[Partitioned Popins] Limit cross-origin popin opener access
This CL mirrors the COOP restrict-properties work to prevent the use of
the opener proxy for/by a popin for any actions other than
postMessage() or closed.
The difference between
https://chromium-review.googlesource.com/c/chromium/src/+/5800429
and this CL is that enforcement is limited here to cross-origin cases.
There will be enforcement of same-origin cases in a future CL, but we
will not enforce it as a security boundary (independent process) for
now.
All of this work is behind an experimental flag "PartitionedPopins"
so will not be enabled by default.
Explainer: https://explainers-by-googlers.github.io/partitioned-popins/
I2P: https://groups.google.com/a/chromium.org/g/blink-dev/c/ApU_zUmpQ2g/
Bug: 340606651
Change-Id: I5a852fc2f598e311142a25a434656592fe9185a3
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5854082
Auto-Submit: Ari Chivukula arichiv@chromium.org
Reviewed-by: Daniel Cheng dcheng@chromium.org
Reviewed-by: Rakina Zata Amni rakina@chromium.org
Commit-Queue: Rakina Zata Amni rakina@chromium.org
Cr-Commit-Position: refs/heads/main@{#1354277}