CSP: 'connect-src' should not cause exceptions.

third_party/WebKit/Source/modules/eventsource/EventSource.cpp

Index: third_party/WebKit/Source/modules/eventsource/EventSource.cpp
diff --git a/third_party/WebKit/Source/modules/eventsource/EventSource.cpp b/third_party/WebKit/Source/modules/eventsource/EventSource.cpp
index acaee289dc2be98a543dd183c81747778aeba04f..6d689fbdf929133c1b1b34f0e0e1855ed788f5ea 100644
--- a/third_party/WebKit/Source/modules/eventsource/EventSource.cpp
+++ b/third_party/WebKit/Source/modules/eventsource/EventSource.cpp
@@ -97,18 +97,6 @@ EventSource* EventSource::create(ExecutionContext* context,
     return nullptr;
   }
 
-  // FIXME: Convert this to check the isolated world's Content Security Policy
-  // once webkit.org/b/104520 is solved.
-  if (!ContentSecurityPolicy::shouldBypassMainWorld(context) &&
-      !context->contentSecurityPolicy()->allowConnectToSource(fullURL)) {
-    // We can safely expose the URL to JavaScript, as this exception is generate
-    // synchronously before any redirects take place.
-    exceptionState.throwSecurityError(
-        "Refused to connect to '" + fullURL.elidedString() +
-        "' because it violates the document's Content Security Policy.");
-    return nullptr;
-  }
-
   EventSource* source = new EventSource(context, fullURL, eventSourceInit);
 
   source->scheduleInitialConnect();
@@ -319,6 +307,11 @@ void EventSource::didFail(const ResourceError& error) {
   DCHECK_NE(kClosed, m_state);
   DCHECK(m_loader);
 
+  if (error.isAccessCheck()) {
+    didFailAccessControlCheck(error);
+    return;
+  }
+
   if (error.isCancellation())
     m_state = kClosed;
   networkRequestEnded();