Add the `topOrigin` field to the limited clientData verification algorithm

[agl]

I was asked to to the PR for this issue, without looking at the submitted PR, in order to avoid IPR issues that would arise from a change by a non-member.

The topOrigin field was added the the CollectedClientData, and the serialization algorithm, but not the verification algorithm. This PR addresses that.

Fixes #2102

The following tasks have been completed:

• [x] Modified Web platform tests (link) (Doesn't actually check this bit of the text due to complexity of setting up the iframes, but adds a test for this serialization in general, which was the bigger existing omission.)

Implementation commitment:

(Omitting due to minor nature of the change.)

Documentation and checks

• [ ] Affects privacy
• [ ] Affects security
• [ ] Updated explainer

---

Preview | Diff

[zacknewman]

I was told that a PR would be accepted which is why I submitted #2104. I don't know what an "IPR" is; but if it is inappropriate for me to send PRs, then I apologize and will refrain from doing so in the future.

Edit

DuckDuckGo says "IPR" is intellectual property. I would be more than happy to sign something that waives any intellectual property rights that would otherwise be associated with my contributions whether in comment or PR form. My only goal is make the spec consistent and rigorous enough that one can implement it with little ambiguity—my formal education is in pure math, so it can be difficult for me when technical documentation is not quite as "precise" as I wish.

[agl]

The chair asked me to write a version of this without looking at the other PR for IPR reasons. It seems that the IPR issues are resolvable so closing this PR.