Drop the suggested name of downloads when initiator & resource origin differ

Compare https://html.spec.whatwg.org/#downloading-resources step 3-9.

BUG=714373
R=dtrainor@chromium.org

Change-Id: Iae9831c488fac56442ebf608203853da022fdf10
Reviewed-on: https://chromium-review.googlesource.com/509253
Commit-Queue: Jochen Eisinger <jochen@chromium.org>
Reviewed-by: David Trainor <dtrainor@chromium.org>
Cr-Commit-Position: refs/heads/master@{#473428}

content/browser/download/download_request_core.cc

@@ -337,14 +337,15 @@ bool DownloadRequestCore::OnResponseStarted(
         headers->HasHeaderValue("Accept-Ranges", "bytes");
   }
 
-  // Blink verifies that the requester of this download is allowed to set a
-  // suggested name for the security origin of the download URL. However, this
-  // assumption doesn't hold if there were cross origin redirects. Therefore,
-  // clear the suggested_name for such requests.
-  if (create_info->url_chain.size() > 1 &&
-      create_info->url_chain.front().GetOrigin() !=
-          create_info->url_chain.back().GetOrigin())
+  // GURL::GetOrigin() doesn't support getting the inner origin of a blob URL.
+  // However, requesting a cross origin blob URL would have resulted in a
+  // network error, so we'll just ignore them here.
+  if (request()->initiator().has_value() &&
+      !create_info->url_chain.back().SchemeIsBlob() &&
+      request()->initiator()->GetURL() !=
+          create_info->url_chain.back().GetOrigin()) {
     create_info->save_info->suggested_name.clear();
+  }
 
   RecordDownloadContentDisposition(create_info->content_disposition);
   RecordDownloadSourcePageTransitionType(create_info->transition_type);

third_party/WebKit/LayoutTests/http/tests/security/anchor-download-block-crossorigin-expected.txt

-Downloading URL with suggested filename ""
-Tests that a suggested filename on a download attribute is ignored if the link is cross origin.
+Downloading URL with suggested filename "foo.pdf"
+Tests that a suggested filename on a download attribute is passed along even if the link is cross origin.
 
-The suggested filename at the top should be empty.
+The suggested filename at the top should be non-empty. The actual cross-origin check will be done in the browser process.

third_party/WebKit/LayoutTests/http/tests/security/anchor-download-block-crossorigin.html

@@ -11,10 +11,11 @@ if (window.testRunner) {
 </head>
 <body>
 <p>
-Tests that a suggested filename on a download attribute is ignored if 
+Tests that a suggested filename on a download attribute is passed along even if
 <a id="dl" href="http://localhost:8080/security/resources/attachment.php" download="foo.pdf">the link</a> is cross origin.
 <p>
-The suggested filename at the top should be empty.
+The suggested filename at the top should be non-empty. The actual cross-origin
+check will be done in the browser process.
 <script>
 function click(elmt)
 {

third_party/WebKit/Source/core/html/HTMLAnchorElement.cpp

@@ -360,15 +360,11 @@ void HTMLAnchorElement::HandleClick(Event* event) {
 
   if (hasAttribute(downloadAttr)) {
     request.SetRequestContext(WebURLRequest::kRequestContextDownload);
-    bool is_same_origin =
-        completed_url.ProtocolIsData() ||
-        GetDocument().GetSecurityOrigin()->CanRequest(completed_url);
-    const AtomicString& suggested_name =
-        (is_same_origin ? FastGetAttribute(downloadAttr) : g_null_atom);
     request.SetRequestorOrigin(SecurityOrigin::Create(GetDocument().Url()));
 
     frame->Loader().Client()->LoadURLExternally(
-        request, kNavigationPolicyDownload, suggested_name, false);
+        request, kNavigationPolicyDownload, FastGetAttribute(downloadAttr),
+        false);
   } else {
     request.SetRequestContext(WebURLRequest::kRequestContextHyperlink);
     FrameLoadRequest frame_request(&GetDocument(), request,