Allow CrossSiteDocumentClassifier to operate on Origins

content/common/cross_site_document_classifier.cc

Index: content/common/cross_site_document_classifier.cc
diff --git a/content/common/cross_site_document_classifier.cc b/content/common/cross_site_document_classifier.cc
index cc87c08d4b0b4e3da3307ebe3a1822582cda9455..7e2522e4f35ed32145fd7b497a0f1ea30f8c7b99 100644
--- a/content/common/cross_site_document_classifier.cc
+++ b/content/common/cross_site_document_classifier.cc
@@ -82,9 +82,9 @@ bool CrossSiteDocumentClassifier::IsBlockableScheme(const GURL& url) {
   return url.SchemeIs(url::kHttpScheme) || url.SchemeIs(url::kHttpsScheme);
 }
 
-bool CrossSiteDocumentClassifier::IsSameSite(const GURL& frame_origin,
+bool CrossSiteDocumentClassifier::IsSameSite(const url::Origin& frame_origin,
                                              const GURL& response_url) {
-  if (!frame_origin.is_valid() || !response_url.is_valid())
+  if (frame_origin.unique() || !response_url.is_valid())
     return false;
 
   if (frame_origin.scheme() != response_url.scheme())
@@ -93,7 +93,7 @@ bool CrossSiteDocumentClassifier::IsSameSite(const GURL& frame_origin,
   // SameDomainOrHost() extracts the effective domains (public suffix plus one)
   // from the two URLs and compare them.
   return net::registry_controlled_domains::SameDomainOrHost(
-      frame_origin, response_url,
+      response_url, frame_origin,
       net::registry_controlled_domains::INCLUDE_PRIVATE_REGISTRIES);
 }
 
@@ -102,7 +102,7 @@ bool CrossSiteDocumentClassifier::IsSameSite(const GURL& frame_origin,
 // when frame is sub.a.com and it is not allowed to access a document
 // with sub1.a.com. But under Site Isolation, it's allowed.
 bool CrossSiteDocumentClassifier::IsValidCorsHeaderSet(
-    const GURL& frame_origin,
+    const url::Origin& frame_origin,
     const GURL& website_origin,
     const std::string& access_control_origin) {
   // Many websites are sending back "\"*\"" instead of "*". This is