Index: third_party/WebKit/Source/platform/weborigin/SecurityOrigin.cpp |
diff --git a/third_party/WebKit/Source/platform/weborigin/SecurityOrigin.cpp b/third_party/WebKit/Source/platform/weborigin/SecurityOrigin.cpp |
index d7c0ccb1c6342a0800288451fa01992ed5f4c2aa..f32b4f960f33ae02a0145b2b122959cfba922934 100644 |
--- a/third_party/WebKit/Source/platform/weborigin/SecurityOrigin.cpp |
+++ b/third_party/WebKit/Source/platform/weborigin/SecurityOrigin.cpp |
@@ -151,6 +151,7 @@ SecurityOrigin::SecurityOrigin() |
: m_protocol(emptyString), |
m_host(emptyString), |
m_domain(emptyString), |
+ m_uniqueID(base::UnguessableToken::Create()), |
m_port(InvalidPort), |
m_effectivePort(InvalidPort), |
m_isUnique(true), |
@@ -165,6 +166,7 @@ SecurityOrigin::SecurityOrigin(const SecurityOrigin* other) |
m_host(other->m_host.isolatedCopy()), |
m_domain(other->m_domain.isolatedCopy()), |
m_suborigin(other->m_suborigin), |
+ m_uniqueID(other->m_uniqueID), |
m_port(other->m_port), |
m_effectivePort(other->m_effectivePort), |
m_isUnique(other->m_isUnique), |
@@ -228,8 +230,10 @@ bool SecurityOrigin::canAccess(const SecurityOrigin* other) const { |
if (this == other) |
return true; |
- if (isUnique() || other->isUnique()) |
- return false; |
+ if (isUnique() || other->isUnique()) { |
+ return isUnique() && other->isUnique() ? m_uniqueID == other->m_uniqueID |
+ : false; |
+ } |
// document.domain handling, as per |
// https://html.spec.whatwg.org/multipage/browsers.html#dom-document-domain: |