Add an identity component for unique/opaque url::Origins.

third_party/WebKit/Source/platform/weborigin/SecurityOrigin.cpp

 /*
  * Copyright (C) 2007 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
  *
  * 1.  Redistributions of source code must retain the above copyright
  *     notice, this list of conditions and the following disclaimer.
  * 2.  Redistributions in binary form must reproduce the above copyright
@@ skipping 133 matching lines @@
     m_port = InvalidPort;
 
   // By default, only local SecurityOrigins can load local resources.
   m_canLoadLocalResources = isLocal();
 }
 
 SecurityOrigin::SecurityOrigin()
     : m_protocol(emptyString),
       m_host(emptyString),
       m_domain(emptyString),
+      m_uniqueID(base::UnguessableToken::Create()),
       m_port(InvalidPort),
       m_effectivePort(InvalidPort),
       m_isUnique(true),
       m_universalAccess(false),
       m_domainWasSetInDOM(false),
       m_canLoadLocalResources(false),
       m_blockLocalAccessFromLocalOrigin(false),
       m_isUniqueOriginPotentiallyTrustworthy(false) {}
 
 SecurityOrigin::SecurityOrigin(const SecurityOrigin* other)
     : m_protocol(other->m_protocol.isolatedCopy()),
       m_host(other->m_host.isolatedCopy()),
       m_domain(other->m_domain.isolatedCopy()),
       m_suborigin(other->m_suborigin),
+      m_uniqueID(other->m_uniqueID),
       m_port(other->m_port),
       m_effectivePort(other->m_effectivePort),
       m_isUnique(other->m_isUnique),
       m_universalAccess(other->m_universalAccess),
       m_domainWasSetInDOM(other->m_domainWasSetInDOM),
       m_canLoadLocalResources(other->m_canLoadLocalResources),
       m_blockLocalAccessFromLocalOrigin(
           other->m_blockLocalAccessFromLocalOrigin),
       m_isUniqueOriginPotentiallyTrustworthy(
           other->m_isUniqueOriginPotentiallyTrustworthy) {}
@@ skipping 43 matching lines @@
   return false;
 }
 
 bool SecurityOrigin::canAccess(const SecurityOrigin* other) const {
   if (m_universalAccess)
     return true;
 
   if (this == other)
     return true;
 
-  if (isUnique() || other->isUnique())
-    return false;
+  if (isUnique() || other->isUnique()) {
+    return isUnique() && other->isUnique() ? m_uniqueID == other->m_uniqueID
+                                           : false;
+  }
 
   // document.domain handling, as per
   // https://html.spec.whatwg.org/multipage/browsers.html#dom-document-domain:
   //
   // 1) Neither document has set document.domain. In this case, we insist
   //    that the scheme, host, and port of the URLs match.
   //
   // 2) Both documents have set document.domain. In this case, we insist
   //    that the documents have set document.domain to the same value and
   //    that the scheme of the URLs match. Ports do not need to match.
@@ skipping 375 matching lines @@
         utf8.data(), url::Component(0, utf8.length()), &canonOutput, &outHost);
   } else {
     *success = url::CanonicalizeHost(host.characters16(),
                                      url::Component(0, host.length()),
                                      &canonOutput, &outHost);
   }
   return String::fromUTF8(canonOutput.data(), canonOutput.length());
 }
 
 }  // namespace blink