Part 2.1: Is policy list subsumed under subsuming policy?

third_party/WebKit/Source/core/frame/csp/CSPSource.h

Index: third_party/WebKit/Source/core/frame/csp/CSPSource.h
diff --git a/third_party/WebKit/Source/core/frame/csp/CSPSource.h b/third_party/WebKit/Source/core/frame/csp/CSPSource.h
index ede22feb45f77a5e79d20fae2b2cf08fe457476a..fab4f5e9481177a155a13ad74057f7a30ffe47ba 100644
--- a/third_party/WebKit/Source/core/frame/csp/CSPSource.h
+++ b/third_party/WebKit/Source/core/frame/csp/CSPSource.h
@@ -36,16 +36,23 @@ class CORE_EXPORT CSPSource : public GarbageCollectedFinalized<CSPSource> {
   // subsumption algorithm described here:
   // https://w3c.github.io/webappsec-csp/embedded/#subsume-policy
   bool subsumes(CSPSource*);
+  // Retrieve the most restrictive information from the two CSPSources if
+  // isSimilar is true for the two. Otherwise, return nullptr.
+  CSPSource* getNormalized(CSPSource*);

[jochen (gone - plz use gerrit), 2016/11/04 13:14:51]

what about

static CSPSource* intersect(CSPSource*, CSPSource*) ?

 
   DECLARE_TRACE();
 
  private:
+  FRIEND_TEST_ALL_PREFIXES(CSPSourceTest, IsSimilar);
+  FRIEND_TEST_ALL_PREFIXES(SourceListDirectiveTest, GetNormalizedCSPSources);
+
   bool schemeMatches(const String&) const;
   bool hostMatches(const String&) const;
   bool pathMatches(const String&) const;
   // Protocol is necessary to determine default port if it is zero.
   bool portMatches(int port, const String& protocol) const;
   bool isSchemeOnly() const;
+  bool isSimilar(CSPSource* other);
 
   Member<ContentSecurityPolicy> m_policy;
   String m_scheme;