fix(script): the condition for exposing a cross-origin setter is CrossOriginWritable, not CrossOriginReadable

The expression `crossOriginIframe.contentWindow.location.href = "new
href"` takes the following steps: (1) Get the setter for `href` by
invoking `[[GetOwnProperty]]` on `crossOriginIframe.contentWindow.
location`. (2) Call the setter, passing `crossOriginIframe.
contentWindow` and `"new href"`. Since the target `Location` is cross
origin, getting the setter succeeds only if the `CrossOriginWritable`
extended attribute is present on the `href` attribute, and it's present.
However, instead of `CrossOriginWritable`, `CrossOriginReadable` was
checked mistakenly.

Since `Location#href` has `CrossOriginWritable` but not
`CrossOriginReadable`, this bug rendered `Location#href` inaccessible
from a cross-origin document.

components/script/dom/bindings/codegen/CodegenRust.py

@@ -1936,7 +1936,7 @@ class AttrDefiner(PropertyDefiner):
         def setter(attr):
             attr = attr['attr']
 
-            if ((self.crossorigin and not attr.getExtendedAttribute("CrossOriginReadable"))
+            if ((self.crossorigin and not attr.getExtendedAttribute("CrossOriginWritable"))
                 or (attr.readonly
                     and not attr.getExtendedAttribute("PutForwards")
                     and not attr.getExtendedAttribute("Replaceable"))):

tests/wpt/metadata/html/browsers/origin/cross-origin-objects/cross-origin-objects.html.ini

@@ -188,12 +188,6 @@
   [Same-origin observers get different accessors for cross-origin Window (cross-site)]
     expected: FAIL
 
-  [Same-origin observers get different accessors for cross-origin Location (cross-origin)]
-    expected: FAIL
-
-  [Same-origin observers get different accessors for cross-origin Location (same-origin + document.domain)]
-    expected: FAIL
-
   [Same-origin observers get different accessors for cross-origin Location (cross-site)]
     expected: FAIL