Remove |target_frame| param from GetOriginForURLLoaderFactoryUnchecked.

GetOriginForURLLoaderFactoryUnchecked can calculate the origin of the
parent frame from the |navigation_request| parameter - there is no need
to separately pass the |target_frame| parameter.

Additionally, before this CL, the caller would calculate |target_frame|
by calling GetRenderFrameHost() which only works at
WILL_PROCESS_RESPONSE or later time.  Depending on
|frame_tree_node()->parent()| means that
GetOriginForURLLoaderFactoryUnchecked may be called earlier - this will
hopefully help in the future call GetOriginForURLLoaderFactory when
creating a speculative/provisional frame (in this scenario the
|target_frame| does not exist yet).

Bug: 1098938
Change-Id: I51f1d00dd2b85cb9f50aec5e07e88428655bfff5
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2288810
Commit-Queue: Łukasz Anforowicz <lukasza@chromium.org>
Reviewed-by: Aaron Colwell <acolwell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#786540}

content/browser/frame_host/navigation_request.cc

@@ -742,9 +742,7 @@ bool ShouldSwapBrowsingInstanceForCrossOriginOpenerPolicy(
 }
 
 url::Origin GetOriginForURLLoaderFactoryUnchecked(
-    RenderFrameHostImpl* target_frame,
     NavigationRequest* navigation_request) {
-  DCHECK(target_frame);
   DCHECK(navigation_request);
 
   // Check if this is loadDataWithBaseUrl (which needs special treatment).
@@ -787,9 +785,9 @@ url::Origin GetOriginForURLLoaderFactoryUnchecked(
   if (navigation_request->GetURL().IsAboutSrcdoc()) {
     // Srcdoc navigations in main frames should be blocked before this function
     // is called.  This should guarantee existence of a parent here.
-    RenderFrameHostImpl* parent = target_frame->GetParent();
+    RenderFrameHostImpl* parent =
+        navigation_request->frame_tree_node()->parent();
     DCHECK(parent);
-
     return parent->GetLastCommittedOrigin();
   }
 
@@ -4207,6 +4205,11 @@ bool NavigationRequest::IsLoadDataWithBaseURL(
 }
 
 url::Origin NavigationRequest::GetOriginForURLLoaderFactory() {
+  // Calculate an approximation (sandbox/csp is ignored - see
+  // https://crbug.com/1041376) of the origin that will be committed because of
+  // |this| NavigationRequest.
+  url::Origin result = GetOriginForURLLoaderFactoryUnchecked(this);
+
   // Note that GetRenderFrameHost() only allows to retrieve the RenderFrameHost
   // once it has been set for this navigation.  This will happens either at
   // WillProcessResponse time for regular navigations or at WillFailRequest time
@@ -4214,12 +4217,6 @@ url::Origin NavigationRequest::GetOriginForURLLoaderFactory() {
   RenderFrameHostImpl* target_frame = GetRenderFrameHost();
   DCHECK(target_frame);
 
-  // Calculate an approximation (sandbox/csp is ignored - see
-  // https://crbug.com/1041376) of the origin that will be committed because of
-  // |this| NavigationRequest.
-  url::Origin result =
-      GetOriginForURLLoaderFactoryUnchecked(target_frame, this);
-
   // Check that |result| origin is allowed to be accessed from the process that
   // is the target of this navigation.
   //