Validate the Origin HTTP header in the browser process.

content/public/browser/content_browser_client.h

Index: content/public/browser/content_browser_client.h
diff --git a/content/public/browser/content_browser_client.h b/content/public/browser/content_browser_client.h
index b9c0f419c5d3e2528301a7f8c637c8aa93bfb551..7f1dd208493ab25fc480045c50b14561daeffb77 100644
--- a/content/public/browser/content_browser_client.h
+++ b/content/public/browser/content_browser_client.h
@@ -217,8 +217,17 @@ class CONTENT_EXPORT ContentBrowserClient {
   // more conservative check than IsSuitableHost, since it is used after a
   // navigation has committed to ensure that the process did not exceed its
   // authority.
+  // This is called on the UI thread.
   virtual bool CanCommitURL(RenderProcessHost* process_host, const GURL& url);
 
+  // Returns true if no URL within |origin| is allowed to commit in the given
+  // process.  Must return false if there exists at least one URL in |origin|
+  // that is allowed to commit.
+  // This is called on the IO thread.
+  virtual bool IsIllegalOrigin(ResourceContext* resource_context,
+                               int child_process_id,
+                               const GURL& origin);
+
   // Returns whether a URL should be allowed to open from a specific context.
   // This also applies in cases where the new URL will open in another process.
   virtual bool ShouldAllowOpenURL(SiteInstance* site_instance, const GURL& url);