[Backport] Correctly handle blob:file:///... URIs in SiteInstance::GetSiteForURL.

file URIs should map to "file:///" site.  The same site needs to also
be used for blob:file:///... URIs - this is what is fixed by this CL.

Bug: 697111
Change-Id: I03627c134d58a47e824eac593939385790aae5f2
Reviewed-on: https://chromium-review.googlesource.com/953129
Reviewed-by: Michael Brüning <michael.bruning@qt.io>

2 files changed, 15 insertions, 5 deletions

diff --git a/chromium/content/browser/site_instance_impl.cc b/chromium/content/browser/site_instance_impl.cc
index d961143bbf8..357894a1d48 100644
--- a/chromium/content/browser/site_instance_impl.cc
+++ b/chromium/content/browser/site_instance_impl.cc
@@ -406,10 +406,8 @@ GURL SiteInstance::GetSiteForURL(BrowserContext* browser_context,
   // origin lookup.
   auto* policy = ChildProcessSecurityPolicyImpl::GetInstance();
   url::Origin isolated_origin;
-  if (policy->GetMatchingIsolatedOrigin(url::Origin::Create(url),
-                                        &isolated_origin)) {
+  if (policy->GetMatchingIsolatedOrigin(origin, &isolated_origin))
     return isolated_origin.GetURL();
-  }
 
   // If the url has a host, then determine the site.  Skip file URLs to avoid a
   // situation where site URL of file://localhost/ would mismatch Blink's origin
@@ -427,11 +425,16 @@ GURL SiteInstance::GetSiteForURL(BrowserContext* browser_context,
 
   // If there is no host but there is a scheme, return the scheme.
   // This is useful for cases like file URLs.
-  if (url.has_scheme())
+  if (!origin.unique()) {
+    // Prefer to use the scheme of |origin| rather than |url|, to correctly
+    // cover blob: and filesystem: URIs (see also https://crbug.com/697111).
+    DCHECK(origin.GetURL().has_scheme()) << origin;
+    return GURL(origin.GetURL().scheme() + ":");
+  } else if (url.has_scheme())
     return GURL(url.scheme() + ":");
 
   // Otherwise the URL should be invalid; return an empty site.
-  DCHECK(!url.is_valid());
+  DCHECK(!url.is_valid()) << url;
   return GURL();
 }
 
diff --git a/chromium/content/browser/site_instance_impl_unittest.cc b/chromium/content/browser/site_instance_impl_unittest.cc
index 774bf722f81..4297915e09f 100644
--- a/chromium/content/browser/site_instance_impl_unittest.cc
+++ b/chromium/content/browser/site_instance_impl_unittest.cc
@@ -361,6 +361,13 @@ TEST_F(SiteInstanceTest, GetSiteForURL) {
   site_url = SiteInstanceImpl::GetSiteForURL(nullptr, test_url);
   EXPECT_EQ(GURL("gopher://chromium.org"), site_url);
 
+  // Blob URLs with file origin also extract the site from the origin.
+  test_url = GURL("blob:file:///1029e5a4-2983-4b90-a585-ed217563acfeb");
+  site_url = SiteInstanceImpl::GetSiteForURL(nullptr, test_url);
+  EXPECT_EQ(GURL("file:"), site_url);
+  EXPECT_EQ("file", site_url.scheme());
+  EXPECT_FALSE(site_url.has_host());
+
   // Private domains are preserved, appspot being such a site.
   test_url = GURL(
       "blob:http://www.example.appspot.com:44/"