Disallow use of Web Bluetooth from cross-origin iframes.

third_party/WebKit/LayoutTests/bluetooth/requestDevice-sandboxed-iframe.html

Index: third_party/WebKit/LayoutTests/bluetooth/requestDevice-sandboxed-iframe.html
diff --git a/third_party/WebKit/LayoutTests/bluetooth/requestDevice-sandboxed-iframe.html b/third_party/WebKit/LayoutTests/bluetooth/requestDevice-sandboxed-iframe.html
index 9820a59ad0f1d8b97027f031bcaaa58d9a2a1a55..9bc80924178e7f797a29d2639bb2de1457b735e4 100644
--- a/third_party/WebKit/LayoutTests/bluetooth/requestDevice-sandboxed-iframe.html
+++ b/third_party/WebKit/LayoutTests/bluetooth/requestDevice-sandboxed-iframe.html
@@ -14,8 +14,7 @@
         });
       } else {
         assert_equals(messageEvent.data, 'SecurityError: requestDevice() ' +
-                                         'called from sandboxed or otherwise ' +
-                                         'unique origin.');
+                                         'called from cross-origin iframe.');

[Mike West, 2016/04/06 06:06:59]

Hrm. Can you talk about the trickyness a bit? Loading cross-origin frames is
certainly possible. For example, you could load
`http://127.0.0.1:8080/resources/requestDevice-in-sandboxed-iframe.html` or
`https://example.test:8443/resources/requestDevice-in-sandboxed-iframe.html` if
you'd like to actually test a cross-origin-but-not-sandboxed frame. I think that
would be a good idea, since sandboxing has a lot of side-effects.

[Jeffrey Yasskin, 2016/04/06 06:17:15]

Yep, I'd missed those options. I'll write that test tomorrow.

         test.done();
       }
     });