clelland <iclelland@chromium.org>
Commit-Queue: Raymes Khoury <raymes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#506221}
[modify] https://crrev.com/0d7cc8b3b2f5145860f3d05020450b0e16db9b40/third_party/WebKit/LayoutTests/http/tests/resources/feature-policy-permissions-test.js

This should be fixed by https://chromium-review.googlesource.com/c/chromium/src/+/735686

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/090cd7b58fc57101ab9dfe81e2edf276b234ad54

commit 090cd7b58fc57101ab9dfe81e2edf276b234ad54
Author: Raymes Khoury <raymes@chromium.org>
Date: Tue Dec 12 06:40:03 2017

Revert "Add a temporary hack to fix a race condition with FP layout tests"

This reverts commit 0d7cc8b3b2f5145860f3d05020450b0e16db9b40.

Reason for revert: Should be fixed by https://chromium-review.googlesource.com/c/chromium/src/+/735686

Original change's description:
> Add a temporary hack to fix a race condition with FP layout tests
> 
> A race condition means that navigation may not reach the browser process
> before a permission request does. This adds a hack to ensure that
> navigation has reached the browser by waiting for a cross-origin iframe
> to load.
> 
> BUG= 689802 , 769189 
> 
> Change-Id: I26dba360e322cf31c0ec200985a6908de9a82c35
> Reviewed-on: https://chromium-review.googlesource.com/688382
> Reviewed-by: Ian Clelland <iclelland@chromium.org>
> Commit-Queue: Raymes Khoury <raymes@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#506221}

TBR=raymes@chromium.org,qyearsley@chromium.org,iclelland@chromium.org

# Not skipping CQ checks because original CL landed > 1 day ago.

Bug:  689802 ,  769189 
Change-Id: I36cd26c2d2683e020237e038f658fb30fe55354d
Reviewed-on: https://chromium-review.googlesource.com/821952
Reviewed-by: Raymes Khoury <raymes@chromium.org>
Reviewed-by: Sam McNally <sammc@chromium.org>
Commit-Queue: Raymes Khoury <raymes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#523358}
[modify] https://crrev.com/090cd7b58fc57101ab9dfe81e2edf276b234ad54/third_party/WebKit/LayoutTests/http/tests/resources/feature-policy-permissions-test.js

This was fixed by  https://chromium-review.googlesource.com/c/chromium/src/+/735686