-
Hiroki Nakagawa authored
This CL does 2 things: (1) The Worklet spec defines WorkletGlobalScope must have a unique opaque origin: "3. Let origin be a unique opaque origin." https://drafts.css-houdini.org/worklets/#script-settings-for-worklets However, our current impl doesn't obey this requirement. PaintWorklet inherits its owner document's SecurityOrigin. AnimationWorklet and AudioWorklet create a SecurityOrigin based on their script URL. This CL replaces them with SecurityOrigin::CreateUnique(). (2) Our current impl checks CORS etc based on ExecutionContext's SecurityOrigin associated with Modulator. For Worklets, these are WorkletGlobalScope and WorkletModulatorImpl. However, Worklets need to fetch their scripts as sub-resources of the owner Document, so the security checks are conducted based on the owner Document's SecurityOrigin. After changes for (1), SecurityOrigin is a unique opaque origin and it fails a bunch of tests because of CORS check failures. To fix this, WorkletModulatorImpl overrides GetSecurityOrigin() to provide the owner Document's SecurityOrigin for module fetch. Bug: 773772, 773778 Change-Id: I451999ef09b943c480e907e6536ca8819f446d5b Reviewed-on: https://chromium-review.googlesource.com/714499 Commit-Queue: Hiroki Nakagawa <nhiroki@chromium.org> Reviewed-by:
Kouhei Ueno <kouhei@chromium.org> Reviewed-by:
Kentaro Hara <haraken@chromium.org> Reviewed-by:
Kinuko Yasuda <kinuko@chromium.org> Cr-Commit-Position: refs/heads/master@{#509328}
e5065d6e
