Allow CrossSiteDocumentClassifier to operate on Origins

content/child/site_isolation_stats_gatherer.cc

 // Copyright 2015 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "content/child/site_isolation_stats_gatherer.h"
 
 #include <stddef.h>
 #include <stdint.h>
 
 #include "base/macros.h"
@@ skipping 108 matching lines @@
   // See if this is for navigation. If it is, don't block it, under the
   // assumption that we will put it in an appropriate process.
   if (IsResourceTypeFrame(resource_type))
     return nullptr;
 
   if (!CrossSiteDocumentClassifier::IsBlockableScheme(response_url))
     return nullptr;
 
   // TODO(csharrison): Add a path for IsSameSite/IsValidCorsHeaderSet to take an
   // Origin.
-  GURL frame_origin_url = frame_origin.GetURL();
-  if (CrossSiteDocumentClassifier::IsSameSite(frame_origin_url, response_url))
+  if (CrossSiteDocumentClassifier::IsSameSite(frame_origin, response_url))
     return nullptr;
 
   CrossSiteDocumentMimeType canonical_mime_type =
       CrossSiteDocumentClassifier::GetCanonicalMimeType(info.mime_type);
 
   if (canonical_mime_type == CROSS_SITE_DOCUMENT_MIME_TYPE_OTHERS)
     return nullptr;
 
   // Every CORS request should have the Access-Control-Allow-Origin header even
   // if it is preceded by a pre-flight request. Therefore, if this is a CORS
   // request, it has this header.  response.httpHeaderField() internally uses
   // case-insensitive matching for the header name.
   std::string access_control_origin;
 
   // We can use a case-insensitive header name for EnumerateHeader().
   info.headers->EnumerateHeader(NULL, "access-control-allow-origin",
                                 &access_control_origin);
   if (CrossSiteDocumentClassifier::IsValidCorsHeaderSet(
-          frame_origin_url, response_url, access_control_origin))
+          frame_origin, response_url, access_control_origin)) {
     return nullptr;
+  }
 
   // Real XSD data collection starts from here.
   std::string no_sniff;
   info.headers->EnumerateHeader(NULL, "x-content-type-options", &no_sniff);
 
   std::unique_ptr<SiteIsolationResponseMetaData> resp_data(
       new SiteIsolationResponseMetaData);
-  resp_data->frame_origin = frame_origin_url.spec();
   resp_data->response_url = response_url;
   resp_data->resource_type = resource_type;
   resp_data->canonical_mime_type = canonical_mime_type;
   resp_data->http_status_code = info.headers->response_code();
   resp_data->no_sniff = base::LowerCaseEqualsASCII(no_sniff, "nosniff");
 
   return resp_data;
 }
 
 bool SiteIsolationStatsGatherer::OnReceivedFirstChunk(
@@ skipping 86 matching lines @@
 }
 
 bool SiteIsolationStatsGatherer::SniffForJS(base::StringPiece data) {
   // The purpose of this function is to try to see if there's any possibility
   // that this data can be JavaScript (superset of JS). Search for "var " for JS
   // detection. This is a real hack and should only be used for stats gathering.
   return data.find("var ") != base::StringPiece::npos;
 }
 
 }  // namespace content