fix service worker cross-origin problem in multibuffers

media/blink/resource_multibuffer_data_provider.cc

Index: media/blink/resource_multibuffer_data_provider.cc
diff --git a/media/blink/resource_multibuffer_data_provider.cc b/media/blink/resource_multibuffer_data_provider.cc
index 0acae612b9d2deeaacd1920a965d609ac91a74d8..fa29d9efe713ee7eb2972b847f2c40c1d1c1f5a7 100644
--- a/media/blink/resource_multibuffer_data_provider.cc
+++ b/media/blink/resource_multibuffer_data_provider.cc
@@ -312,6 +312,14 @@ void ResourceMultiBufferDataProvider::didReceiveResponse(
     // cause clients to start using the new UrlData.
     old_url_data->RedirectTo(destination_url_data);
   }
+
+  // This test is vital for security!

[DaleCurtis, 2016/05/10 00:16:08]

Needs unit test too then; did we lose a test from the BufferedDataSource suite?

[hubbe, 2016/05/10 22:33:23]

Turns out we missed one test (added after fork), and some of the tests were not
working as they should, fixed now.

+  const GURL& original_url = response.wasFetchedViaServiceWorker()
+                                 ? response.originalURLViaServiceWorker()
+                                 : response.url();
+  if (!url_data_->ValidateDataOrigin(original_url.GetOrigin())) {
+    url_data_->Fail();
+  }
 }
 
 void ResourceMultiBufferDataProvider::didReceiveData(WebURLLoader* loader,