Clean up SecurityOrigin handling around CrossOriginAccessControl::handleRedirect()

third_party/WebKit/Source/platform/network/ResourceRequest.cpp

 /*
  * Copyright (C) 2003, 2006 Apple Computer, Inc.  All rights reserved.
  * Copyright (C) 2009, 2012 Google Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
  * 1. Redistributions of source code must retain the above copyright
  *    notice, this list of conditions and the following disclaimer.
  * 2. Redistributions in binary form must reproduce the above copyright
@@ skipping 235 matching lines @@
     m_didSetHTTPReferrer = true;
 }
 
 void ResourceRequest::clearHTTPReferrer()
 {
     m_httpHeaderFields.remove(HTTPNames::Referer);
     m_referrerPolicy = ReferrerPolicyDefault;
     m_didSetHTTPReferrer = false;
 }
 
-void ResourceRequest::setHTTPOrigin(PassRefPtr<SecurityOrigin> origin)
+void ResourceRequest::setHTTPOrigin(const SecurityOrigin* origin)
 {
     setHTTPHeaderField(HTTPNames::Origin, origin->toAtomicString());
     if (origin->hasSuborigin())
         setHTTPHeaderField(HTTPNames::Suborigin, AtomicString(origin->suborigin()->name()));
 }
 
 void ResourceRequest::clearHTTPOrigin()
 {
     m_httpHeaderFields.remove(HTTPNames::Origin);
     m_httpHeaderFields.remove(HTTPNames::Suborigin);
 }
 
-void ResourceRequest::addHTTPOriginIfNeeded(PassRefPtr<SecurityOrigin> origin)
+void ResourceRequest::addHTTPOriginIfNeeded(const SecurityOrigin* origin)
 {
     if (!httpOrigin().isEmpty())
         return; // Request already has an Origin header.
 
     // Don't send an Origin header for GET or HEAD to avoid privacy issues.
     // For example, if an intranet page has a hyperlink to an external web
     // site, we don't want to include the Origin of the request because it
     // will leak the internal host name. Similar privacy concerns have lead
     // to the widespread suppression of the Referer header at the network
     // layer.
     if (httpMethod() == HTTPNames::GET || httpMethod() == HTTPNames::HEAD)
         return;
 
     // For non-GET and non-HEAD methods, always send an Origin header so the
     // server knows we support this feature.
 
     AtomicString originString = origin->toAtomicString();
     if (originString.isEmpty()) {
         // If we don't know what origin header to attach, we attach the value
         // for an empty origin.
-        setHTTPOrigin(SecurityOrigin::createUnique());
+        setHTTPOrigin(SecurityOrigin::createUnique().get());
         return;
     }
     setHTTPOrigin(origin);
 }
 
 void ResourceRequest::clearHTTPUserAgent()
 {
     m_httpHeaderFields.remove(HTTPNames::User_Agent);
 }
 
@@ skipping 144 matching lines @@
     m_didSetHTTPReferrer = false;
     m_checkForBrowserSideNavigation = true;
     m_uiStartTime = 0;
     m_isExternalRequest = false;
     m_inputPerfMetricReportPolicy = InputToLoadPerfMetricReportPolicy::NoReport;
     m_redirectStatus = RedirectStatus::NoRedirect;
     m_requestorOrigin = SecurityOrigin::createUnique();
 }
 
 } // namespace blink