[webcrypto] Only allow crypto.subtle.* to be used from "secure origins".

Source/platform/weborigin/SecurityOrigin.cpp

Index: Source/platform/weborigin/SecurityOrigin.cpp
diff --git a/Source/platform/weborigin/SecurityOrigin.cpp b/Source/platform/weborigin/SecurityOrigin.cpp
index 652560af325dcf8ba1f0ae4a4f97b609654b7ef5..2dbee60a5f0ca3b1ae9f6e720e5d1d11a9246370 100644
--- a/Source/platform/weborigin/SecurityOrigin.cpp
+++ b/Source/platform/weborigin/SecurityOrigin.cpp
@@ -375,6 +375,21 @@ bool SecurityOrigin::canDisplay(const KURL& url) const
     return true;
 }
 
+bool SecurityOrigin::canAccessFeatureRequiringSecureOrigin() const
+{
+    if (isLocal())
+        return true;
+
+    if (SchemeRegistry::shouldTreatURLSchemeAsSecure(m_protocol))
+        return true;
+
+    // FIXME: According to http://www.chromium.org/Home/chromium-security/security-faq#TOC-Which-origins-are-secure- should match all of 127/8 and ::1/8

[palmer, 2014/05/24 01:44:30]

Should be ::1/128. Also provide a reference to
https://code.google.com/p/chromium/issues/detail?id=362214 — I'll resolve the
FIXME as part of that.

+    if (m_protocol != "" && !m_domainWasSetInDOM && (m_domain == "localhost" || m_domain == "127.0.0.1" || m_domain == "[::1]"))
+        return true;
+
+    return false;
+}
+
 SecurityOrigin::Policy SecurityOrigin::canShowNotifications() const
 {
     if (m_universalAccess)