Special-case LocalDOMWindow for same-origin access in bindings.

third_party/WebKit/Source/bindings/core/v8/BindingSecurity.cpp

Index: third_party/WebKit/Source/bindings/core/v8/BindingSecurity.cpp
diff --git a/third_party/WebKit/Source/bindings/core/v8/BindingSecurity.cpp b/third_party/WebKit/Source/bindings/core/v8/BindingSecurity.cpp
index 6b679a57f3e3e10725c1cea619cb7e9b917c8fd5..516ef4dff5498d95b703de67ff7f23e7350fcaca 100644
--- a/third_party/WebKit/Source/bindings/core/v8/BindingSecurity.cpp
+++ b/third_party/WebKit/Source/bindings/core/v8/BindingSecurity.cpp
@@ -216,10 +216,12 @@ bool BindingSecurity::shouldAllowAccessToDetachedWindow(
   CHECK(target && !target->frame())
       << "This version of shouldAllowAccessToFrame() must be used only for "
       << "detached windows.";
-  if (!target->document())
+  if (!target->isLocalDOMWindow())
     return false;
-  return canAccessFrame(accessingWindow,
-                        target->document()->getSecurityOrigin(), target,
+  Document* document = toLocalDOMWindow(target)->document();

[dcheng, 2017/02/01 07:22:59]

I am considering moving SecurityContext to DOMWindow, but it doesn't seem like
it will gain us much either. Either way, I'll investigate in a followup.

+  if (!document)
+    return false;
+  return canAccessFrame(accessingWindow, document->getSecurityOrigin(), target,
                         exceptionState);
 }