Fix cross origin check when deciding to show the HTTP auth interstitial.

chrome/browser/ui/login/login_prompt.cc

Index: chrome/browser/ui/login/login_prompt.cc
diff --git a/chrome/browser/ui/login/login_prompt.cc b/chrome/browser/ui/login/login_prompt.cc
index 53f68a7b4a8f518502bdf7c005e1aaa274b15769..60283b6da965f721f47d3332af854ce2aefd87d1 100644
--- a/chrome/browser/ui/login/login_prompt.cc
+++ b/chrome/browser/ui/login/login_prompt.cc
@@ -509,8 +509,15 @@ void LoginDialogCallback(const GURL& request_url,
     return;
   }
 
+  // Check if the request is cross origin. There are two different ways it can

[Peter Kasting, 2014/08/06 01:07:54]

Nit: "it can be cross origin" -> "the navigation can occur"

[meacer, 2014/08/06 17:36:49]

Done.

+  // be cross origin:
+  // 1- The user enters the resource URL in the omnibox.

[nasko, 2014/08/06 10:17:36]

nit: This will not be true once site isolation is enabled, as any navigation
could cause a cross-process swap, including link clicks. It will only happen for
sites that are opted into isolation though. Not sure if it is worth changing the
comment, just pointing it out.

[meacer, 2014/08/06 17:36:49]

I added your description as a note to the end.

+  // 2- The page redirects to the resource.
+  // In both cases, the last committed URL is different than the resource URL,
+  // so checking it is sufficient.
   if (is_main_frame &&
-      parent_contents->GetVisibleURL().GetOrigin() != request_url.GetOrigin()) {
+      parent_contents->GetLastCommittedURL().GetOrigin() !=
+          request_url.GetOrigin()) {
     // Show a blank interstitial for main-frame, cross origin requests
     // so that the correct URL is shown in the omnibox.
     base::Closure callback = base::Bind(&ShowLoginPrompt,