Give shared workers their own content security policies

Source/core/workers/WorkerScriptLoaderClient.cpp

Index: Source/core/workers/WorkerScriptLoaderClient.cpp
diff --git a/Source/core/workers/WorkerScriptLoaderClient.cpp b/Source/core/workers/WorkerScriptLoaderClient.cpp
new file mode 100644
index 0000000000000000000000000000000000000000..d223191628785d465aa94f96fe6371562387c45a
--- /dev/null
+++ b/Source/core/workers/WorkerScriptLoaderClient.cpp
@@ -0,0 +1,37 @@
+// Copyright 2015 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "config.h"
+#include "core/workers/WorkerScriptLoaderClient.h"
+
+#include "core/frame/csp/ContentSecurityPolicy.h"
+#include "platform/network/ContentSecurityPolicyResponseHeaders.h"
+#include "platform/network/ResourceResponse.h"
+
+namespace blink {
+
+WorkerScriptLoaderClient::~WorkerScriptLoaderClient()
+{
+}
+
+PassRefPtr<ContentSecurityPolicy> WorkerScriptLoaderClient::contentSecurityPolicy()
+{
+    return m_contentSecurityPolicy;
+}
+
+void WorkerScriptLoaderClient::processContentSecurityPolicy(const ResourceResponse& response)
+{
+    if (!response.url().protocolIs("blob") && !response.url().protocolIs("file") && !response.url().protocolIs("filesystem")) {

[Mike West, 2015/05/15 11:54:43]

Nit: At some point in the future, we should extract this out to an
`isLocal{Scheme,Protocol}` method on KURL.
(https://url.spec.whatwg.org/#local-scheme)

[estark, 2015/05/18 16:24:15]

Acknowledged.

+        m_contentSecurityPolicy = ContentSecurityPolicy::create();
+        m_contentSecurityPolicy->setOverrideURLForSelf(response.url());
+        m_contentSecurityPolicy->didReceiveHeaders(ContentSecurityPolicyResponseHeaders(response));
+    }
+}
+
+void WorkerScriptLoaderClient::setContentSecurityPolicy(PassRefPtr<ContentSecurityPolicy> contentSecurityPolicy)
+{
+    m_contentSecurityPolicy = contentSecurityPolicy;
+}
+
+} // namespace blink