Make Document::isSecureContext() work for OOPIFs

third_party/WebKit/Source/core/dom/Document.cpp

Index: third_party/WebKit/Source/core/dom/Document.cpp
diff --git a/third_party/WebKit/Source/core/dom/Document.cpp b/third_party/WebKit/Source/core/dom/Document.cpp
index 9fabc5b700e4ae18d4361e5fd2a787e9f44c01cd..0d3bd26d83fe1e31ab4580bdb2555296373387a0 100644
--- a/third_party/WebKit/Source/core/dom/Document.cpp
+++ b/third_party/WebKit/Source/core/dom/Document.cpp
@@ -3389,10 +3389,12 @@ bool Document::isSecureContextImpl(String* errorMessage, const SecureContextChec
     // In all cases, a frame must be potentially trustworthy in addition to
     // having an exception listed in order for the exception to be granted.
     if (SecurityContext::isSandboxed(SandboxOrigin)) {
-        RefPtr<SecurityOrigin> origin = SecurityOrigin::create(url());
-        if (!isOriginPotentiallyTrustworthy(origin.get(), errorMessage))
+        if (!SecurityContext::isPotentiallyTrustworthySandboxedOrigin()) {
+            if (errorMessage)
+                *errorMessage = securityOrigin()->isPotentiallyTrustworthyErrorMessage();
             return false;
-        if (SchemeRegistry::schemeShouldBypassSecureContextCheck(origin->protocol()))
+        }
+        if (SecurityContext::bypassSecureContextCheckForSandboxedOrigin())
             return true;
     } else {
         if (!isOriginPotentiallyTrustworthy(securityOrigin(), errorMessage))
@@ -3402,21 +3404,21 @@ bool Document::isSecureContextImpl(String* errorMessage, const SecureContextChec
     }
 
     if (privilegeContextCheck == StandardSecureContextCheck) {
-        Document* context = parentDocument();
-        while (context) {
-            // Skip to the next ancestor if it's a srcdoc.
-            if (!context->isSrcdocDocument()) {
-                if (context->securityContext().isSandboxed(SandboxOrigin)) {
-                    // For a sandboxed origin, use the document's URL.
-                    RefPtr<SecurityOrigin> origin = SecurityOrigin::create(context->url());
-                    if (!isOriginPotentiallyTrustworthy(origin.get(), errorMessage))
-                        return false;
-                } else {
-                    if (!isOriginPotentiallyTrustworthy(context->securityOrigin(), errorMessage))
-                        return false;
+        if (!m_frame)
+            return true;
+        Frame* parent = m_frame->tree().parent();
+        while (parent) {
+            if (parent->securityContext()->isSandboxed(SandboxOrigin)) {
+                if (!parent->securityContext()->isPotentiallyTrustworthySandboxedOrigin()) {
+                    if (errorMessage)
+                        *errorMessage = parent->securityContext()->securityOrigin()->isPotentiallyTrustworthyErrorMessage();
+                    return false;
                 }
+            } else {
+                if (!isOriginPotentiallyTrustworthy(parent->securityContext()->securityOrigin(), errorMessage))
+                    return false;
             }
-            context = context->parentDocument();
+            parent = parent->tree().parent();
         }
     }
     return true;
@@ -4898,6 +4900,9 @@ void Document::initSecurityContext(const DocumentInit& initializer)
     // In the common case, create the security context from the currently
     // loading URL with a fresh content security policy.
     m_cookieURL = m_url;
+    // Set the origin initially based on the URL. enforceSandboxFlags()
+    // will adjust it to be a unique origin if necessary.
+    setSecurityOrigin(SecurityOrigin::create(m_url));
     enforceSandboxFlags(initializer.sandboxFlags());
     if (initializer.shouldEnforceStrictMixedContentChecking())
         enforceStrictMixedContentChecking();
@@ -4906,7 +4911,6 @@ void Document::initSecurityContext(const DocumentInit& initializer)
         for (auto toUpgrade : *initializer.insecureNavigationsToUpgrade())
             addInsecureNavigationUpgrade(toUpgrade);
     }
-    setSecurityOrigin(isSandboxed(SandboxOrigin) ? SecurityOrigin::createUnique() : SecurityOrigin::create(m_url));
 
     if (importsController()) {
         // If this document is an HTML import, grab a reference to it's master document's Content
@@ -4952,9 +4956,12 @@ void Document::initSecurityContext(const DocumentInit& initializer)
 
     if (isSandboxed(SandboxOrigin)) {
         // If we're supposed to inherit our security origin from our owner,
-        // but we're also sandboxed, the only thing we inherit is the ability
-        // to load local resources. This lets about:blank iframes in file://
+        // but we're also sandboxed, the only things we inherit are the
+        // potential trustworthiness of the origin and the ability to
+        // load local resources. This lets about:blank iframes in file://
         // URL documents load images and other resources from the file system.
+        if (initializer.owner()->isPotentiallyTrustworthySandboxedOrigin() || initializer.owner()->securityOrigin()->isPotentiallyTrustworthy())
+            setIsPotentiallyTrustworthySandboxedOrigin();
         if (initializer.owner()->securityOrigin()->canLoadLocalResources())
             securityOrigin()->grantLoadLocalResources();
         return;