Set 'ResourceRequest::requestorOrigin' in Blink.

third_party/WebKit/Source/core/loader/FrameFetchContext.cpp

Index: third_party/WebKit/Source/core/loader/FrameFetchContext.cpp
diff --git a/third_party/WebKit/Source/core/loader/FrameFetchContext.cpp b/third_party/WebKit/Source/core/loader/FrameFetchContext.cpp
index 7838ecc56c0258ad735f9755e53c7803e841bc2c..b8d4946be8cbadb94f4ebb1b8c96f0426be17503 100644
--- a/third_party/WebKit/Source/core/loader/FrameFetchContext.cpp
+++ b/third_party/WebKit/Source/core/loader/FrameFetchContext.cpp
@@ -748,6 +748,21 @@ void FrameFetchContext::addCSPHeaderIfNecessary(Resource::Type type, FetchReques
         fetchRequest.mutableResourceRequest().addHTTPHeaderField("CSP", "active");
 }
 
+void FrameFetchContext::populateRequestData(ResourceRequest& request)
+{
+    if (!m_document)
+        return;
+
+    // Subresource requests inherit their requestor origin from |m_document| directly.
+    // Top-level and nested frame types are taken care of in 'FrameLoadRequest()'.
+    // Auxiliary frame types in 'createWindow()' and 'FrameLoader::load'.
+    if (request.frameType() == WebURLRequest::FrameTypeNone && !request.requestorOrigin()) {
+        request.setRequestorOrigin(m_document->getSecurityOrigin());
+        if (m_document->getSecurityOrigin()->isUnique())
+            request.setRequestorOrigin(SecurityOrigin::create(m_document->url()));

[nasko, 2016/07/18 23:34:43]

I don't grok Blink as well, but if the document origin is unique, shouldn't we
be setting it to SecurityOrigin::createUnique()?

+    }
+}
+
 MHTMLArchive* FrameFetchContext::archive() const
 {
     ASSERT(!isMainFrame());