Change default classic script fetch options credentials mode

This CL changes the default classic script fetch options credentials mode
from "omit" to "same-origin", as per the recent spec change [1], and adds
descendant worker credentials tests as a follow-up to said spec change and
[2].

[1]: https://github.com/whatwg/html/pull/3656
[2]: https://github.com/web-platform-tests/wpt/issues/13426

R=domenic@chromium.org, kouhei@chromium.org, nhiroki@chromium.org

Bug: 849101
Change-Id: I958f552f0ee91beb8aab98269f79a1eb219fb40a
Reviewed-on: https://chromium-review.googlesource.com/c/1301964
Commit-Queue: Dominic Farolino <domfarolino@gmail.com>
Reviewed-by: Kouhei Ueno <kouhei@chromium.org>
Reviewed-by: Hiroki Nakagawa <nhiroki@chromium.org>
Cr-Commit-Position: refs/heads/master@{#604862}

third_party/WebKit/LayoutTests/external/wpt/workers/modules/dedicated-worker-options-credentials.html.headers

-Set-Cookie: COOKIE_NAME=COOKIE_VALUE
+Set-Cookie: COOKIE_NAME=1
 Access-Control-Allow-Credentials: true

third_party/WebKit/LayoutTests/external/wpt/workers/modules/resources/credentials.py

@@ -2,6 +2,7 @@ def main(request, response):
     cookie = request.cookies.first("COOKIE_NAME", None)
 
     response_headers = [("Content-Type", "text/javascript"),
+                        ("Access-Control-Allow-Origin", request.headers.get("Origin")),
                         ("Access-Control-Allow-Credentials", "true")]
 
     cookie_value = '';

third_party/WebKit/LayoutTests/external/wpt/workers/modules/resources/dynamic-import-remote-origin-credentials-checker-worker.sub.js

+// Import a remote origin script.
+import('http://{{domains[www1]}}:{{ports[http][0]}}/workers/modules/resources/credentials.py');

third_party/WebKit/LayoutTests/external/wpt/workers/modules/resources/dynamic-import-same-origin-credentials-checker-worker.js

+import('./credentials.py');

third_party/WebKit/LayoutTests/external/wpt/workers/modules/resources/static-import-remote-origin-credentials-checker-worker.sub.js

+// Import a remote origin script.
+import 'http://{{domains[www1]}}:{{ports[http][0]}}/workers/modules/resources/credentials.py';

third_party/WebKit/LayoutTests/external/wpt/workers/modules/resources/static-import-same-origin-credentials-checker-worker.js

+import './credentials.py';

third_party/blink/renderer/bindings/core/v8/referrer_script_info.h

@@ -53,7 +53,8 @@ class CORE_EXPORT ReferrerScriptInfo {
 
   bool IsDefaultValue() const {
     return base_url_.IsNull() &&
-           credentials_mode_ == network::mojom::FetchCredentialsMode::kOmit &&
+           credentials_mode_ ==
+               network::mojom::FetchCredentialsMode::kSameOrigin &&
            nonce_.IsEmpty() && parser_state_ == kNotParserInserted;
   }
 
@@ -67,10 +68,10 @@ class CORE_EXPORT ReferrerScriptInfo {
   const KURL base_url_;
 
   // Spec: "referencing script's credentials mode"
-  // The default value is "omit" per:
+  // The default value is "same-origin" per:
   // https://html.spec.whatwg.org/multipage/webappapis.html#default-classic-script-fetch-options
   const network::mojom::FetchCredentialsMode credentials_mode_ =
-      network::mojom::FetchCredentialsMode::kOmit;
+      network::mojom::FetchCredentialsMode::kSameOrigin;
 
   // Spec: "referencing script's cryptographic nonce"
   const String nonce_;