Add checks for not potentially trustworthy and "file" origins.

[inexorabletash]

This aligns the spec with Chromium's behavior, namely that writes where the origin is not potentially trustworthy or is "file" scheme result in failure with a TypeError.

Resolves #193

---

Preview | Diff

[inexorabletash]

This PR (as currently written) is purely to align the spec text w/ Chromium behavior. That doesn't mean we should merge it though! Notably:

• Chromium doesn't error on read. Should it?
• document.cookie prevents writes if the document is "cookie-averse". Alignment might be nice?
• Needs tests!

[ayuishii]

Thanks for the change!
I think this LGTM.

[inexorabletash]

I looked briefly at tests just to capture Chrome's behavior - given the [SecureContext] requirement for the API I'm drawing a blank on exercising the "not potentially trustworthy" check from WPT given https://w3c.github.io/webappsec-secure-contexts/#is-origin-trustworthy .

A manual test for file: is doable. Ideas welcome.

[annevk]

@bakulf @RupinMittal what do Gecko and WebKit do here?

[bakulf]

Currently, in Gecko, the CookieStore API is not available on potentially untrustworthy origins or pages loaded using the "file" scheme.