We should move shouldInheritSecurityOriginFromOwner from URL to SecurityOrigin to keep the URL class free of policy decisions and the notion of origins.
I suggest that we move URL::shouldInheritSecurityOriginFromOwner() back to Document because it implements the origin inheritance policy for Document objects per section Origin of the HTML5 spec., <https://html.spec.whatwg.org/multipage/browsers.html#origin> (8 July 2016). This policy is only applicable to Documents.
Created attachment 283186 [details] Patch
Although Darin Adler suggested that in comment 22, bug 158855 that we move shouldInheritSecurityOriginFromOwner() to SecurityOrigin.h, I choose to move it to Document because the policy shouldInheritSecurityOriginFromOwner() implements is only applicable to Document objects by <https://html.spec.whatwg.org/multipage/browsers.html#origin> and this function is only used in Document.cpp (as expected given that it is only applicable to Document objects).
It definitely shouldn't be in URL
Comment on attachment 283186 [details] Patch Clearing flags on attachment: 283186 Committed r203013: <http://trac.webkit.org/changeset/203013>
All reviewed patches have been landed. Closing bug.