Cookie Store API: Fix crashes on http://localhost.

Issue #1:
The "SecureContext" IDL attribute considers localhost to be secure, but
the Cookie Store API assumed that it would only be exposed on
cryptographically secure origins, so a DCHECK caused attempts to
set/delete cookies on http://localhost to crash.

This CL replaces the DCHECK with an exception that is thrown on attempts
to set/delete secure cookies on cryptographically insecure origins.

Issue #2: The "secure" cookie attribute defaulted to true.
Setting/deleting a secure cookie on a cryptographically insecure origin
is prohibited. The cookieStore.delete() API excluded the option to set
the "secure" attribute, however, so there was no way to delete an
insecure cookie.

This CL defaults the "secure" attribute to true on cryptographically
secure origins, and false otherwise.

Bug: 956641
Change-Id: Iff7c22713e8604d60b68d42199a74b2d08235712
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1700357
Commit-Queue: Staphany Park <staphany@chromium.org>
Reviewed-by: Victor Costan <pwnall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#681054}

cookie-store/cookieStore_delete_insecure.tentative.https.window.js

@@ -0,0 +1,19 @@
+'use strict';
+
+promise_test(async t => {
+ await cookieStore.set('cookie-name', 'cookie-value', { secure: false });
+ t.add_cleanup(async () => { await cookieStore.delete('cookie-name'); });
+
+ await cookieStore.delete('cookie-name');
+ const cookie = await cookieStore.get('cookie-name');
+ assert_equals(cookie, null);
+}, 'cookieStore.delete(name) can delete an insecure cookie');
+
+promise_test(async t => {
+ await cookieStore.set('cookie-name', 'cookie-value', { secure: false });
+ t.add_cleanup(async () => { await cookieStore.delete('cookie-name'); });
+
+ await cookieStore.delete({ name: 'cookie-name' });
+ const cookie = await cookieStore.get('cookie-name');
+ assert_equals(cookie, null);
+}, 'cookieStore.delete(options) can delete an insecure cookie');