Add WebSecurityOrigin::IsSameOriginWith()

This allows SubresourceFilterAgent::GetInheritedActivationState() to avoid unnecessary conversions to url::Origin. Bug: 1134740 Change-Id: I74d15db49de14d7e9b6017fb131d2976b727edc8 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2495923Reviewed-by: Charlie Harrison <csharrison@chromium.org> Reviewed-by: Nico Weber <thakis@chromium.org> Commit-Queue: Nico Weber <thakis@chromium.org> Cr-Commit-Position: refs/heads/master@{#822200}

Add WebSecurityOrigin::IsSameOriginWith()
This allows SubresourceFilterAgent::GetInheritedActivationState() to avoid unnecessary conversions to url::Origin. Bug: 1134740 Change-Id: I74d15db49de14d7e9b6017fb131d2976b727edc8 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2495923Reviewed-by: Charlie Harrison <csharrison@chromium.org> Reviewed-by: Nico Weber <thakis@chromium.org> Commit-Queue: Nico Weber <thakis@chromium.org> Cr-Commit-Position: refs/heads/master@{#822200}
ff34008a · Alex Turner · Commit Bot · 13124a1d · ff34008a · ff34008a
Commit ff34008a authored Oct 29, 2020 by Alex Turner Committed by Commit Bot Oct 29, 2020
3 changed files
--- a/components/subresource_filter/content/renderer/subresource_filter_agent.cc
+++ b/components/subresource_filter/content/renderer/subresource_filter_agent.cc
@@ -126,11 +126,10 @@ mojom::ActivationState SubresourceFilterAgent::GetInheritedActivationState(
  if (!frame_to_inherit_from || !frame_to_inherit_from->IsWebLocalFrame())
    return mojom::ActivationState();
-  // TODO(crbug.com/1134740): Add an IsSameOriginWith() function to
+  blink::WebSecurityOrigin render_frame_origin =
-  // WebSecurityOrigin to avoid unnecessary conversions to url::Origin.
-  url::Origin render_frame_origin =
      render_frame->GetWebFrame()->GetSecurityOrigin();
-  url::Origin inherited_origin = frame_to_inherit_from->GetSecurityOrigin();
+  blink::WebSecurityOrigin inherited_origin =
+      frame_to_inherit_from->GetSecurityOrigin();
  // Only inherit from same-origin frames.
  if (render_frame_origin.IsSameOriginWith(inherited_origin)) {

--- a/third_party/blink/public/platform/web_security_origin.h
+++ b/third_party/blink/public/platform/web_security_origin.h
@@ -109,6 +109,18 @@ class WebSecurityOrigin {
  // passwords stored in password manager.
  BLINK_PLATFORM_EXPORT bool CanAccessPasswordManager() const;
+  // This method implements HTML's "same origin" check, which verifies equality
+  // of opaque origins, or exact (scheme,host,port) matches. Note that
+  // `document.domain` does not come into play for this comparison.
+  //
+  // This method does not take the "universal access" flag into account. It does
+  // take the "local access" flag into account, considering `file:` origins that
+  // set the flag to be same-origin with all other `file:` origins that set the
+  // flag.
+  //
+  // https://html.spec.whatwg.org/#same-origin
+  BLINK_PLATFORM_EXPORT bool IsSameOriginWith(const WebSecurityOrigin&) const;
 #if INSIDE_BLINK
  BLINK_PLATFORM_EXPORT WebSecurityOrigin(scoped_refptr<const SecurityOrigin>);
  BLINK_PLATFORM_EXPORT WebSecurityOrigin& operator=(

--- a/third_party/blink/renderer/platform/exported/web_security_origin.cc
+++ b/third_party/blink/renderer/platform/exported/web_security_origin.cc
@@ -113,6 +113,12 @@ bool WebSecurityOrigin::CanAccessPasswordManager() const {
  return private_->CanAccessPasswordManager();
 }
+bool WebSecurityOrigin::IsSameOriginWith(const WebSecurityOrigin& other) const {
+  DCHECK(private_);
+  DCHECK(other.private_);
+  return private_->IsSameOriginWith(other.private_.Get());
+}
 WebSecurityOrigin::WebSecurityOrigin(scoped_refptr<const SecurityOrigin> origin)
    : private_(std::move(origin)) {}