Disallow use of Web Bluetooth from cross-origin iframes.

content/browser/bluetooth/bluetooth_dispatcher_host.cc

Index: content/browser/bluetooth/bluetooth_dispatcher_host.cc
diff --git a/content/browser/bluetooth/bluetooth_dispatcher_host.cc b/content/browser/bluetooth/bluetooth_dispatcher_host.cc
index c7a2dd3c5d1d75e97a7c619156e51d6fee24e341..345e1029d6a6fd8ec331f77e1c226ad32f32d086 100644
--- a/content/browser/bluetooth/bluetooth_dispatcher_host.cc
+++ b/content/browser/bluetooth/bluetooth_dispatcher_host.cc
@@ -1137,13 +1137,18 @@ void BluetoothDispatcherHost::OnRequestDeviceImpl(
   const url::Origin embedding_origin =
       web_contents->GetMainFrame()->GetLastCommittedOrigin();
 
-  if (requesting_origin.unique()) {
-    VLOG(1) << "Request device with unique origin.";

[Jeffrey Yasskin, 2016/04/06 05:38:31]

I'm dropping the VLOG because we send the same information to the renderer's
console, and it's nice to avoid extra strings in the release build.

+  // TODO(crbug.com/518042): Enforce correctly-delegated permissions instead of
+  // matching origins. When relaxing this, take care to handle non-sandboxed
+  // unique origins.
+  if (embedding_origin != requesting_origin) {

[Mike West, 2016/04/06 06:06:59]

I'd prefer `!embedding_origin.IsSameOriginWith(requesting_origin)` here. As
noted down in origin.h, we only added `==` to make test matchers like
`EXPECT_EQ` happy, as they provide helpful output. Given the non-reflexive
behavior, I think it might be confusing for `==` to spread throughout the
codebase.

[Jeffrey Yasskin, 2016/04/06 06:17:15]

Done, thanks for the clear opinion and rationale.

     Send(new BluetoothMsg_RequestDeviceError(
         thread_id, request_id,
-        WebBluetoothError::REQUEST_DEVICE_WITH_UNIQUE_ORIGIN));
+        WebBluetoothError::REQUEST_DEVICE_FROM_CROSS_ORIGIN_IFRAME));
     return;
   }
+  // The above also excludes unique origins, which are not even same-origin with
+  // themselves.
+  DCHECK(!requesting_origin.unique());
 
   DCHECK(adapter_.get());