GitLab

To be in line with other new security-relevant Web Platform features, we
only allow callers to execute Trust Tokens operations in secure
contexts. Usually, WebIDL restricts functionality to secure contexts
with the [SecureContext] extended attribute. This is how we initially
implemented the restrictions on the three Trust Tokens interfaces
(fetch, XHR, and iframe). However, this doesn't work for the fetch
interface, because the [SecureContext] extended attribute doesn't work
on dictionary members (like the `trustToken` member in
request_init.idl); instead, it silently no-ops! This change:

1. removes the useless SecureContext attribute from RequestInit;
2. adds an explicit check that a Fetch request bearing Trust Tokens
parameters is coming from a secure context, throwing a TypeError if not;
and
3. for good measure, adds tests ensuring the XHR and iframe interfaces
are only available in secure contexts, too.

R=csharrison, yhirano

Fixed: 1087200
Change-Id: If19f89251d9ab0ea16e8bb80216b5ef8d2f91b68
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2217855Reviewed-by: Yutaka Hirano <yhirano@chromium.org>
Reviewed-by: Charlie Harrison <csharrison@chromium.org>
Commit-Queue: David Van Cleve <davidvc@chromium.org>
Cr-Commit-Position: refs/heads/master@{#772702}