Enable SiteIsolationEnforcementForFileSystemApi feature by default.

As described in https://crbug.com/917457#c17 enabling the feature should
not cause any issues in the wild.  At the same time, enabling the
feature should make a significant improvement in the protections that
Chrome offers against compromised renderers.

Bug: 917457
Change-Id: I53856a9f3a9851b5907c5805ce0544a56b7eb87b
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2350881Reviewed-by: Nasko Oskov <nasko@chromium.org>
Reviewed-by: Marijn Kruisselbrink <mek@chromium.org>
Commit-Queue: Marijn Kruisselbrink <mek@chromium.org>
Auto-Submit: Łukasz Anforowicz <lukasza@chromium.org>
Cr-Commit-Position: refs/heads/master@{#798414}

content/public/common/content_features.cc

@@ -627,14 +627,9 @@ const base::Feature kSmsReceiver{"SmsReceiver",
 // Controls whether Site Isolation protects against spoofing of origin in
 // mojom::FileSystemManager::Open IPC from compromised renderer processes.  See
 // also https://crbug.com/917457.
-//
-// TODO(lukasza, nasko): Make that feature below enabled by default, after
-// coordinating with the remaining consumers of PPAPI.  This should be possible
-// at the end of 2020, when most PPAPI consumers (Flash, most Chrome Apps) will
-// be gone.
 const base::Feature kSiteIsolationEnforcementForFileSystemApi{
     "SiteIsolationEnforcementForFileSystemApi",
-    base::FEATURE_DISABLED_BY_DEFAULT};
+    base::FEATURE_ENABLED_BY_DEFAULT};
 
 // Controls whether SpareRenderProcessHostManager tries to always have a warm
 // spare renderer process around for the most recently requested BrowserContext.

docs/security/compromised-renderers.md

@@ -214,9 +214,6 @@ Protection techniques:
   information in `RenderFrameHost::GetLastCommittedOrigin()`
   (e.g. see `RenderFrameHostImpl::CreateIDBFactory`).
 
-**Known gaps in protection**:
-- https://crbug.com/917457: FileSystem API (deprecated, Chrome-only).
-
 
 ## Messaging