Moved all tests about bypassing CSP into csp-tests (content layer)

content/common/content_security_policy/content_security_policy.cc

Index: content/common/content_security_policy/content_security_policy.cc
diff --git a/content/common/content_security_policy/content_security_policy.cc b/content/common/content_security_policy/content_security_policy.cc
index 204e262f52cbfcece5bff406628ca827424ea4f1..5eb1e96d8df2c1e0dae87b325193766f3be585e7 100644
--- a/content/common/content_security_policy/content_security_policy.cc
+++ b/content/common/content_security_policy/content_security_policy.cc
@@ -94,6 +94,21 @@ bool AllowDirective(CSPContext* context,
                   source_location);
   return false;
 }
+const GURL ExtractInnerURL(const GURL& url) {

[arthursonzogni, 2017/04/04 11:54:34]

Nit: Add a newline above.

[andypaicu, 2017/04/04 15:10:07]

Done

+  if (const GURL* inner_url = url.inner_url())
+    return *inner_url;
+  else
+    // TODO(arthursonzogni): revisit this once GURL::inner_url support blob-URL.
+    return GURL(url.path());
+}
+
+bool ShouldBypassContentSecurityPolicy(CSPContext* context, const GURL& url) {
+  if (url.SchemeIsFileSystem() || url.SchemeIsBlob()) {
+    return context->SchemeShouldBypassCSP(ExtractInnerURL(url).scheme());
+  } else {
+    return context->SchemeShouldBypassCSP(url.scheme());
+  }
+}
 
 }  // namespace
 
@@ -121,6 +136,9 @@ bool ContentSecurityPolicy::Allow(const ContentSecurityPolicy& policy,
                                   bool is_redirect,
                                   CSPContext* context,
                                   const SourceLocation& source_location) {
+  if (ShouldBypassContentSecurityPolicy(context, url))
+    return true;
+
   CSPDirective::Name current_directive_name = directive_name;
   do {
     for (const CSPDirective& directive : policy.directives) {