Apologies for the delay! We discussed this in the Chrome Security Architecture meeting yesterday (which happens each Tuesday) and we have some questions about your approach, to make sure there aren't other problems you'll run into. At a high level, it seems great to add subframe support, but it's worth making sure the design will work.
1) Do you have a design doc for this work? We found it tricky to piece together details of your plan from the CLs and bug, and a doc describing what support is needed and what changes are planned would help.
2) At a glance, it appears that SecurityInterstitialTabHelper is a WebContentsObserver and assumes there's only one interstitial per WebContents. Are you planning to have one helper per RenderFrameHost, or re-architect the existing helper to manage multiple interstitials across RenderFrameHosts?
3) How does your use case compare with blocked ads (e.g., the heavy ad intervention), which show error pages in subframes? We're guessing you need to be able to click a button to proceed with the navigation? Presumably that's still a committed interstitial and the navigation has to be started again from scratch to proceed?
4) Regarding the assumptions you mentioned:
I might be misunderstanding what you mean, but there is not a single navigation ID or NavigationRequest per WebContents. There can be multiple at once, both across FrameTreeNodes and within a single one.
Maybe it's possible to share more of what you discussed with Arthur, to help us understand where you're headed?
5) It sounds like this is mostly being tracked in Buganizer (i.e., not the Chromium issue tracker), which is fine for the parts relevant to your project. Can you file a public Chromium tracker issue for adding subframe support to interstitials, though, to help Chrome folks follow along?
Thanks!
Charlie