Add a check for mismatching URL and origin in the renderer process.

content/renderer/render_frame_impl.cc

Index: content/renderer/render_frame_impl.cc
diff --git a/content/renderer/render_frame_impl.cc b/content/renderer/render_frame_impl.cc
index 1ababbbe32c6b05884bfe936730cea01f86bd89b..0257039a662cf8a0b4703838420cfe32822bcb2c 100644
--- a/content/renderer/render_frame_impl.cc
+++ b/content/renderer/render_frame_impl.cc
@@ -4772,6 +4772,13 @@ void RenderFrameImpl::SendDidCommitProvisionalLoad(
     render_view_->SetZoomLevel(render_view_->page_zoom_level());
   }
 
+  // Standard URLs must match the reported origin, when it is not unique.
+  if (params.url.IsStandard() && !params.origin.unique() &&
+      render_view_->GetWebkitPreferences().web_security_enabled) {

[Charlie Reis, 2016/07/15 20:33:17]

Ah, good point.  We'll need to skip the check for file URLs when
prefs.allow_universal_access_from_file_urls is true, too, or we'll get a bunch
of Android WebView crash reports.  

We're basically encoding RFHI::CanCommitOrigin into here, but I think I'm ok
with that.  Maybe put a reference to that method in the comment above?

[nasko, 2016/07/15 20:56:31]

Such check added. However, all tests passed before I added it, so it indicates
that we probably have no test coverage for this :(.
 
Done. Yeah, it isn't nice, but we need it to at least diagnose the kills. We can
decide whether we want to keep it longer term later on.

+    CHECK(params.origin.IsSameOriginWith(url::Origin(params.url)))
+        << " url:" << params.url << " origin:" << params.origin;
+  }
+
   // This message needs to be sent before any of allowScripts(),
   // allowImages(), allowPlugins() is called for the new page, so that when
   // these functions send a ViewHostMsg_ContentBlocked message, it arrives