Correct orphaned variable sandboxFlags to use targetSnapshotParams.

[jeremyroman]

Fixes #8511. This change is editorial.

---

/browsing-the-web.html ( diff )

[jeremyroman]

@domenic PTAL?

[domenic]

I think it should be finalSandboxFlags? If the page's response headers contain CSP: sandbox, the logic

This results in a network error as one cannot simultaneously provide a clean slate to a response using cross-origin opener policy and sandbox the result of navigating to that response.

still seems like it should apply.

[jeremyroman]

If so there was (probably?) an existing bug before #6315.

The previous revision (0a97a81^) used sandboxFlags (rather than finalSandboxFlags), which was plumbed in as an input to process a navigate fetch.

I admit that state didn't make a ton of sense to me and finalSandboxFlags seems to be more natural. The difference would be in the case where the response explicitly did something like:

Content-Security-Policy: sandbox
Cross-Origin-Opener-Policy: same-origin

Are you confident that it should be finalSandboxFlags, or should we try to find someone who knows CSP/COOP to confirm?

[domenic]

I was pretty confident, and then I went to check that we have tests, and now I'm very confident: https://github.com/web-platform-tests/wpt/blob/b52cec844a/html/cross-origin-opener-policy/coop-csp-sandbox.https.html :)