[HTML Import] Respect Content Security Policy Model

Source/core/page/ContentSecurityPolicy.cpp

Index: Source/core/page/ContentSecurityPolicy.cpp
diff --git a/Source/core/page/ContentSecurityPolicy.cpp b/Source/core/page/ContentSecurityPolicy.cpp
index 0760cce2acd7aae08ef5ad8645347b2192ee011e..0d2941c0dca475927f1289bf1a9999b1a2160a9c 100644
--- a/Source/core/page/ContentSecurityPolicy.cpp
+++ b/Source/core/page/ContentSecurityPolicy.cpp
@@ -1421,11 +1421,18 @@ void ContentSecurityPolicy::copyStateFrom(const ContentSecurityPolicy* other)
 {
     ASSERT(m_policies.isEmpty());
     for (CSPDirectiveListVector::const_iterator iter = other->m_policies.begin(); iter != other->m_policies.end(); ++iter)
-        didReceiveHeader((*iter)->header(), (*iter)->headerType());
+        addPolicyFromHeaderValue((*iter)->header(), (*iter)->headerType());
 }
 
 void ContentSecurityPolicy::didReceiveHeader(const String& header, HeaderType type)
 {
+    // ContentSecurityPolicy should be mutable only it has a browsing context.
+    ASSERT(!m_scriptExecutionContext->isDocument() || toDocument(m_scriptExecutionContext)->frame());

[Mike West, 2013/07/22 14:39:42]

I don't understand this assertion. Could you explain the intent?

What about workers, for instance?

+    addPolicyFromHeaderValue(header, type);
+}
+
+void ContentSecurityPolicy::addPolicyFromHeaderValue(const String& header, HeaderType type)
+{
     if (m_scriptExecutionContext->isDocument()) {
         Document* document = toDocument(m_scriptExecutionContext);
         if (type == PrefixedReport || type == PrefixedEnforce)