Basic experimental suborigin CSP directive and SecurityOrigin mods

Source/platform/weborigin/SecurityOrigin.h

 /*
  * Copyright (C) 2007, 2008 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
  *
  * 1.  Redistributions of source code must retain the above copyright
  *     notice, this list of conditions and the following disclaimer.
  * 2.  Redistributions in binary form must reproduce the above copyright
@@ skipping 154 matching lines @@
     bool isLocalhost() const;
 
     // The origin is a globally unique identifier assigned when the Document is
     // created. http://www.whatwg.org/specs/web-apps/current-work/#sandboxOrigin
     //
     // There's a subtle difference between a unique origin and an origin that
     // has the SandboxOrigin flag set. The latter implies the former, and, in
     // addition, the SandboxOrigin flag is inherited by iframes.
     bool isUnique() const { return m_isUnique; }
 
+    // Assigns a suborigin namespace to the SecurityOrigin. addSuborigin() must
+    // only ever be called once per SecurityOrigin(). If it is called on a
+    // SecurityOrigin that has already had a suborigin assigned, it will hit a
+    // RELEASE_ASSERT().
+    void addSuborigin(const String&);
+    bool hasSuborigin() const { return !m_suboriginName.isNull(); }
+    const String& suboriginName() const { return m_suboriginName; }
+
     // Marks a file:// origin as being in a domain defined by its path.
     // FIXME 81578: The naming of this is confusing. Files with restricted access to other local files
     // still can have other privileges that can be remembered, thereby not making them unique.
     void enforceFilePathSeparation();
 
     // Convert this SecurityOrigin into a string. The string
     // representation of a SecurityOrigin is similar to a URL, except it
     // lacks a path component. The string representation does not encode
     // the value of the SecurityOrigin's domain property.
     //
@@ skipping 23 matching lines @@
     //
     //   - Grant universal access.
     //   - Grant loading of local resources.
     //   - Use path-based file:// origins.
     //
     // Note: It is dangerous to change the privileges of an origin
     // at any other time than during initialization.
     void transferPrivilegesFrom(const SecurityOrigin&);
 
 private:
+    // FIXME: After the merge with the Chromium repo, this should be refactored
+    // to use FRIEND_TEST in base/gtest_prod_util.h.
+    friend class SecurityOriginTest;
+    friend class SecurityOriginTest_Suborigins_Test;
+    friend class SecurityOriginTest_SuboriginsParsing_Test;
+
     SecurityOrigin();
     explicit SecurityOrigin(const KURL&);
     explicit SecurityOrigin(const SecurityOrigin*);
 
     // FIXME: Rename this function to something more semantic.
     bool passesFileCheck(const SecurityOrigin*) const;
     void buildRawString(StringBuilder&) const;
 
+    static bool deserializeSuboriginAndHost(const String&, String&, String&);
+
     String m_protocol;
     String m_host;
     String m_domain;
+    String m_suboriginName;
     unsigned short m_port;
     bool m_isUnique;
     bool m_universalAccess;
     bool m_domainWasSetInDOM;
     bool m_canLoadLocalResources;
     bool m_enforceFilePathSeparation;
     bool m_needsDatabaseIdentifierQuirkForFiles;
 };
 
 } // namespace blink
 
 #endif // SecurityOrigin_h