Part 1.1: Is policy list subsumed under subsuming policy?

third_party/WebKit/Source/core/frame/csp/CSPSource.h

Index: third_party/WebKit/Source/core/frame/csp/CSPSource.h
diff --git a/third_party/WebKit/Source/core/frame/csp/CSPSource.h b/third_party/WebKit/Source/core/frame/csp/CSPSource.h
index d7295244feed27c8b4ac7bf5a0e9e0c5100e549c..af3b318c28aff10cc90d5e18338ab7fad4cad0db 100644
--- a/third_party/WebKit/Source/core/frame/csp/CSPSource.h
+++ b/third_party/WebKit/Source/core/frame/csp/CSPSource.h
@@ -31,7 +31,10 @@ class CORE_EXPORT CSPSource : public GarbageCollectedFinalized<CSPSource> {
   bool matches(const KURL&,
                ResourceRequest::RedirectStatus =
                    ResourceRequest::RedirectStatus::NoRedirect) const;
-
+  // Find the normalized CSPSource of the two.

[Mike West, 2016/10/26 11:40:29]

What does this mean? :)

+  CSPSource* getNormalized(CSPSource*);
+  // Assuming two CSPSources are matching, return whichever is more restrictive.

[Mike West, 2016/10/26 11:40:29]

This is incomplete: you're also synthesizing new `CSPSource` objects in some
cases.

+  CSPSource* getPreferredCSPSource(CSPSource*);
   DECLARE_TRACE();
 
  private:
@@ -41,6 +44,16 @@ class CORE_EXPORT CSPSource : public GarbageCollectedFinalized<CSPSource> {
   bool portMatches(const KURL&) const;
   bool isSchemeOnly() const;
 
+  bool schemeMatches(const String&) const;
+  bool hostMatches(const String&) const;
+  bool pathMatches(const String&) const;
+  bool portMatches(int, const String&) const;
+
+  CSPSource* getPreferredCSPSourceBasedOnEmptySchemes(CSPSource* other,

[Mike West, 2016/10/26 11:40:29]

Nit: Describe these methods too. I'm still not sure I understand how you plan to
use them.

+                                                      CSPSource* preferred);
+  CSPSource* getPreferredCSPSourceBasedOnWildcards(CSPSource* other,
+                                                   CSPSource* preferreds);
+
   Member<ContentSecurityPolicy> m_policy;
   String m_scheme;
   String m_host;