Remove WebFrame::canHaveSecureChild

content/child/service_worker/service_worker_network_provider.cc

 // Copyright 2014 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "content/child/service_worker/service_worker_network_provider.h"
 
 #include "base/atomic_sequence_num.h"
 #include "content/child/child_thread_impl.h"
 #include "content/child/service_worker/service_worker_provider_context.h"
 #include "content/common/navigation_params.h"
 #include "content/common/service_worker/service_worker_messages.h"
 #include "content/common/service_worker/service_worker_utils.h"
 #include "content/public/common/browser_side_navigation_policy.h"
+#include "third_party/WebKit/public/platform/WebSecurityOrigin.h"
 #include "third_party/WebKit/public/web/WebLocalFrame.h"
 #include "third_party/WebKit/public/web/WebSandboxFlags.h"
 
 namespace content {
 
 namespace {
 
 const char kUserDataKey[] = "SWProviderKey";
 
 // Must be unique in the child process.
 int GetNextProviderId() {
   static base::StaticAtomicSequenceNumber sequence;
   return sequence.GetNext();  // We start at zero.
 }
 
+// Returns whether it's possible for a document whose frame is a descendant of
+// |frame| to be a secure context, not considering scheme exceptions (since any
+// document can be a secure context if it has a scheme exception). See
+// Document::isSecureContextImpl for more details.
+bool IsFrameSecure(blink::WebFrame* frame) {
+  while (frame) {
+    if (!frame->getSecurityOrigin().isPotentiallyTrustworthy())
+      return false;
+    frame = frame->parent();
+  }
+  return true;
+}
+
 }  // namespace
 
 void ServiceWorkerNetworkProvider::AttachToDocumentState(
     base::SupportsUserData* datasource_userdata,
     std::unique_ptr<ServiceWorkerNetworkProvider> network_provider) {
   datasource_userdata->SetUserData(&kUserDataKey, network_provider.release());
 }
 
 ServiceWorkerNetworkProvider* ServiceWorkerNetworkProvider::FromDocumentState(
     base::SupportsUserData* datasource_userdata) {
@@ skipping 32 matching lines @@
          blink::WebSandboxFlags::Origin);
   }
 
   // Now create the ServiceWorkerNetworkProvider (with invalid id if needed).
   if (should_create_provider_for_window) {
     // Ideally Document::isSecureContext would be called here, but the document
     // is not created yet, and due to redirects the URL may change. So pass
     // is_parent_frame_secure to the browser process, so it can determine the
     // context security when deciding whether to allow a service worker to
     // control the document.
-    bool is_parent_frame_secure =
-        !frame->parent() || frame->parent()->canHaveSecureChild();
+    const bool is_parent_frame_secure = IsFrameSecure(frame->parent());
 
     if (service_worker_provider_id == kInvalidServiceWorkerProviderId) {
       network_provider = std::unique_ptr<ServiceWorkerNetworkProvider>(
           new ServiceWorkerNetworkProvider(route_id,
                                            SERVICE_WORKER_PROVIDER_FOR_WINDOW,
                                            is_parent_frame_secure));
     } else {
       CHECK(browser_side_navigation);
       DCHECK(ServiceWorkerUtils::IsBrowserAssignedProviderId(
           service_worker_provider_id));
@@ skipping 54 matching lines @@
     return;  // May be null in some tests.
   ChildThreadImpl::current()->Send(
       new ServiceWorkerHostMsg_SetVersionId(provider_id_, version_id));
 }
 
 bool ServiceWorkerNetworkProvider::IsControlledByServiceWorker() const {
   return context() && context()->controller();
 }
 
 }  // namespace content