Avoid using ContentBrowserClient::IsIllegalOrigin in ResourceDispatcherHost.

content/browser/loader/resource_dispatcher_host_impl.h

Index: content/browser/loader/resource_dispatcher_host_impl.h
diff --git a/content/browser/loader/resource_dispatcher_host_impl.h b/content/browser/loader/resource_dispatcher_host_impl.h
index 339daec4d5d6a909fe8f05f1e134db52e5d8a370..38ee8ede2b7b8107753cb188ff766a0e9d62079f 100644
--- a/content/browser/loader/resource_dispatcher_host_impl.h
+++ b/content/browser/loader/resource_dispatcher_host_impl.h
@@ -107,7 +107,13 @@ class CONTENT_EXPORT ResourceDispatcherHostImpl
   void SetDelegate(ResourceDispatcherHostDelegate* delegate) override;
   void SetAllowCrossOriginAuthPrompt(bool value) override;
   void ClearLoginDelegateForRequest(net::URLRequest* request) override;
-
+  void AddSchemeForAccessCheck(const std::string& scheme) override;
+  void AddProcessForOrigin(const ResourceContext* context,
+                           const std::string& origin,
+                           int process_id) override;
+  void RemoveProcessForOrigin(const ResourceContext* context,
+                              const std::string& origin,
+                              int process_id) override;
   // Puts the resource dispatcher host in an inactive state (unable to begin
   // new requests).  Cancels all pending requests.
   void Shutdown();
@@ -292,6 +298,12 @@ class CONTENT_EXPORT ResourceDispatcherHostImpl
 
   void OnRenderFrameDeleted(const GlobalFrameRoutingId& global_routing_id);
 
+  // Checks whether the child process identified by |child_process_id| is
+  // allowed to access the |origin| and returns true if not.
+  bool IsIllegalOrigin(ResourceContext* context,
+                       const GURL& origin,
+                       int child_process_id);
+
  private:
   friend class ResourceDispatcherHostTest;
 
@@ -325,6 +337,26 @@ class CONTENT_EXPORT ResourceDispatcherHostImpl
   // Map from ProcessID+RouteID pair to the "most interesting" LoadState.
   typedef std::map<GlobalRoutingID, LoadInfo> LoadInfoMap;
 
+  // Information about a web origin.
+  struct OriginAccessInfo {
+    // This structure is complicated enough for clang to require the ctors to
+    // be explicitly defined in the cc file.

[jam, 2016/08/02 17:01:46]

now that this is just one set, any reason to keep it around? i.e. why not make
ResourceContextOriginMap be a map from ResourceContext to a std::set<int>?

[ananta, 2016/08/02 22:28:28]

Done.

+    OriginAccessInfo();
+    ~OriginAccessInfo();
+    OriginAccessInfo(const OriginAccessInfo& other);
+
+    std::set<int> allowed_processes;
+  };
+
+  // Map from the origin host (std::string) to its information
+  // (OriginAccessInfo).
+  // This map is per ResourceContext.
+  typedef std::map<std::string, OriginAccessInfo> OriginAccessInfoMap;
+
+  typedef std::map<const ResourceContext*,
+                   std::unique_ptr<OriginAccessInfoMap>>
+      ResourceContextOriginMap;
+
   // ResourceLoaderDelegate implementation:
   ResourceDispatcherHostLoginDelegate* CreateLoginDelegate(
       ResourceLoader* loader,
@@ -537,6 +569,11 @@ class CONTENT_EXPORT ResourceDispatcherHostImpl
 
   CertStore* GetCertStore();
 
+  // Returns the OriginAccessInfoMap instance for the |context| passed in. This
+  // map is used to enforce access checks on web requests for some origins.
+  OriginAccessInfoMap* GetOriginAccessMapForResourceContext(
+      const ResourceContext* context);
+
   LoaderMap pending_loaders_;
 
   // Collection of temp files downloaded for child processes via
@@ -631,6 +668,14 @@ class CONTENT_EXPORT ResourceDispatcherHostImpl
   // outlive this ResourceDispatcherHostImpl.
   CertStore* cert_store_for_testing_;
 
+  // Used to check whether a request to retrieve an origin resource is allowed.
+  // This is only done for origins which are to be checked for access.
+  ResourceContextOriginMap context_origin_access_info_map_;
+
+  // This contains the set of origins we need to enforce access checks on. By
+  // default everything is allowed.
+  std::set<std::string> origins_for_access_check_;
+
   DISALLOW_COPY_AND_ASSIGN(ResourceDispatcherHostImpl);
 };