Support whitelisting to handle insecure origins as trustworthy origins (chromium)

content/public/common/origin_util.h

Index: content/public/common/origin_util.h
diff --git a/content/public/common/origin_util.h b/content/public/common/origin_util.h
new file mode 100644
index 0000000000000000000000000000000000000000..6e2bcbffaa7ef3c7d252ef6595412ae206359e5d
--- /dev/null
+++ b/content/public/common/origin_util.h
@@ -0,0 +1,25 @@
+// Copyright 2015 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef CONTENT_PUBLIC_COMMON_ORIGIN_UTIL_H_
+#define CONTENT_PUBLIC_COMMON_ORIGIN_UTIL_H_
+
+#include "content/common/content_export.h"
+
+class GURL;
+
+namespace content {
+
+// Returns true if the origin is trustworthy: that is, if its contents can be
+// said to have been transferred to the browser in a way that a network attacker
+// cannot tamper with or observe.
+// See https://www.w3.org/TR/powerful-features/#is-origin-trustworthy.
+//
+// Note: use ContentClient::IsOriginTrustWorthy() to include additional checks
+// by embedders.

[palmer, 2015/04/20 22:16:18]

If we keep this, and I'm fairly sure we shouldn't?, we should document that this
function is basically an implementation detail of |chrome::IsOriginSecure|, and
that nobody should call it directly.

+bool CONTENT_EXPORT IsOriginSecure(const GURL& url);
+
+}  // namespace content
+
+#endif  // CONTENT_PUBLIC_COMMON_ORIGIN_UTIL_H_