Remove some code, an obsolete criteria, from SecurityOrigin test for uniqueness.

Source/platform/weborigin/SecurityOrigin.cpp

 /*
  * Copyright (C) 2007 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
  *
  * 1.  Redistributions of source code must retain the above copyright
  *     notice, this list of conditions and the following disclaimer.
  * 2.  Redistributions in binary form must reproduce the above copyright
@@ skipping 31 matching lines @@
 #include "wtf/StdLibExtras.h"
 #include "wtf/text/StringBuilder.h"
 
 namespace blink {
 
 const int InvalidPort = 0;
 const int MaxAllowedPort = 65535;
 
 static SecurityOriginCache* s_originCache = 0;
 
-static bool schemeRequiresAuthority(const KURL& url)
-{
-    // We expect URLs with these schemes to have authority components. If the
-    // URL lacks an authority component, we get concerned and mark the origin
-    // as unique.
-    return url.protocolIsInHTTPFamily() || url.protocolIs("ftp");
-}
-
 static SecurityOrigin* cachedOrigin(const KURL& url)
 {
     if (s_originCache)
         return s_originCache->cachedOrigin(url);
     return 0;
 }
 
 bool SecurityOrigin::shouldUseInnerURL(const KURL& url)
 {
     // FIXME: Blob URLs don't have inner URLs. Their form is "blob:<inner-origin>/<UUID>", so treating the part after "blob:" as a URL is incorrect.
@@ skipping 16 matching lines @@
     return KURL(ParsedURLString, decodeURLEscapeSequences(url.path()));
 }
 
 void SecurityOrigin::setCache(SecurityOriginCache* originCache)
 {
     s_originCache = originCache;
 }
 
 static bool shouldTreatAsUniqueOrigin(const KURL& url)
 {
     if (!url.isValid())

[palmer, 2015/08/27 22:59:03]

Add a comment here saying that URLs with schemes that require an authority but
which don't have one will have failed this test.

[michaeln, 2015/08/28 23:15:51]

Done, also said it in an ASSERT

         return true;
 
     // FIXME: Do we need to unwrap the URL further?
     KURL relevantURL;
     if (SecurityOrigin::shouldUseInnerURL(url)) {
         relevantURL = SecurityOrigin::extractInnerURL(url);
         if (!relevantURL.isValid())
             return true;
     } else {
         relevantURL = url;
     }
 
-    // For edge case URLs that were probably misparsed, make sure that the origin is unique.
-    // FIXME: Do we really need to do this? This looks to be a hack around a
-    // security bug in CFNetwork that might have been fixed.
-    if (schemeRequiresAuthority(relevantURL) && relevantURL.host().isEmpty())
-        return true;
-
     // SchemeRegistry needs a lower case protocol because it uses HashMaps
     // that assume the scheme has already been canonicalized.
     String protocol = relevantURL.protocol().lower();
 
     if (SchemeRegistry::shouldTreatURLSchemeAsNoAccess(protocol))
         return true;
 
     // This is the common case.
     return false;
 }
@@ skipping 424 matching lines @@
 }
 
 void SecurityOrigin::transferPrivilegesFrom(const SecurityOrigin& origin)
 {
     m_universalAccess = origin.m_universalAccess;
     m_canLoadLocalResources = origin.m_canLoadLocalResources;
     m_blockLocalAccessFromLocalOrigin = origin.m_blockLocalAccessFromLocalOrigin;
 }
 
 } // namespace blink