[webcrypto] Only allow crypto.subtle.* to be used from "secure origins".

Source/platform/weborigin/SecurityOrigin.h

 /*
  * Copyright (C) 2007, 2008 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
  *
  * 1.  Redistributions of source code must retain the above copyright
  *     notice, this list of conditions and the following disclaimer.
  * 2.  Redistributions in binary form must reproduce the above copyright
@@ skipping 95 matching lines @@
     // Returns true if this SecurityOrigin can receive drag content from the
     // initiator. For example, call this function before allowing content to be
     // dropped onto a target.
     bool canReceiveDragData(const SecurityOrigin* dragInitiator) const;
 
     // Returns true if |document| can display content from the given URL (e.g.,
     // in an iframe or as an image). For example, web sites generally cannot
     // display content from the user's files system.
     bool canDisplay(const KURL&) const;
 
+    // A "secure origin" as defined by [1] are those that load resources either
+    // from the local machine (necessarily trusted) or over the network from a
+    // cryptographically-authenticated server.
+    //
+    // [1] http://www.chromium.org/Home/chromium-security/security-faq#TOC-Which-origins-are-secure-
+    //
+    bool canAccessFeatureRequiringSecureOrigin() const;
+
     // Returns true if this SecurityOrigin can load local resources, such
     // as images, iframes, and style sheets, and can link to local URLs.
     // For example, call this function before creating an iframe to a
     // file:// URL.
     //
     // Note: A SecurityOrigin might be allowed to load local resources
     //       without being able to issue an XMLHttpRequest for a local URL.
     //       To determine whether the SecurityOrigin can issue an
     //       XMLHttpRequest for a URL, call canRequest(url).
     bool canLoadLocalResources() const { return m_canLoadLocalResources; }
 
     // Explicitly grant the ability to load local resources to this
     // SecurityOrigin.
     //
     // Note: This method exists only to support backwards compatibility
     //       with older versions of WebKit.
     void grantLoadLocalResources();
 
-    // Explicitly grant the ability to access very other SecurityOrigin.
+    // Explicitly grant the ability to access every other SecurityOrigin.
     //
     // WARNING: This is an extremely powerful ability. Use with caution!
     void grantUniversalAccess();
 
     bool canAccessDatabase() const { return !isUnique(); };
     bool canAccessLocalStorage() const { return !isUnique(); };
     bool canAccessSharedWorkers() const { return !isUnique(); }
     bool canAccessCookies() const { return !isUnique(); }
     bool canAccessPasswordManager() const { return !isUnique(); }
     bool canAccessFileSystem() const { return !isUnique(); }
@@ skipping 66 matching lines @@
     bool m_universalAccess;
     bool m_domainWasSetInDOM;
     bool m_canLoadLocalResources;
     bool m_enforceFilePathSeparation;
     bool m_needsDatabaseIdentifierQuirkForFiles;
 };
 
 } // namespace WebCore
 
 #endif // SecurityOrigin_h