Code like XMLHttpRequest should work on either the Document or WorkerContext. Moving SecurityOrigin into ScriptExecutionContext helps this goal.
Created attachment 25668 [details] patch for bug.
Comment on attachment 25668 [details] patch for bug. r=me It is quite sad that you have to hack around the difference between ScriptExecutionContext::setSecurityOrigin and Document::setSecurityOrigin. I think that the initDNSPrefetch() call in setSecurityOrigin() is misplaced - there are lots of things that depend on protocol in loader, but we don't eagerly initialize them all in setSecurityOrigin(), or track in Document at all.
Committed revision 38900.