consider exposing a Request.site getter

[wanderview]

Currently we expose a Sec-Fetch-Site header to servers, but hide this information from service workers. The Sec-Fetch-Site and origin headers are not populated until after the FetchEvent is handled by the service worker. This means the service worker can not reason about whether the incoming request is from a safe same-origin initiator or a potentially hostile cross-site initiator.

To address this we propose to add a Request.site getter that returns same-origin, same-site, or cross-site. The value would be based on the request's internal origin and origin tainting flag.

This was discussed at the recent SW virtual F2F: w3c/ServiceWorker#1604

[annevk]

Asserts:

• Only in service worker fetch events would this show a value other than "same-origin". (Modulo the Cache API, but see https://github.com/w3c/ServiceWorker/issues/1607.)
• Only a navigation request would this show a value other than "same-origin".
• Only when mode is "navigate" would this show a value other than "same-origin".