Created attachment 644498 [details] [diff] [review]
Jonas suggests we make it easy for channels on the parent to get the ExtendedOrigin while keeping the code centralized. I saw 3 ways of doing it
1) Having nsNetUtil (or other necko code) call into nsScriptSecurityManager::GetExtendedOrigin. But necko doesn't currently know about nsScriptSecurityManager, and biesi is not happy about changing that.
2) moving the logic from nsScriptSecurityManager::GetExtendedOrigin to nsNetUtil.h. Mounir is opposed on the principle that this is security code, not necko logic. And there are some nsScriptSecurityManager constants that the method uses, so we'd still have to include nsScriptSecurityManager.h, or dupe the constant definitions.
3) Adding a GetExtendedOrigin method to nsILoadContext (it can't be an attribute, as it needs to take a Channel/URI for the origin). We've already got the infrastructure to send nsILoadContext fields across IPDL to the parent (to this will be another string across the wire). Biesi seems to prefer this. And that's what this patch does. (minus the IPDL parts--that patch would be a separate bug)
Created attachment 644535 [details] [diff] [review]
v2: pass URI instead of channel
Turns out nsIWebSocket is not an nsIChannel, so this needs to take the URI directly.
Created attachment 644536 [details] [diff] [review]
v3: forgot to run qref