Auto merge of #28546 - yvt:feat-cow-infra, r=jdm

Implement `Location`'s custom internal methods

This PR partly resurrects #16501 and introduces the use of principals object to associate objects and Realms with origins. Using this infrastructure, this PR implements [the custom internal methods][1] of the `Location` interface, which is "maybe-cross-origin".

Unimplemented/incomplete things:

 - Other maybe-cross-origin interfaces, namely `WindowProxy` and `DissimilarWindowLocation`, aren't implemented correctly yet (causing most test cases of `tests/wpt/web-platform-tests/html/browsers/origin/cross-origin-objects/cross-origin-objects.html` to fail).
     - `WindowProxy`: #28556
 - [The "perform a security check" operation][2] and `Location`'s non-cross-origin properties' relevant `Document` origin checks aren't implemented either (not sure if they are covered by the existing tests).
 - There are a slight deviation from the standard and inefficiency in `CrossOriginGetOwnPropertyHelper`'s current implementation.
     - #28557

[1]: https://html.spec.whatwg.org/multipage/#the-location-interface
[2]: https://html.spec.whatwg.org/multipage/browsers.html#integration-with-idl

---
- [x] `./mach build -d` does not report any errors
- [x] `./mach test-tidy` does not report any errors
- [x] These changes fix #16243 and make some progress in #2382

---
- [x] There are tests for these changes OR
- [ ] These changes do not require tests because ___

1 files changed, 12 insertions, 0 deletions

diff --git a/components/script/script_runtime.rs b/components/script/script_runtime.rs
index c44b4b04676..5ce21f01366 100644
--- a/components/script/script_runtime.rs
+++ b/components/script/script_runtime.rs
@@ -16,6 +16,7 @@ use crate::dom::bindings::conversions::private_from_object;
 use crate::dom::bindings::conversions::root_from_handleobject;
 use crate::dom::bindings::error::{throw_dom_exception, Error};
 use crate::dom::bindings::inheritance::Castable;
+use crate::dom::bindings::principals;
 use crate::dom::bindings::refcounted::{trace_refcounted_objects, LiveDOMReferences};
 use crate::dom::bindings::refcounted::{Trusted, TrustedPromise};
 use crate::dom::bindings::reflector::DomObject;
@@ -61,6 +62,7 @@ use js::jsapi::{
     JSJitCompilerOption, JS_SetOffthreadIonCompilationEnabled, JS_SetParallelParsingEnabled,
 };
 use js::jsapi::{JSObject, PromiseRejectionHandlingState, SetPreserveWrapperCallbacks};
+use js::jsapi::{JSSecurityCallbacks, JS_InitDestroyPrincipalsCallback, JS_SetSecurityCallbacks};
 use js::jsapi::{SetJobQueue, SetProcessBuildIdOp, SetPromiseRejectionTrackerCallback};
 use js::jsval::UndefinedValue;
 use js::panic::wrap_panic;
@@ -97,6 +99,12 @@ static JOB_QUEUE_TRAPS: JobQueueTraps = JobQueueTraps {
     empty: Some(empty),
 };
 
+static SECURITY_CALLBACKS: JSSecurityCallbacks = JSSecurityCallbacks {
+    // TODO: Content Security Policy <https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP>
+    contentSecurityPolicyAllows: None,
+    subsumes: Some(principals::subsumes),
+};
+
 /// Common messages used to control the event loops in both the script and the worker
 pub enum CommonScriptMsg {
     /// Requests that the script thread measure its memory usage. The results are sent back via the
@@ -466,6 +474,10 @@ unsafe fn new_rt_and_cx_with_parent(
 
     JS_AddExtraGCRootsTracer(cx, Some(trace_rust_roots), ptr::null_mut());
 
+    JS_SetSecurityCallbacks(cx, &SECURITY_CALLBACKS);
+
+    JS_InitDestroyPrincipalsCallback(cx, Some(principals::destroy_servo_jsprincipal));
+
     // Needed for debug assertions about whether GC is running.
     if cfg!(debug_assertions) {
         JS_SetGCCallback(cx, Some(debug_gc_callback), ptr::null_mut());