Regression fix: add back origin check for shared workers

Shared workers always needs to perform a same-origin check since if the
SharedWorkerGlobalScope already exists, no fetching is done, so we
cannot count on fetching to do the same-origin check. Additionally,
module workers allow cross-origin fetches, but we still want to ensure
a distinct SharedWorkerGlobalScope per origin.

This also cleans up “set up a worker environment settings object” with
a more explicit way of referencing the needed environment settings
object.

This regressed through #339 (though that change also had to be made for
module workers).

Fixes #1321.

Author: annevk

source

@@ -95560,7 +95560,8 @@ interface <dfn>WorkerGlobalScope</dfn> : <span>EventTarget</span> {
    </li>
 
    <li><p><span>Set up a worker environment settings object</span> with <var>realm execution
-   context</var>, and let <var>inside settings</var> be the result.</p></li>
+   context</var> and <var>outside settings</var>, and let <var>inside settings</var> be the
+   result.</p></li>
 
    <li><p>Let <var>destination</var> be "<code data-x="">sharedworker</code>" if <var>is
    shared</var> is true, and "<code data-x="">worker</code>" otherwise.</p></li>
@@ -95856,16 +95857,17 @@ interface <dfn>AbstractWorker</dfn> {
   <h5>Script settings for workers</h5>
 
   <p>When the user agent is required to <dfn>set up a worker environment settings object</dfn>,
-  given a <span>JavaScript execution context</span> <var>execution context</var>, it must run the
-  following steps:</p>
+  given a <span>JavaScript execution context</span> <var>execution context</var> and
+  <span>environment settings object</span> <var>outside settings</var>, it must run the following
+  steps:</p>
 
   <ol>
 
-   <li><p>Let <var>inherited responsible browsing context</var> be the <span>responsible
-   browsing context</span> specified by the <span>incumbent settings object</span>.</p></li>
+   <li><p>Let <var>inherited responsible browsing context</var> be <var>outside settings</var>'s
+   <span>responsible browsing context</span>.</p></li>
 
-   <li><p>Let <var>inherited origin</var> be the <span>origin</span> specified by the
-   <span>incumbent settings object</span>.</p></li>
+   <li><p>Let <var>inherited origin</var> be <var>outside settings</var>'s
+   <span>origin</span>.</p></li>
 
    <li><p>Let <var>worker event loop</var> be a newly created <span>event
    loop</span>.</p></li>
@@ -96179,8 +96181,10 @@ interface <dfn>SharedWorker</dfn> : <span>EventTarget</span> {
      <li><p>If there exists a <code>SharedWorkerGlobalScope</code> object whose <span
      data-x="dom-WorkerGlobalScope-closing">closing</span> flag is false, whose <span
      data-x="concept-SharedWorkerGlobalScope-name">name</span> is exactly equal to <var>name</var>,
-     and whose <span data-x="concept-SharedWorkerGlobalScope-constructor-url">constructor url</span>
-     is equal to <var>urlString</var>, then let <var>worker global scope</var> be that
+     whose <span data-x="concept-SharedWorkerGlobalScope-constructor-url">constructor url</span> is
+     equal to <var>urlString</var>, and whose <span>relevant settings object</span>'s
+     <span>origin</span> is <span>same origin</span> with <var>outside settings</var>'s
+     <span>origin</span>, then let <var>worker global scope</var> be that
      <code>SharedWorkerGlobalScope</code> object.</p></li>
 
      <li>