Plumb the correct owner document through DocumentInit::m_owner.

third_party/WebKit/Source/core/dom/Document.cpp

Index: third_party/WebKit/Source/core/dom/Document.cpp
diff --git a/third_party/WebKit/Source/core/dom/Document.cpp b/third_party/WebKit/Source/core/dom/Document.cpp
index 757f46e1653e37d155237535ff480dabf1ca4be3..f79cb9f33bce4b01d53a2c529303ca32b61b1a3b 100644
--- a/third_party/WebKit/Source/core/dom/Document.cpp
+++ b/third_party/WebKit/Source/core/dom/Document.cpp
@@ -4864,11 +4864,6 @@ bool Document::useSecureKeyboardEntryWhenActive() const
     return m_useSecureKeyboardEntryWhenActive;
 }
 
-void Document::initSecurityContext()
-{
-    initSecurityContext(DocumentInit(m_url, m_frame, contextDocument(), m_importsController));
-}
-
 void Document::initSecurityContext(const DocumentInit& initializer)
 {
     if (haveInitializedSecurityOrigin()) {
@@ -4890,7 +4885,6 @@ void Document::initSecurityContext(const DocumentInit& initializer)
 
     // In the common case, create the security context from the currently
     // loading URL with a fresh content security policy.
-    m_cookieURL = m_url;
     enforceSandboxFlags(initializer.sandboxFlags());
     if (initializer.shouldEnforceStrictMixedContentChecking())
         enforceStrictMixedContentChecking();
@@ -4899,7 +4893,25 @@ void Document::initSecurityContext(const DocumentInit& initializer)
         for (auto toUpgrade : *initializer.insecureNavigationsToUpgrade())
             addInsecureNavigationUpgrade(toUpgrade);
     }
-    setSecurityOrigin(isSandboxed(SandboxOrigin) ? SecurityOrigin::createUnique() : SecurityOrigin::create(m_url));
+
+    if (isSandboxed(SandboxOrigin)) {
+        m_cookieURL = m_url;
+        setSecurityOrigin(SecurityOrigin::createUnique());
+        // If we're supposed to inherit our security origin from our owner,
+        // but we're also sandboxed, the only thing we inherit is the ability
+        // to load local resources. This lets about:blank iframes in file://
+        // URL documents load images and other resources from the file system.
+        if (initializer.owner() && initializer.owner()->securityOrigin()->canLoadLocalResources())
+            securityOrigin()->grantLoadLocalResources();
+    } else if (initializer.owner()) {
+        m_cookieURL = initializer.owner()->cookieURL();
+        // We alias the SecurityOrigins to match Firefox, see Bug 15313
+        // https://bugs.webkit.org/show_bug.cgi?id=15313
+        setSecurityOrigin(initializer.owner()->securityOrigin());
+    } else {
+        m_cookieURL = m_url;
+        setSecurityOrigin(SecurityOrigin::create(m_url));
+    }
 
     if (importsController()) {
         // If this document is an HTML import, grab a reference to it's master document's Content
@@ -4931,32 +4943,6 @@ void Document::initSecurityContext(const DocumentInit& initializer)
         m_isSrcdocDocument = true;
         setBaseURLOverride(initializer.parentBaseURL());
     }
-
-    if (!shouldInheritSecurityOriginFromOwner(m_url))
-        return;
-
-    // If we do not obtain a meaningful origin from the URL, then we try to
-    // find one via the frame hierarchy.
-
-    if (!initializer.owner()) {
-        didFailToInitializeSecurityOrigin();
-        return;
-    }
-
-    if (isSandboxed(SandboxOrigin)) {
-        // If we're supposed to inherit our security origin from our owner,
-        // but we're also sandboxed, the only thing we inherit is the ability
-        // to load local resources. This lets about:blank iframes in file://
-        // URL documents load images and other resources from the file system.
-        if (initializer.owner()->securityOrigin()->canLoadLocalResources())
-            securityOrigin()->grantLoadLocalResources();
-        return;
-    }
-
-    m_cookieURL = initializer.owner()->cookieURL();
-    // We alias the SecurityOrigins to match Firefox, see Bug 15313
-    // https://bugs.webkit.org/show_bug.cgi?id=15313
-    setSecurityOrigin(initializer.owner()->securityOrigin());
 }
 
 void Document::initContentSecurityPolicy(PassRefPtrWillBeRawPtr<ContentSecurityPolicy> csp)