Make Document::isSecureContext() work for OOPIFs

third_party/WebKit/Source/core/dom/SecurityContext.cpp

Index: third_party/WebKit/Source/core/dom/SecurityContext.cpp
diff --git a/third_party/WebKit/Source/core/dom/SecurityContext.cpp b/third_party/WebKit/Source/core/dom/SecurityContext.cpp
index a37ff6b8230baa1b56ff5bf886d6a06243d97da4..c96466ef5ff4c57a37a3d665a7f882ae19bbc8c4 100644
--- a/third_party/WebKit/Source/core/dom/SecurityContext.cpp
+++ b/third_party/WebKit/Source/core/dom/SecurityContext.cpp
@@ -27,6 +27,7 @@
 #include "core/dom/SecurityContext.h"
 
 #include "core/frame/csp/ContentSecurityPolicy.h"
+#include "platform/weborigin/SchemeRegistry.h"
 #include "platform/weborigin/SecurityOrigin.h"
 
 namespace blink {
@@ -37,6 +38,8 @@ SecurityContext::SecurityContext()
     , m_hostedInReservedIPRange(false)
     , m_insecureRequestsPolicy(InsecureRequestsDoNotUpgrade)
     , m_enforceStrictMixedContentChecking(false)
+    , m_isPotentiallyTrustworthySandboxedOrigin(false)
+    , m_bypassSecureContextCheckForSandboxedOrigin(false)
 {
 }
 
@@ -74,9 +77,17 @@ bool SecurityContext::isSecureTransitionTo(const KURL& url) const
 
 void SecurityContext::enforceSandboxFlags(SandboxFlags mask)
 {
+    // The security origin must be set already in order to determine a sandboxed origin's potential trustworthiness.
+    ASSERT(securityOrigin());

[estark, 2016/02/23 21:45:52]

I'm not sure if this will actually work... I looked through the
enforceSandboxFlags() call sites and it looked like this was a reasonable thing
to do, and the trybots seem happy, but I'm not sure.

[Mike West, 2016/02/24 08:40:59]

This should be the case, but there might be some weirdness around `about:blank`
documents. Should already be present in layout tests, however, so if the bots
are happy, adding this ASSERT seems totally reasonable.

     m_sandboxFlags |= mask;
 
-    if (isSandboxed(SandboxOrigin) && securityOrigin() && !securityOrigin()->isUnique()) {
+    if (isSandboxed(SandboxOrigin) && !securityOrigin()->isUnique()) {
+        // Before overwriting the original origin, compute secure
+        // context properties from it. These properties are used to do
+        // secure context checks involving unique origins in remote
+        // frames.
+        m_isPotentiallyTrustworthySandboxedOrigin = securityOrigin()->isPotentiallyTrustworthy();
+        m_bypassSecureContextCheckForSandboxedOrigin = m_isPotentiallyTrustworthySandboxedOrigin && SchemeRegistry::schemeShouldBypassSecureContextCheck(securityOrigin()->protocol());
         setSecurityOrigin(SecurityOrigin::createUnique());

[Mike West, 2016/02/24 08:40:59]

Following on from above, this might look something like:

~~~
bool wasTrustworthy = securityOrigin()->isPotentiallyTrustworthy();
bool wasBypassing =
SchemeRegistry::schemeShouldBypassSecureContextCheck(securityOrigin()->protocol());
setSecurityOrigin(SecurityOrigin::createUnique());
securityOrigin()->setTrustworthynesses(wasTrustworthy, wasBypassing);
~~~

and the `Document::isSecureContextImpl` could be simplified to just use
`context->securityOrigin()->isPotentiallyTrustworthy()` throughout.

WDYT?

[estark, 2016/02/24 21:59:52]

Done.

         didUpdateSecurityOrigin();
     }