Remove caching of CORS info from CanvasRenderingContext.

Before this CL, CanvasRenderingContext remembered which request URLs
were CORS same-origin and which were CORS cross-origin. This worked
relatively well in a pre-service-worker world. But with service workers,
the same request URL can have different response URLs. Also, even if two
things have have the same response URL, they could differ in whether
they were CORS approved or not.

The solution is to remove the caching entirely. This causes more calls
to CanvasImageSource::WouldTaintOrigin(), but the implementations of
those look relatively lightweight so I don't expect performance to be
worse than tracking URLs in two HashSets.

Test: fetch-canvas-tainting-double-write.https.html added in
https://chromium-review.googlesource.com/c/chromium/src/+/1347952.

Bug: 907047
Change-Id: I4cf6289174935dee40ccad0364eb425d717b9f7f
Reviewed-on: https://chromium-review.googlesource.com/c/1347953Reviewed-by: Fernando Serboncini <fserb@chromium.org>
Reviewed-by: Makoto Shimazu <shimazu@chromium.org>
Commit-Queue: Matt Falkenhagen <falken@chromium.org>
Cr-Commit-Position: refs/heads/master@{#610498}

third_party/WebKit/LayoutTests/external/wpt/service-workers/service-worker/fetch-canvas-tainting-double-write.https-expected.txt

-This is a testharness.js-based test.
-FAIL canvas is tainted after writing both a non-opaque image and an opaque image from the same URL assert_throws: function "() => { canvas.toDataURL(); }" did not throw
-Harness: the test ran to completion.
-

third_party/blink/renderer/core/html/canvas/canvas_rendering_context.cc

@@ -166,27 +166,7 @@ CanvasRenderingContext::ResolveContextTypeAliases(
 bool CanvasRenderingContext::WouldTaintOrigin(
     CanvasImageSource* image_source,
     const SecurityOrigin* destination_security_origin) {
-  const KURL& source_url = image_source->SourceURL();
-  const bool has_url = (source_url.IsValid() && !source_url.IsAboutBlankURL());
-
-  if (has_url) {
-    if (source_url.ProtocolIsData() ||
-        clean_urls_.Contains(source_url.GetString())) {
-      return false;
-    }
-    if (dirty_urls_.Contains(source_url.GetString()))
-      return true;
-  }
-
-  const bool taint_origin =
-      image_source->WouldTaintOrigin(destination_security_origin);
-  if (has_url) {
-    if (taint_origin)
-      dirty_urls_.insert(source_url.GetString());
-    else
-      clean_urls_.insert(source_url.GetString());
-  }
-  return taint_origin;
+  return image_source->WouldTaintOrigin(destination_security_origin);
 }
 
 void CanvasRenderingContext::Trace(blink::Visitor* visitor) {

third_party/blink/renderer/core/html/canvas/canvas_rendering_context.h

@@ -35,8 +35,6 @@
 #include "third_party/blink/renderer/platform/graphics/canvas_color_params.h"
 #include "third_party/blink/renderer/platform/graphics/color_behavior.h"
 #include "third_party/blink/renderer/platform/scheduler/public/thread.h"
-#include "third_party/blink/renderer/platform/wtf/hash_set.h"
-#include "third_party/blink/renderer/platform/wtf/text/string_hash.h"
 #include "third_party/skia/include/core/SkColorSpace.h"
 #include "third_party/skia/include/core/SkImageInfo.h"
 
@@ -203,8 +201,6 @@ class CORE_EXPORT CanvasRenderingContext : public ScriptWrappable,
   void Dispose();
 
   Member<CanvasRenderingContextHost> host_;
-  HashSet<String> clean_urls_;
-  HashSet<String> dirty_urls_;
   CanvasColorParams color_params_;
   CanvasContextCreationAttributesCore creation_attributes_;