Updated suborigin serialization to latest spec proposal

content/browser/child_process_security_policy_impl.cc

Index: content/browser/child_process_security_policy_impl.cc
diff --git a/content/browser/child_process_security_policy_impl.cc b/content/browser/child_process_security_policy_impl.cc
index 652a7ac175420cba631376bba186834094a5d1f8..4fe230aea4fc4cb9407dc64bb93135921c486278 100644
--- a/content/browser/child_process_security_policy_impl.cc
+++ b/content/browser/child_process_security_policy_impl.cc
@@ -308,6 +308,8 @@ ChildProcessSecurityPolicyImpl::ChildProcessSecurityPolicyImpl() {
   RegisterPseudoScheme(url::kAboutScheme);
   RegisterPseudoScheme(url::kJavaScriptScheme);
   RegisterPseudoScheme(kViewSourceScheme);
+  RegisterPseudoScheme(kHttpSuboriginScheme);

[nasko, 2016/09/22 23:53:42]

I'll poke at this tomorrow, but now that we have a special method to check for
valid origin header, do we need it to be registered at all here?

[jww, 2016/09/23 04:12:44]

Fair question. My impression was that all schemes that are "used" by Chrome, but
are not web-safe, are registered as pseudo-schemes. That is, looking at the
comment before pseduo_schemes_ in child_process_security_policy_impl.h:

// These schemes do not actually represent retrievable URLs.  For example,
// the the URLs in the "about" scheme are aliases to other URLs.  This set is
// protected by |lock_|.

Which, to me, sounds like suborigin schemes.

[nasko, 2016/09/23 21:59:48]

Yeah, I poked around a bit and indeed it is a good idea to add it to the
PseudoScheme set. 

+  RegisterPseudoScheme(kHttpsSuboriginScheme);
 }
 
 ChildProcessSecurityPolicyImpl::~ChildProcessSecurityPolicyImpl() {
@@ -617,6 +619,19 @@ bool ChildProcessSecurityPolicyImpl::CanCommitURL(int child_id,
   }
 }
 
+bool ChildProcessSecurityPolicyImpl::CanSetAsOriginHeader(int child_id,
+                                                          const GURL& url) {
+  if (!url.is_valid())
+    return false;  // Can't set invalid URLs as origin headers.
+
+  // Suborigin URLs are a special case and are allowed to be an origin header.
+  if (IsPseudoScheme(url.scheme()) && (url.scheme() == kHttpSuboriginScheme ||

[nasko, 2016/09/23 21:59:47]

You technically don't need the IsPseudoScheme check here, as it is guaranteed to
return true given we added it in the constructor. Maybe just DCHECK inside the
if statement body that it returns true for either of those two.

Also, multiline if statements should use {}.

[jww, 2016/09/23 22:52:27]

Done.

+                                       url.scheme() == kHttpsSuboriginScheme))
+    return true;
+
+  return CanCommitURL(child_id, url);
+}
+
 bool ChildProcessSecurityPolicyImpl::CanReadFile(int child_id,
                                                  const base::FilePath& file) {
   return HasPermissionsForFile(child_id, file, READ_FILE_GRANT);