Remove SecurityPolicy::IsUrlTrustworthySafelisted()

This CL removes SecurityPolicy::IsUrlTrustworthySafelisted() which is
basically a wrapper to IsOriginTrustworthySafelisted(). The only place
where it is used outside SecurityOrigin::IsSecure() is in
PaymentsValidators::IsValidMethodFormat() for a non-opaque http URL.
However, the corresponding section can thus just be replaced with
a call to SecurityOrigin::IsPotentiallyTrustworthy().

Bug: 1153336
Change-Id: I3f3362aa12ab10ee2a2ed945064203deec622ca7
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2587738Reviewed-by: Mike West <mkwst@chromium.org>
Commit-Queue: Frédéric Wang <fwang@igalia.com>
Cr-Commit-Position: refs/heads/master@{#836620}

third_party/blink/renderer/modules/payments/payments_validators.cc

@@ -168,16 +168,7 @@ bool PaymentsValidators::IsValidMethodFormat(const String& identifier) {
   if (url.Protocol() != "http")
     return false;
 
-  // Allow http://localhost for local development.
-  if (SecurityOrigin::Create(url)->IsLocalhost())
-    return true;
-
-  // Allow http:// origins from
-  // --unsafely-treat-insecure-origin-as-secure=<origin> for local development.
-  if (SecurityPolicy::IsUrlTrustworthySafelisted(url))
-    return true;
-
-  return false;
+  return SecurityOrigin::Create(url)->IsPotentiallyTrustworthy();
 }
 
 void PaymentsValidators::ValidateAndStringifyObject(

third_party/blink/renderer/platform/weborigin/security_origin.cc

@@ -308,10 +308,8 @@ bool SecurityOrigin::IsSecure(const KURL& url) {
                                     ExtractInnerURL(url).Protocol()))
     return true;
 
-  if (SecurityPolicy::IsUrlTrustworthySafelisted(url))
-    return true;
-
-  return false;
+  return SecurityPolicy::IsOriginTrustworthySafelisted(
+      *SecurityOrigin::Create(url).get());
 }
 
 base::Optional<base::UnguessableToken>

third_party/blink/renderer/platform/weborigin/security_policy.cc

@@ -202,13 +202,6 @@ bool SecurityPolicy::IsOriginTrustworthySafelisted(
   return false;
 }
 
-bool SecurityPolicy::IsUrlTrustworthySafelisted(const KURL& url) {
-  // Early return to avoid initializing the SecurityOrigin.
-  if (TrustworthyOriginSafelist().IsEmpty())
-    return false;
-  return IsOriginTrustworthySafelisted(*SecurityOrigin::Create(url).get());
-}
-
 bool SecurityPolicy::IsOriginAccessAllowed(
     const SecurityOrigin* active_origin,
     const SecurityOrigin* target_origin) {

third_party/blink/renderer/platform/weborigin/security_policy.h

@@ -93,7 +93,6 @@ class PLATFORM_EXPORT SecurityPolicy {
 
   static void AddOriginToTrustworthySafelist(const String&);
   static bool IsOriginTrustworthySafelisted(const SecurityOrigin&);
-  static bool IsUrlTrustworthySafelisted(const KURL&);
 
   static bool ReferrerPolicyFromString(const String& policy,
                                        ReferrerPolicyLegacyKeywordsSupport,