Validate params.origin in the browser process at commit time.

content/browser/frame_host/render_frame_host_impl.h

Index: content/browser/frame_host/render_frame_host_impl.h
diff --git a/content/browser/frame_host/render_frame_host_impl.h b/content/browser/frame_host/render_frame_host_impl.h
index bf8bac3e2558069d78174ae44fcec164baed616f..e9f7d2841eac33882c71b425e380810fd9438ab5 100644
--- a/content/browser/frame_host/render_frame_host_impl.h
+++ b/content/browser/frame_host/render_frame_host_impl.h
@@ -677,6 +677,13 @@ class CONTENT_EXPORT RenderFrameHostImpl : public RenderFrameHost,
   // it will be used to kill processes that commit unauthorized URLs.
   bool CanCommitURL(const GURL& url);
 
+  // Returns whether the given origin is allowed to commit in the current
+  // RenderFrameHost. The |url| is used to ensure it matches the origin in cases
+  // where it is applicable. This is a more conservative check than
+  // RenderProcessHost::FilterURL, since it will be used to kill processes that
+  // commit unauthorized origins.
+  bool CanCommitOrigin(const url::Origin& origin, const GURL& url);
+
   // Asserts that the given RenderFrameHostImpl is part of the same browser
   // context (and crashes if not), then returns whether the given frame is
   // part of the same site instance.