FrameLoader::canLoad uses a Document but a SecurityOrigin would work as well and be useful in case the caller doesn't have access to a Document.
Specifically, I need this for use in a (chromium specific) loader that doesn't use a Frame.
Created attachment 30683 [details] Proposed fix.
Comment on attachment 30683 [details] Proposed fix. r=me
Committed as http://trac.webkit.org/changeset/44195