GeolocationPermissionContext: only use origin from embedder url.

chrome/browser/geolocation/chrome_geolocation_permission_context.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/geolocation/chrome_geolocation_permission_context.h"
 
 #include <functional>
 #include <string>
 #include <vector>
 
 #include "base/bind.h"
+#include "base/strings/string_split.h"
 #include "base/strings/utf_string_conversions.h"
 #include "chrome/browser/content_settings/host_content_settings_map.h"
 #include "chrome/browser/content_settings/permission_request_id.h"
 #include "chrome/browser/content_settings/tab_specific_content_settings.h"
 #include "chrome/browser/extensions/extension_service.h"
 #include "chrome/browser/extensions/extension_system.h"
 #include "chrome/browser/extensions/suggest_permission_util.h"
 #include "chrome/browser/profiles/profile.h"
 #include "chrome/browser/tab_contents/tab_util.h"
 #include "chrome/common/extensions/extension.h"
@@ skipping 65 matching lines @@
     // TODO(mpcomplete): the request could be from a background page or
     // extension popup (web_contents will have a different ViewType). But why do
     // we care? Shouldn't we still put an infobar up in the current tab?
     LOG(WARNING) << "Attempt to use geolocation tabless renderer: "
                  << id.ToString()
                  << " (can't prompt user without a visible tab)";
     NotifyPermissionSet(id, requesting_frame, callback, false);
     return;
   }
 
-  GURL embedder = web_contents->GetURL();
+  GURL embedder = web_contents->GetLastCommittedURL();

[bulach, 2013/09/12 16:28:41]

.GetOrigin() ?

[Michael van Ouwerkerk, 2013/09/12 16:50:41]

Much nicer. Done.

   if (!requesting_frame.is_valid() || !embedder.is_valid()) {
     LOG(WARNING) << "Attempt to use geolocation from an invalid URL: "
                  << requesting_frame << "," << embedder
                  << " (geolocation is not supported in popups)";
     NotifyPermissionSet(id, requesting_frame, callback, false);
     return;
   }
 
+  if (embedder.has_ref()) {
+    // The ref (the hash) is not important here, and including it may cause a
+    // comparison failure later because it can change.
+    std::vector<std::string> parts;
+    base::SplitString(embedder.spec(), '#', &parts);
+    embedder = GURL(parts[0]);
+  }

[bulach, 2013/09/12 16:28:41]

see above, I think we should just use .GetOrigin() (I think we do that for the
requesting_frame at some level, right?)

[Michael van Ouwerkerk, 2013/09/12 16:50:41]

Done.

+
   DecidePermission(id, requesting_frame, embedder, callback);
 }
 
 void ChromeGeolocationPermissionContext::CancelGeolocationPermissionRequest(
     int render_process_id,
     int render_view_id,
     int bridge_id,
     const GURL& requesting_frame) {
   CancelPendingInfoBarRequest(PermissionRequestID(
       render_process_id, render_view_id, bridge_id));
@@ skipping 84 matching lines @@
         base::Bind(
             &ChromeGeolocationPermissionContext::CancelPendingInfoBarRequest,
             this, id));
      return;
   }
   DCHECK(content::BrowserThread::CurrentlyOn(content::BrowserThread::UI));
   if (shutting_down_)
     return;
   QueueController()->CancelInfoBarRequest(id);
 }