Introduce AncestorThrottle, which will process 'X-Frame-Options' headers.

third_party/WebKit/Source/core/loader/DocumentLoader.cpp

Index: third_party/WebKit/Source/core/loader/DocumentLoader.cpp
diff --git a/third_party/WebKit/Source/core/loader/DocumentLoader.cpp b/third_party/WebKit/Source/core/loader/DocumentLoader.cpp
index 3e50fc12e4ae23014f86ea22e7aca852be85f8e4..0f39da1fd3f449e3720795b8944ed638be26ec51 100644
--- a/third_party/WebKit/Source/core/loader/DocumentLoader.cpp
+++ b/third_party/WebKit/Source/core/loader/DocumentLoader.cpp
@@ -389,23 +389,6 @@ void DocumentLoader::responseReceived(Resource* resource, const ResourceResponse
         return;
     }
 
-    // 'frame-ancestors' obviates 'x-frame-options': https://w3c.github.io/webappsec/specs/content-security-policy/#frame-ancestors-and-frame-options
-    if (!m_contentSecurityPolicy->isFrameAncestorsEnforced()) {
-        HTTPHeaderMap::const_iterator it = response.httpHeaderFields().find(HTTPNames::X_Frame_Options);
-        if (it != response.httpHeaderFields().end()) {
-            String content = it->value;
-            if (frameLoader()->shouldInterruptLoadForXFrameOptions(content, response.url(), mainResourceIdentifier())) {
-                String message = "Refused to display '" + response.url().elidedString() + "' in a frame because it set 'X-Frame-Options' to '" + content + "'.";
-                ConsoleMessage* consoleMessage = ConsoleMessage::create(SecurityMessageSource, ErrorMessageLevel, message);
-                consoleMessage->setRequestIdentifier(mainResourceIdentifier());
-                frame()->document()->addConsoleMessage(consoleMessage);
-
-                cancelLoadAfterXFrameOptionsOrCSPDenied(response);
-                return;
-            }
-        }
-    }
-
     ASSERT(!m_frame->page()->defersLoading());
 
     m_response = response;