From a1de15498dac4be02756f01c050e18ac98221c59 Mon Sep 17 00:00:00 2001
From: Linus Groh <mail@linusgroh.de>
Date: Mon, 31 Oct 2022 18:04:11 +0000
Subject: [PATCH] LibWeb: Use proper origins in
 Request::has_redirect_tainted_origin()

URL::url_origin() is a globally available function now, so let's use it!
---
 .../Libraries/LibWeb/Fetch/Infrastructure/HTTP/Requests.cpp | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/Userland/Libraries/LibWeb/Fetch/Infrastructure/HTTP/Requests.cpp b/Userland/Libraries/LibWeb/Fetch/Infrastructure/HTTP/Requests.cpp
index db48d0a9ca..64017d1334 100644
--- a/Userland/Libraries/LibWeb/Fetch/Infrastructure/HTTP/Requests.cpp
+++ b/Userland/Libraries/LibWeb/Fetch/Infrastructure/HTTP/Requests.cpp
@@ -159,9 +159,11 @@ bool Request::has_redirect_tainted_origin() const
         }
 
         // 2. If url’s origin is not same origin with lastURL’s origin and request’s origin is not same origin with lastURL’s origin, then return true.
-        // FIXME: Actually use the given origins once we have https://url.spec.whatwg.org/#concept-url-origin.
-        if (!HTML::Origin().is_same_origin(HTML::Origin()) && HTML::Origin().is_same_origin(HTML::Origin()))
+        auto const* request_origin = m_origin.get_pointer<HTML::Origin>();
+        if (!URL::url_origin(url).is_same_origin(URL::url_origin(*last_url))
+            && (request_origin == nullptr || !request_origin->is_same_origin(URL::url_origin(*last_url)))) {
             return true;
+        }
 
         // 3. Set lastURL to url.
         last_url = url;