CSP: Change 'self' to ask the policy object whether a URL matches.

CSP: Change 'self' to ask the policy object whether a URL matches.

Currently, when CSPSourceList encounters "'self'" in a source list, it
creates a CSPSource using the currently available SecurityOrigin. If
we want to be able to create CSP objects before documents are available
(to support `frame-ancestors` for instance), we need to break this
dependency.

This patch adjusts CSPSourceList to ask the policy object whether a URL
matches self, and the policy object to store a replacable CSPSource
object that could be swapped out if the SecurityOrigin changes.

BUG=411889
Committed: https://src.chromium.org/viewvc/blink?view=rev&revision=181629

[Mike West, 2014-09-08 13:42:17]

mkwst@chromium.org changed reviewers:
+ jochen@chromium.org

[Mike West, 2014-09-08 13:42:18]

Mind taking a look at this patch, Jochen? Hopefully the description is
descriptive enough. :)

[jochen (gone - plz use gerrit), 2014-09-09 08:11:15]

lgtm

https://codereview.chromium.org/549163003/diff/1/Source/core/frame/csp/Conten...
File Source/core/frame/csp/ContentSecurityPolicy.cpp (right):

https://codereview.chromium.org/549163003/diff/1/Source/core/frame/csp/Conten...
Source/core/frame/csp/ContentSecurityPolicy.cpp:785: return
url.protocolIs("http") || url.protocolIs("https");
isn't there some protocolIsInHTTPFamily() method?

[Mike West, 2014-09-09 08:58:28]

The CQ bit was checked by mkwst@chromium.org

[commit-bot: I haz the power, 2014-09-09 08:59:20]

CQ is trying da patch. Follow status at
 https://chromium-status.appspot.com/cq/mkwst@chromium.org/549163003/20001

[Mike West, 2014-09-09 08:59:30]

Yup, changed to use that method, thanks!

[commit-bot: I haz the power, 2014-09-09 10:03:01]

Committed patchset #2 (id:20001) as 181629