Set 'ResourceRequest::requestorOrigin' in Blink for more request types.

third_party/WebKit/Source/core/loader/FrameFetchContext.cpp

 /*
  * Copyright (C) 2013 Google Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions are
  * met:
  *
  *     * Redistributions of source code must retain the above copyright
  * notice, this list of conditions and the following disclaimer.
  *     * Redistributions in binary form must reproduce the above
@@ skipping 180 matching lines @@
 
     if (frame()->loader().loadType() == FrameLoadTypeReload)
         request.clearHTTPHeaderField("Save-Data");
 
     if (frame()->settings() && frame()->settings()->dataSaverEnabled())
         request.setHTTPHeaderField("Save-Data", "on");
 
     frame()->loader().applyUserAgent(request);
 }
 
-void FrameFetchContext::setFirstPartyForCookies(ResourceRequest& request)
-{
-    if (frame()->tree().top()->isLocalFrame())
-        request.setFirstPartyForCookies(toLocalFrame(frame()->tree().top())->document()->firstPartyForCookies());
-}
-
 CachePolicy FrameFetchContext::getCachePolicy() const
 {
     if (m_document && m_document->loadEventFinished())
         return CachePolicyVerify;
 
     FrameLoadType loadType = frame()->loader().loadType();
     if (loadType == FrameLoadTypeReloadBypassingCache)
         return CachePolicyReload;
 
     Frame* parentFrame = frame()->tree().parent();
@@ skipping 524 matching lines @@
 void FrameFetchContext::addCSPHeaderIfNecessary(Resource::Type type, FetchRequest& fetchRequest)
 {
     if (!m_document)
         return;
 
     const ContentSecurityPolicy* csp = m_document->contentSecurityPolicy();
     if (csp->shouldSendCSPHeader(type))
         fetchRequest.mutableResourceRequest().addHTTPHeaderField("CSP", "active");
 }
 
+void FrameFetchContext::populateRequestData(ResourceRequest& request)
+{
+    if (!m_document)
+        return;
+
+    if (request.firstPartyForCookies().isNull()) {
+        request.setFirstPartyForCookies(m_document
+            ? m_document->firstPartyForCookies()
+            : SecurityOrigin::urlWithUniqueSecurityOrigin());
+    }
+
+    // Subresource requests inherit their requestor origin from |m_document| directly.
+    // Top-level and nested frame types are taken care of in 'FrameLoadRequest()'.
+    // Auxiliary frame types in 'createWindow()' and 'FrameLoader::load'.
+    if (request.frameType() == WebURLRequest::FrameTypeNone && !request.requestorOrigin()) {
+        request.setRequestorOrigin(m_document->isSandboxed(SandboxOrigin)
+            ? SecurityOrigin::create(m_document->url())
+            : m_document->getSecurityOrigin());
+    }
+}
+
 MHTMLArchive* FrameFetchContext::archive() const
 {
     ASSERT(!isMainFrame());
     // TODO(nasko): How should this work with OOPIF?
     // The MHTMLArchive is parsed as a whole, but can be constructed from
     // frames in mutliple processes. In that case, which process should parse
     // it and how should the output be spread back across multiple processes?
     if (!frame()->tree().parent()->isLocalFrame())
         return nullptr;
     return toLocalFrame(frame()->tree().parent())->loader().documentLoader()->fetcher()->archive();
@@ skipping 33 matching lines @@
 }
 
 DEFINE_TRACE(FrameFetchContext)
 {
     visitor->trace(m_document);
     visitor->trace(m_documentLoader);
     FetchContext::trace(visitor);
 }
 
 } // namespace blink