Switch CanAccessDataForOrigin to use DetermineProcessLockURL.

CanAccessDataForOrigin currently calls GetSiteForURL() to determine
what should be checked against the process's origin lock.  This isn't
entirely accurate, as GetSiteForURL() defaults to using effective
URLs, which we don't want to use for comparing origin locks.
Fortunately, we also pass in null for browser_context, which
effectively avoids effective URL resolution:
ChromeContentBrowserClient::GetEffectiveURL returns back the original
URL in that case.  This CL change this call to use
DetermineProcessLockForURL() instead, which is more correct.

This CL also removes a stale comment about hosted apps not being able
to set cookies.  That is no longer true, since we now lock hosted apps
to their underlying web origin, which doesn't get in the way of IO
thread enforcements.

Bug: 160576, 718516, 794315
Change-Id: I092e9bf89b3a9fc5807824bbe51d1de6589ddae3
Reviewed-on: https://chromium-review.googlesource.com/c/1276560
Commit-Queue: Alex Moshchuk <alexmos@chromium.org>
Reviewed-by: Charlie Reis <creis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#599028}
1 file changed