Service worker bypass for resource requests from suborigins

third_party/WebKit/Source/core/fetch/ResourceFetcher.cpp

Index: third_party/WebKit/Source/core/fetch/ResourceFetcher.cpp
diff --git a/third_party/WebKit/Source/core/fetch/ResourceFetcher.cpp b/third_party/WebKit/Source/core/fetch/ResourceFetcher.cpp
index 5ff0d0d3861a31c60532f733a76016d704734229..f1e4e28f0305003bfa5358121f0388d2476a9067 100644
--- a/third_party/WebKit/Source/core/fetch/ResourceFetcher.cpp
+++ b/third_party/WebKit/Source/core/fetch/ResourceFetcher.cpp
@@ -1032,6 +1032,14 @@ bool ResourceFetcher::startLoad(Resource* resource)
     ResourceRequest request(resource->resourceRequest());
     willSendRequest(resource->identifier(), request, ResourceResponse(), resource->options());
 
+    // Resource requests from suborigins should not be intercepted by the
+    // service worker of the physical origin. This has the effect that, for
+    // now, suborigins do not work with service workers. See
+    // https://w3c.github.io/webappsec-suborigins/.
+    SecurityOrigin* sourceOrigin = context().getSecurityOrigin();
+    if (sourceOrigin && sourceOrigin->hasSuborigin())
+        request.setSkipServiceWorker(WebURLRequest::SkipServiceWorker::All);
+
     ResourceLoader* loader = ResourceLoader::create(this, resource);
     if (resource->shouldBlockLoadEvent())
         m_loaders.add(loader);
@@ -1039,7 +1047,7 @@ bool ResourceFetcher::startLoad(Resource* resource)
         m_nonBlockingLoaders.add(loader);
 
     storeResourceTimingInitiatorInformation(resource);
-    resource->setFetcherSecurityOrigin(context().getSecurityOrigin());
+    resource->setFetcherSecurityOrigin(sourceOrigin);
     loader->start(request, context().loadingTaskRunner(), context().defersLoading());
     return true;
 }