[Fixit] Take the creator's secure context bit into account for workers.
Previously, it was implicitly assumed that the creator was a secure
context iff the worker or worklet was a secure context.
This also affects worklets, but those can only be created by secure
contexts, so this change is a no-op in that case.
Shared workers are also not affected by this change, because they
incorrectly compute the secure context bit of their creator based on
the origin. This change adds a TODO to fix that in a follow-up.
This change is gated behind a runtime-enabled feature flag until the
UseCounter data tells us whether this would have a large impact or not.
Bug: chromium:780031
Change-Id: I062f289d34aed8e0a8adf930b44825a237ad7582
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3288993
Commit-Queue: Titouan Rigoudy <titouan@chromium.org>
Reviewed-by: Arthur Sonzogni <arthursonzogni@chromium.org>
Reviewed-by: Hiroshige Hayashizaki <hiroshige@chromium.org>
Auto-Submit: Titouan Rigoudy <titouan@chromium.org>
Cr-Commit-Position: refs/heads/main@{#956523}
diff --git a/secure-contexts/basic-dedicated-worker.html b/secure-contexts/basic-dedicated-worker.html
index 581d761..ecd6138 100644
--- a/secure-contexts/basic-dedicated-worker.html
+++ b/secure-contexts/basic-dedicated-worker.html
@@ -70,8 +70,8 @@
t5.done();
} else if (data.type == "https") {
t6.step(function() {
- assert_false(data.error);
- assert_false(data.isSecureContext);
+ assert_false(data.error, "error");
+ assert_false(data.isSecureContext, "isSecureContext");
});
t6.done();
} else {
