FYI: proposal to taint insecure redirect chains

[Charles Harrison]

Hey team, we have feedback from the security team that our current design which allows for attribution eligibility to flow through insecure origins is problematic. See the issue at https://github.com/WICG/attribution-reporting-api/issues/767.

Right now we fail background attributionsrc requests whose first URL is insecure, but if the first URL is secure we follow it and merely drop registrations from insecure hops. The proposal to fix this is to taint a redirect chain as soon as an insecure redirect is detected and disallow ARA registration from that point onwards (when basically our transitive trust assumptions go out the window).

This proposal will affect you if:

1. You register ARA with an insecure origin in the middle of a redirect chain

2. You register ARA with a secure origin, but a previous URL in the redirect chain was insecure

Please comment on the linked issue with feedback.