Use a hosted app's opener URL and not its origin to locate it.

chrome/browser/chrome_content_browser_client.cc

Index: chrome/browser/chrome_content_browser_client.cc
diff --git a/chrome/browser/chrome_content_browser_client.cc b/chrome/browser/chrome_content_browser_client.cc
index 75e2014ed3c4c0a2d987a649bcae8ce94e336ffb..38f66d7a497ffa77f78cbde258634d0890622bd1 100644
--- a/chrome/browser/chrome_content_browser_client.cc
+++ b/chrome/browser/chrome_content_browser_client.cc
@@ -1235,6 +1235,7 @@ void ChromeContentBrowserClient::CancelDesktopNotification(
 }
 
 bool ChromeContentBrowserClient::CanCreateWindow(
+    const GURL& opener_url,
     const GURL& source_origin,
     WindowContainerType container_type,
     content::ResourceContext* context,
@@ -1252,9 +1253,10 @@ bool ChromeContentBrowserClient::CanCreateWindow(
     // Note: this use of GetExtensionOrAppByURL is safe but imperfect.  It may
     // return a recently installed Extension even if this CanCreateWindow call
     // was made by an old copy of the page in a normal web process.  That's ok,
-    // because the permission check below will still fail.
+    // because the permission check below will still fail.  We must use the
+    // full URL to find hosted apps, though, and not just the origin.
     const Extension* extension = map->extensions().GetExtensionOrAppByURL(
-        ExtensionURLInfo(source_origin));
+        ExtensionURLInfo(opener_url));
     if (extension && !extension->allow_background_js_access())
       return false;