LibWeb+Browser: Add Debug menu action for toggling Same-Origin Policy

Sometimes it's useful to turn off the SOP for testing purposes.
Let's make that easy by having a Debug menu item for it. :^)

Userland/Applications/Browser/BrowserWindow.cpp

@@ -377,6 +377,15 @@ void BrowserWindow::build_menus()
     spoof_user_agent_menu.add_action(custom_user_agent);
     m_user_agent_spoof_actions.add_action(custom_user_agent);
 
+    debug_menu.add_separator();
+    auto same_origin_policy_action = GUI::Action::create_checkable(
+        "Enable Same &Origin Policy", [this](auto& action) {
+            active_tab().m_web_content_view->debug_request("same-origin-policy", action.is_checked() ? "on" : "off");
+        },
+        this);
+    same_origin_policy_action->set_checked(true);
+    debug_menu.add_action(same_origin_policy_action);
+
     auto& help_menu = add_menu("&Help");
     help_menu.add_action(WindowActions::the().about_action());
 }

Userland/Libraries/LibWeb/HTML/BrowsingContextContainer.cpp

@@ -9,6 +9,7 @@
 #include <LibWeb/HTML/BrowsingContextContainer.h>
 #include <LibWeb/Origin.h>
 #include <LibWeb/Page/BrowsingContext.h>
+#include <LibWeb/Page/Page.h>
 
 namespace Web::HTML {
 
@@ -43,6 +44,10 @@ Origin BrowsingContextContainer::content_origin() const
 
 bool BrowsingContextContainer::may_access_from_origin(const Origin& origin) const
 {
+    if (auto* page = document().page()) {
+        if (!page->is_same_origin_policy_enabled())
+            return true;
+    }
     return origin.is_same(content_origin());
 }
 

Userland/Libraries/LibWeb/Page/Page.h

@@ -56,11 +56,16 @@ public:
     Gfx::Palette palette() const;
     Gfx::IntRect screen_rect() const;
 
+    bool is_same_origin_policy_enabled() const { return m_same_origin_policy_enabled; }
+    void set_same_origin_policy_enabled(bool b) { m_same_origin_policy_enabled = b; }
+
 private:
     PageClient& m_client;
 
     RefPtr<BrowsingContext> m_top_level_browsing_context;
     WeakPtr<BrowsingContext> m_focused_context;
+
+    bool m_same_origin_policy_enabled { true };
 };
 
 class PageClient {

Userland/Libraries/LibWeb/XHR/XMLHttpRequest.cpp

@@ -18,6 +18,7 @@
 #include <LibWeb/HTML/EventNames.h>
 #include <LibWeb/Loader/ResourceLoader.h>
 #include <LibWeb/Origin.h>
+#include <LibWeb/Page/Page.h>
 #include <LibWeb/XHR/EventNames.h>
 #include <LibWeb/XHR/ProgressEvent.h>
 #include <LibWeb/XHR/XMLHttpRequest.h>
@@ -172,7 +173,11 @@ DOM::ExceptionOr<void> XMLHttpRequest::send()
     // TODO: Add support for preflight requests to support CORS requests
     Origin request_url_origin = Origin(request_url.protocol(), request_url.host(), request_url.port());
 
-    if (!m_window->associated_document().origin().is_same(request_url_origin)) {
+    bool should_enforce_same_origin_policy = true;
+    if (auto* page = m_window->page())
+        should_enforce_same_origin_policy = page->is_same_origin_policy_enabled();
+
+    if (should_enforce_same_origin_policy && !m_window->associated_document().origin().is_same(request_url_origin)) {
         dbgln("XHR failed to load: Same-Origin Policy violation: {} may not load {}", m_window->associated_document().url(), request_url);
         auto weak_this = make_weak_ptr();
         if (!weak_this)

Userland/Services/WebContent/ClientConnection.cpp

@@ -207,6 +207,10 @@ void ClientConnection::debug_request(const String& request, const String& argume
     if (request == "spoof-user-agent") {
         Web::ResourceLoader::the().set_user_agent(argument);
     }
+
+    if (request == "same-origin-policy") {
+        m_page_host->page().set_same_origin_policy_enabled(argument == "on");
+    }
 }
 
 void ClientConnection::get_source()