Remove some code, an obsolete criteria, from SecurityOrigin test for uniqueness.

Source/platform/weborigin/SecurityOrigin.cpp

 /*
  * Copyright (C) 2007 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
  *
  * 1.  Redistributions of source code must retain the above copyright
  *     notice, this list of conditions and the following disclaimer.
  * 2.  Redistributions in binary form must reproduce the above copyright
@@ skipping 31 matching lines @@
 #include "wtf/StdLibExtras.h"
 #include "wtf/text/StringBuilder.h"
 
 namespace blink {
 
 const int InvalidPort = 0;
 const int MaxAllowedPort = 65535;
 
 static SecurityOriginCache* s_originCache = 0;
 
-static bool schemeRequiresAuthority(const KURL& url)
-{
-    // We expect URLs with these schemes to have authority components. If the
-    // URL lacks an authority component, we get concerned and mark the origin
-    // as unique.
-    return url.protocolIsInHTTPFamily() || url.protocolIs("ftp");
-}
-
 static SecurityOrigin* cachedOrigin(const KURL& url)
 {
     if (s_originCache)
         return s_originCache->cachedOrigin(url);
     return 0;
 }
 
 bool SecurityOrigin::shouldUseInnerURL(const KURL& url)
 {
     // FIXME: Blob URLs don't have inner URLs. Their form is "blob:<inner-origin>/<UUID>", so treating the part after "blob:" as a URL is incorrect.
@@ skipping 29 matching lines @@
     // FIXME: Do we need to unwrap the URL further?
     KURL relevantURL;
     if (SecurityOrigin::shouldUseInnerURL(url)) {
         relevantURL = SecurityOrigin::extractInnerURL(url);
         if (!relevantURL.isValid())
             return true;
     } else {
         relevantURL = url;
     }
 
-    // For edge case URLs that were probably misparsed, make sure that the origin is unique.
-    // FIXME: Do we really need to do this? This looks to be a hack around a
-    // security bug in CFNetwork that might have been fixed.
-    if (schemeRequiresAuthority(relevantURL) && relevantURL.host().isEmpty())
-        return true;
+    // URLs with schemes that require an authority, but which don't have one,
+    // will have failed the isValid() test; i.e. valid HTTP URLs must have a host.

[sof, 2015/08/30 06:38:46]

nit: s/i.e./e.g./

[Tom Sepez, 2015/08/31 16:20:28]

nit: 80 cols

+    ASSERT(!((relevantURL.protocolIsInHTTPFamily() || relevantURL.protocolIs("ftp") && relevantURL.host().isEmpty())));

[sof, 2015/08/30 06:38:46]

Close parens typo? !((A || B) && C) is the condition to test.

[Tom Sepez, 2015/08/31 16:20:28]

nit: 80 cols.

[michaeln, 2015/08/31 20:25:57]

yikes!!! fixed, thank you

 
     // SchemeRegistry needs a lower case protocol because it uses HashMaps
     // that assume the scheme has already been canonicalized.
     String protocol = relevantURL.protocol().lower();
 
     if (SchemeRegistry::shouldTreatURLSchemeAsNoAccess(protocol))
         return true;
 
     // This is the common case.
     return false;
@@ skipping 425 matching lines @@
 }
 
 void SecurityOrigin::transferPrivilegesFrom(const SecurityOrigin& origin)
 {
     m_universalAccess = origin.m_universalAccess;
     m_canLoadLocalResources = origin.m_canLoadLocalResources;
     m_blockLocalAccessFromLocalOrigin = origin.m_blockLocalAccessFromLocalOrigin;
 }
 
 } // namespace blink