Stop initializing url::Origin in extensions OnBeforeURLRequest when not needed

chrome/browser/net/chrome_extensions_network_delegate.cc

 // Copyright 2014 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/net/chrome_extensions_network_delegate.h"
 
 #include <stdint.h>
 
 #include "base/macros.h"
 #include "extensions/features/features.h"
@@ skipping 155 matching lines @@
     net::URLRequest* request) {
   ForwardRequestStatus(REQUEST_DONE, request, profile_);
 }
 
 int ChromeExtensionsNetworkDelegateImpl::OnBeforeURLRequest(
     net::URLRequest* request,
     const net::CompletionCallback& callback,
     GURL* new_url) {
   const content::ResourceRequestInfo* info =
       content::ResourceRequestInfo::ForRequest(request);
-  GURL url(request->url());
+  const GURL& url(request->url());
 
   // Block top-level navigations to blob: or filesystem: URLs with extension
   // origin from non-extension processes.  See https://crbug.com/645028.
   //
   // TODO(alexmos): This check is redundant with the one in
   // ExtensionNavigationThrottle::WillStartRequest, which was introduced in
   // M56. This check is reintroduced temporarily to tighten this blocking for
   // apps with a "webview" permission on M55/54 (see https://crbug.com/656752).
   // It will be removed after it's merged.  Unlike the check in
   // ExtensionNavigationThrottle, this check is incompatible with PlzNavigate
   // and is disabled for that mode.
   bool is_nested_url = url.SchemeIsFileSystem() || url.SchemeIsBlob();
   bool is_navigation =
       info && content::IsResourceTypeFrame(info->GetResourceType());
-  url::Origin origin(url);
-  if (is_nested_url && is_navigation && info->IsMainFrame() &&
-      origin.scheme() == extensions::kExtensionScheme &&
-      !extension_info_map_->process_map().Contains(info->GetChildID()) &&
-      !content::IsBrowserSideNavigationEnabled()) {
-    // Relax this restriction for apps that use <webview>.  See
-    // https://crbug.com/652077.
-    const extensions::Extension* extension =
-        extension_info_map_->extensions().GetByID(origin.host());
-    bool has_webview_permission =
-        extension &&
-        extension->permissions_data()->HasAPIPermission(
-            extensions::APIPermission::kWebView);
-    // Check whether the request is coming from a <webview> guest process via
-    // ChildProcessSecurityPolicy.  A guest process should have already been
-    // granted permission to request |origin| when its WebContents was created.
-    // See https://crbug.com/656752.
-    auto* policy = content::ChildProcessSecurityPolicy::GetInstance();
-    bool from_guest =
-        policy->HasSpecificPermissionForOrigin(info->GetChildID(), origin);
-    if (!has_webview_permission || !from_guest) {
-      // TODO(alexmos): Temporary instrumentation to find any regressions for
-      // this blocking.  Remove after verifying that this is not breaking any
-      // legitimate use cases.
-      char origin_copy[256];
-      base::strlcpy(origin_copy, origin.Serialize().c_str(),
-                    arraysize(origin_copy));
-      base::debug::Alias(&origin_copy);
-      base::debug::Alias(&from_guest);
-      base::debug::DumpWithoutCrashing();
-      return net::ERR_ABORTED;
+  if (is_nested_url && is_navigation && info->IsMainFrame()) {
+    // Nested conditional so we don't always pay the GURL -> Origin conversion.
+    url::Origin origin = url::Origin(url);
+    if (origin.scheme() == extensions::kExtensionScheme &&
+        !extension_info_map_->process_map().Contains(info->GetChildID()) &&
+        !content::IsBrowserSideNavigationEnabled()) {
+      // Relax this restriction for apps that use <webview>.  See
+      // https://crbug.com/652077.
+      const extensions::Extension* extension =
+          extension_info_map_->extensions().GetByID(origin.host());
+      bool has_webview_permission =
+          extension &&
+          extension->permissions_data()->HasAPIPermission(
+              extensions::APIPermission::kWebView);
+      // Check whether the request is coming from a <webview> guest process via
+      // ChildProcessSecurityPolicy.  A guest process should have already been
+      // granted permission to request |origin| when its WebContents was
+      // created. See https://crbug.com/656752.
+      auto* policy = content::ChildProcessSecurityPolicy::GetInstance();
+      bool from_guest =
+          policy->HasSpecificPermissionForOrigin(info->GetChildID(), origin);
+      if (!has_webview_permission || !from_guest) {
+        // TODO(alexmos): Temporary instrumentation to find any regressions for
+        // this blocking.  Remove after verifying that this is not breaking any
+        // legitimate use cases.
+        char origin_copy[256];
+        base::strlcpy(origin_copy, origin.Serialize().c_str(),
+                      arraysize(origin_copy));
+        base::debug::Alias(&origin_copy);
+        base::debug::Alias(&from_guest);
+        base::debug::DumpWithoutCrashing();
+        return net::ERR_ABORTED;
+      }
     }
   }
 
   return ExtensionWebRequestEventRouter::GetInstance()->OnBeforeRequest(
       profile_, extension_info_map_.get(), request, callback, new_url);
 }
 
 int ChromeExtensionsNetworkDelegateImpl::OnBeforeStartTransaction(
     net::URLRequest* request,
     const net::CompletionCallback& callback,
@@ skipping 169 matching lines @@
 }
 
 net::NetworkDelegate::AuthRequiredResponse
 ChromeExtensionsNetworkDelegate::OnAuthRequired(
     net::URLRequest* request,
     const net::AuthChallengeInfo& auth_info,
     const AuthCallback& callback,
     net::AuthCredentials* credentials) {
   return net::NetworkDelegate::AUTH_REQUIRED_RESPONSE_NO_ACTION;
 }