Introduce 'url::Origin'.
https://docs.google.com/document/d/19NACt9PXOUTJi60klT2ZGcFlgHM5wM1Owtcw2GQOKPI/edit
describes the plan.
BUG=490074
Review URL: https://codereview.chromium.org/1224293002
Cr-Commit-Position: refs/heads/master@{#339841}
diff --git a/url/origin.h b/url/origin.h
new file mode 100644
index 0000000..15fe0ea
--- /dev/null
+++ b/url/origin.h
@@ -0,0 +1,125 @@
+// Copyright 2015 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef URL_ORIGIN_H_
+#define URL_ORIGIN_H_
+
+#include <string>
+
+#include "base/strings/string16.h"
+#include "url/scheme_host_port.h"
+#include "url/third_party/mozilla/url_parse.h"
+#include "url/url_canon.h"
+#include "url/url_constants.h"
+#include "url/url_export.h"
+
+class GURL;
+
+namespace url {
+
+// An Origin is a tuple of (scheme, host, port), as described in RFC 6454.
+//
+// TL;DR: If you need to make a security-relevant decision, use 'url::Origin'.
+// If you only need to extract the bits of a URL which are relevant for a
+// network connection, use 'url::SchemeHostPort'.
+//
+// STL;SDR: If you aren't making actual network connections, use 'url::Origin'.
+//
+// 'Origin', like 'SchemeHostPort', is composed of a tuple of (scheme, host,
+// port), but contains a number of additional concepts which make it appropriate
+// for use as a security boundary and access control mechanism between contexts.
+//
+// This class ought to be used when code needs to determine if two resources
+// are "same-origin", and when a canonical serialization of an origin is
+// required. Note that some origins are "unique", meaning that they are not
+// same-origin with any other origin (including themselves).
+//
+// There are a few subtleties to note:
+//
+// * Invalid and non-standard GURLs are parsed as unique origins. This includes
+// non-hierarchical URLs like 'data:text/html,...' and 'javascript:alert(1)'.
+//
+// * GURLs with schemes of 'filesystem' or 'blob' parse the origin out of the
+// internals of the URL. That is, 'filesystem:https://example.com/temporary/f'
+// is parsed as ('https', 'example.com', 443).
+//
+// * Unique origins all serialize to the string "null"; this means that the
+// serializations of two unique origins are identical to each other, though
+// the origins themselves are not "the same". This means that origins'
+// serializations must not be relied upon for security checks.
+//
+// * GURLs with a 'file' scheme are tricky. They are parsed as ('file', '', 0),
+// but their behavior may differ from embedder to embedder.
+//
+// * The host component of an IPv6 address includes brackets, just like the URL
+// representation.
+//
+// Usage:
+//
+// * Origins are generally constructed from an already-canonicalized GURL:
+//
+// GURL url("https://example.com/");
+// url::Origin origin(url);
+// origin.scheme(); // "https"
+// origin.host(); // "example.com"
+// origin.port(); // 443
+// origin.IsUnique(); // false
+//
+// * To answer the question "Are |this| and |that| "same-origin" with each
+// other?", use |Origin::IsSameOriginWith|:
+//
+// if (this.IsSameOriginWith(that)) {
+// // Amazingness goes here.
+// }
+class URL_EXPORT Origin {
+ public:
+ // Creates a unique Origin.
+ Origin();
+
+ // Creates an Origin from |url|, as described at
+ // https://url.spec.whatwg.org/#origin, with the following additions:
+ //
+ // 1. If |url| is invalid or non-standard, a unique Origin is constructed.
+ // 2. 'filesystem' URLs behave as 'blob' URLs (that is, the origin is parsed
+ // out of everything in the URL which follows the scheme).
+ // 3. 'file' URLs all parse as ("file", "", 0).
+ explicit Origin(const GURL& url);
+
+ ~Origin();
+
+ // For unique origins, these return ("", "", 0).
+ //
+ // TODO(mkwst): These should be 'const std::string&', along with their
+ // 'url::SchemeHostPort' analogs.
+ std::string scheme() const { return tuple_.scheme(); }
+ std::string host() const { return tuple_.host(); }
+ uint16 port() const { return tuple_.port(); }
+
+ bool unique() const { return unique_; }
+
+ // An ASCII serialization of the Origin as per Section 6.2 of RFC 6454, with
+ // the addition that all Origins with a 'file' scheme serialize to "file://".
+ std::string Serialize() const;
+
+ // Two Origins are "same-origin" if their schemes, hosts, and ports are exact
+ // matches; and neither is unique.
+ bool IsSameOriginWith(const Origin& other) const;
+
+ // Allows SchemeHostPort to used as a key in STL (for example, a std::set or
+ // std::map).
+ bool operator<(const Origin& other) const;
+
+ private:
+ SchemeHostPort tuple_;
+ bool unique_;
+
+ DISALLOW_COPY_AND_ASSIGN(Origin);
+};
+
+URL_EXPORT std::ostream& operator<<(std::ostream& out,
+ const Origin& origin);
+
+} // namespace url
+
+#endif // URL_SCHEME_HOST_PORT_H_