[HTML Import] Respect Content Security Policy Model

Source/core/page/ContentSecurityPolicy.cpp

Index: Source/core/page/ContentSecurityPolicy.cpp
diff --git a/Source/core/page/ContentSecurityPolicy.cpp b/Source/core/page/ContentSecurityPolicy.cpp
index 0760cce2acd7aae08ef5ad8645347b2192ee011e..78a68def9de8fedb11402f6aeb35936138d4bd0c 100644
--- a/Source/core/page/ContentSecurityPolicy.cpp
+++ b/Source/core/page/ContentSecurityPolicy.cpp
@@ -1421,11 +1421,19 @@ void ContentSecurityPolicy::copyStateFrom(const ContentSecurityPolicy* other)
 {
     ASSERT(m_policies.isEmpty());
     for (CSPDirectiveListVector::const_iterator iter = other->m_policies.begin(); iter != other->m_policies.end(); ++iter)
-        didReceiveHeader((*iter)->header(), (*iter)->headerType());
+        addPolicyFromHeaderValue((*iter)->header(), (*iter)->headerType());
 }
 
 void ContentSecurityPolicy::didReceiveHeader(const String& header, HeaderType type)
 {
+    // ContentSecurityPolicy should be mutable only it has a browsing context. It should be immutable
+    // for Documents made by XHR or HTML Imports.
+    ASSERT(!m_scriptExecutionContext->isDocument() || toDocument(m_scriptExecutionContext)->frame());
+    addPolicyFromHeaderValue(header, type);
+}
+
+void ContentSecurityPolicy::addPolicyFromHeaderValue(const String& header, HeaderType type)
+{
     if (m_scriptExecutionContext->isDocument()) {
         Document* document = toDocument(m_scriptExecutionContext);
         if (type == PrefixedReport || type == PrefixedEnforce)