Merge SecurityOrigin::canAccessCheckSuborigins into canAccess

third_party/WebKit/Source/platform/weborigin/SecurityOrigin.h

 /*
  * Copyright (C) 2007, 2008 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
  *
  * 1.  Redistributions of source code must retain the above copyright
  *     notice, this list of conditions and the following disclaimer.
  * 2.  Redistributions in binary form must reproduce the above copyright
@@ skipping 84 matching lines @@
 
   // Returns true if a given URL is secure, based either directly on its
   // own protocol, or, when relevant, on the protocol of its "inner URL"
   // Protocols like blob: and filesystem: fall into this latter category.
   static bool isSecure(const KURL&);
 
   // Returns true if this SecurityOrigin can script objects in the given
   // SecurityOrigin. For example, call this function before allowing
   // script from one security origin to read or write objects from
   // another SecurityOrigin.
+  //
+  // This takes suborigins into account.
   bool canAccess(const SecurityOrigin*) const;
 
-  // Same as canAccess, except that it adds an additional check to make sure
-  // that the SecurityOrigins have the same suborigin name. If you're not
-  // familiar with Suborigins, you probably want canAccess() for now.
-  // Suborigins is a spec in progress, and where it should be enforced is
-  // still in flux. See https://crbug.com/336894 for more details.
-  //
-  // TODO(jww): Once the Suborigin spec has become more settled, and we are
-  // confident in the correctness of our implementation, canAccess should be
-  // made to check the suborigin and this should be turned into
-  // canAccessBypassSuborigin check, which should be the exceptional case.
-  bool canAccessCheckSuborigins(const SecurityOrigin*) const;
-
   // Returns true if this SecurityOrigin can read content retrieved from
   // the given URL. For example, call this function before issuing
   // XMLHttpRequests.
   bool canRequest(const KURL&) const;
 
   // Same as canRequest, except that it adds an additional check to make sure
-  // that the SecurityOrigin does not have a suborigin name. Like with
-  // canAccessCheckSuborigins() above, if you're not familiar with
-  // Suborigins, you probably want canRequest() for now. Suborigins is a spec
-  // in progress, and where it should be enforced is still in flux. See
-  // https://crbug.com/336894 for more details.
+  // that the SecurityOrigin does not have a suborigin name. If you're not
+  // familiar with Suborigins, you probably want canRequest() for now.
+  // Suborigins is a spec in progress, and where it should be enforced is still
+  // in flux. See https://crbug.com/336894 for more details.
   //
   // TODO(jww): Once the Suborigin spec has become more settled, and we are
   // confident in the correctness of our implementation, canRequest should be
   // made to check the suborigin and this should be turned into
   // canRequestBypassSuborigin check, which should be the exceptional case.
   bool canRequestNoSuborigin(const KURL&) const;
 
   // Returns true if drawing an image from this URL taints a canvas from
   // this security origin. For example, call this function before
   // drawing an image onto an HTML canvas element with the drawImage API.
@@ skipping 167 matching lines @@
   bool m_universalAccess;
   bool m_domainWasSetInDOM;
   bool m_canLoadLocalResources;
   bool m_blockLocalAccessFromLocalOrigin;
   bool m_isUniqueOriginPotentiallyTrustworthy;
 };
 
 }  // namespace blink
 
 #endif  // SecurityOrigin_h