Use MessageSender.origin to check if message came from a test origin.

When an extension message is received, we check `MessageSender.id` to
disallow requests from unknown clients.  Unfortunately,
`MessageSender.id` is currently not trustworthy (issue 982361) and
therefore this CL switches to using `MessageSender.origin` instead.

Bug: 10321587
Change-Id: Ia4b63bbb0bff361b6695d930eb44fdd25a8b789e
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2035866
Commit-Queue: Shik Chen <shik@chromium.org>
Reviewed-by: Shik Chen <shik@chromium.org>
Cr-Commit-Position: refs/heads/master@{#738065}

chrome/browser/resources/chromeos/camera/src/js/background.js

@@ -28,10 +28,10 @@ const INITIAL_ASPECT_RATIO = 1.7777777777;
 const TOPBAR_COLOR = '#000000';
 
 /**
- * The id of the test app used in Tast.
+ * The origin of the test app used in Tast.
  * @type {string}
  */
-const TEST_API_ID = 'behllobkkfkfnphdnhnkndlbkcpglgmj';
+const TEST_API_ORIGIN = 'chrome-extension://behllobkkfkfnphdnhnkndlbkcpglgmj';
 
 /**
  * It's used in test to ensure that we won't connect to the main.html target
@@ -489,7 +489,7 @@ class Background {
  *     asynchronously.
  */
 function handleExternalMessageFromTest(message, sender, sendResponse) {
-  if (sender.id !== TEST_API_ID) {
+  if (sender.origin !== TEST_API_ORIGIN) {
     console.warn(`Unknown sender id: ${sender.id}`);
     return;
   }
@@ -507,7 +507,7 @@ function handleExternalMessageFromTest(message, sender, sendResponse) {
  * @param {Port} port The port that used to do two-way communication.
  */
 function handleExternalConnectionFromTest(port) {
-  if (port.sender.id !== TEST_API_ID) {
+  if (port.sender.origin !== TEST_API_ORIGIN) {
     console.warn(`Unknown sender id: ${port.sender.id}`);
     return;
   }