Shared Storage: Allow x-origin module script in addModule
The same-origin restriction for module script loaded by
sharedStorage.worklet.addModule() is no longer needed, so we remove
it. See WICG/shared-storage#158 and
https://groups.google.com/a/chromium.org/g/blink-dev/c/YZ4XGewKVuk.
Only cross-origin scripts loaded with createWorklet() that use the
script origin as their data origin will need the
"Shared-Storage-Cross-Origin-Worklet-Allowed: ?1" response header,
however. To differentiate between worklets that need to be
checked for this header and ones that don't, we add a new
"Sec-Shared-Storage-Data-Origin" request header with the data origin
used to the requests where the data origin is cross-origin to the
context origin. We then use this information to determine if the
"Shared-Storage-Cross-Origin-Worklet-Allowed" response header is needed.
Bug: 348660660
Change-Id: I55f7f5d6d282b679505be5f23901f26ff7d7d374
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5648386
Commit-Queue: Cammie Smith Barnes cammie@chromium.org
Reviewed-by: Andrey Kosyakov caseq@chromium.org
Reviewed-by: Brendon Tiszka tiszka@chromium.org
Reviewed-by: Tsuyoshi Horo horo@chromium.org
Reviewed-by: Yao Xiao yaoxia@chromium.org
Cr-Commit-Position: refs/heads/main@{#1332965}