Check the response URL origin in BufferedDataSource to avoid mixing cross-origin responses.

In current implementation malicious attackers can scan the bytes of cross-origin resources by mixing their generated bytes and the target response.
See http://crbug.com/489060#c32 for details.

To avoid this, we have to deny mixing cross-origin responses  in the middle of playback.
This CL introduces the check logic of the response URL origin of the partial responses.

When BufferedDataSource receives the first HTTP responses, it remembers the original URL of it.
And when BufferedDataSource receives the succeeding response, it checks the origin of the new response.
If the origin is not same as the origin of the first response, the response is treated as an error.

BUG=505829
TEST=media_blink_unittests with https://codereview.chromium.org/1221973002/, LayoutTests in https://codereview.chromium.org/1226473002/

Review URL: https://codereview.chromium.org/1220963004

Cr-Commit-Position: refs/heads/master@{#338620}
7 files changed