[shared storage] Bugfix: Check the permissions policy against the script origin
When creating or using a cross-origin worklet, the code is doing the
wrong checks via IsFeatureEnabled(...) (for all "shared-storage",
"shared-storage-select-url", and "private-aggregation"). It should
instead be policy->IsFeatureEnabledForOrigin(...) which checks against
the script origin (i.e. the worklet/data/security origin), as
specified in the spec.
We move the permissions check to after the "was addModule invoked"
check. This way, we can use a single worklet_host_ state to
track both "addModule invoked" status and "shared_storage_origin_" eligibility, reducing state management overhead. As a result:
- This also eliminates redundant checks for the
"shared-storage" permissions policy during selectURL() & run(). - We'd have to relax some assertions in WPT by not asserting the
exact error messages. This is nevertheless the desired pattern,
as the error messages are not part of the spec.
Bug: 347047842
Change-Id: I9e14810e803af20fb0b5cc7837c6b434f887ab9a
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5630917
Reviewed-by: Cammie Smith Barnes cammie@chromium.org
Commit-Queue: Cammie Smith Barnes cammie@chromium.org
Cr-Commit-Position: refs/heads/main@{#1315333}