doc.write intervention warning message changed to replace cross-origin with cross site (etdl+1)

third_party/WebKit/Source/core/loader/FrameFetchContext.cpp

Index: third_party/WebKit/Source/core/loader/FrameFetchContext.cpp
diff --git a/third_party/WebKit/Source/core/loader/FrameFetchContext.cpp b/third_party/WebKit/Source/core/loader/FrameFetchContext.cpp
index 674c7b563a7d2e1bad1a90bd4378bcf1bae9137b..073344ca3e0e19b236c000647af2d8c1803064e4 100644
--- a/third_party/WebKit/Source/core/loader/FrameFetchContext.cpp
+++ b/third_party/WebKit/Source/core/loader/FrameFetchContext.cpp
@@ -82,11 +82,12 @@ namespace blink {
 namespace {
 
 void emitWarningForDocWriteScripts(const String& url, Document& document) {
-  String message = "A Parser-blocking, cross-origin script, " + url +
-                   ", is invoked via document.write. This may be blocked by "
-                   "the browser if the device has poor network connectivity. "
-                   "See https://www.chromestatus.com/feature/5718547946799104 "
-                   "for more details.";
+  String message =
+      "A Parser-blocking, cross site (i.e. different eTLD+1) script, " + url +

[jkarlin, 2016/11/29 16:19:12]

s/cross site/cross-site/

[shivanisha, 2016/12/06 18:18:08]

done

+      ", is invoked via document.write. This may be blocked by "
+      "the browser if the device has poor network connectivity. "
+      "See https://www.chromestatus.com/feature/5718547946799104 "
+      "for more details.";
   document.addConsoleMessage(
       ConsoleMessage::create(JSMessageSource, WarningMessageLevel, message));
   WTFLogAlways("%s", message.utf8().data());
@@ -135,8 +136,10 @@ bool shouldDisallowFetchForMainFrameScript(ResourceRequest& request,
   // are likely to be third party content.
   String requestHost = request.url().host();
   String documentHost = document.getSecurityOrigin()->domain();
+
+  bool sameSite = false;
   if (requestHost == documentHost)
-    return false;
+    sameSite = true;
 
   // If the hosts didn't match, then see if the domains match. For example, if
   // a script is served from static.example.com for a document served from
@@ -150,7 +153,21 @@ bool shouldDisallowFetchForMainFrameScript(ResourceRequest& request,
   // get non-empty results back from getDomainAndRegistry.
   if (!requestDomain.isEmpty() && !documentDomain.isEmpty() &&
       requestDomain == documentDomain)
+    sameSite = true;
+
+  if (sameSite) {
+    // This histogram is introduced to help decide whether we should also check
+    // same scheme while deciding not to block the script as is done in other

[jkarlin, 2016/11/29 16:19:12]

s/deciding not to block/deciding whether or not to block/

[shivanisha, 2016/12/06 18:18:08]

done.

+    // cases of "same site" usage. On the other hand we do not want to block the
+    // scripts very aggressively causing page breaks. Thus, will see the counts

[jkarlin, 2016/11/29 16:19:12]

s/the scripts very aggressively causing page breaks/more scripts than necessary/

[jkarlin, 2016/11/29 16:19:12]

Final sentence can go, that's made clear from the first sentence.

[shivanisha, 2016/12/06 18:18:08]

Done

+    // before deciding.
+    if (request.url().protocol() != document.getSecurityOrigin()->protocol()) {
+      document.loader()->didObserveLoadingBehavior(
+          WebLoadingBehaviorFlag::
+              WebLoadingBehaviorDocumentWriteBlockDifferentScheme);
+    }
     return false;
+  }
 
   emitWarningForDocWriteScripts(request.url().getString(), document);
   request.setHTTPHeaderField("Intervention",