CSP: Move parsing a document's CSP to DocumentLoader::responseReceived.

Source/core/frame/csp/ContentSecurityPolicy.cpp

Index: Source/core/frame/csp/ContentSecurityPolicy.cpp
diff --git a/Source/core/frame/csp/ContentSecurityPolicy.cpp b/Source/core/frame/csp/ContentSecurityPolicy.cpp
index 0bd3f7c5c038533a482dffe0c185face6641e5c1..0ab6270c3c035677ce84db640178711eabcb970d 100644
--- a/Source/core/frame/csp/ContentSecurityPolicy.cpp
+++ b/Source/core/frame/csp/ContentSecurityPolicy.cpp
@@ -256,6 +256,15 @@ void ContentSecurityPolicy::setOverrideAllowInlineStyle(bool value)
     m_overrideInlineStyleAllowed = value;
 }
 
+void ContentSecurityPolicy::setOverrideURLForSelf(const KURL& url)
+{
+    // Create a temporary CSPSource so that 'self' expressions can be resolved before we bind to
+    // an execution context (for 'frame-ancestor' resolution, for example). This CSPSource will
+    // be overwritten when we bind this object to an execution context.
+    RefPtr<SecurityOrigin> origin = SecurityOrigin::create(url);
+    m_selfSource = adoptPtr(new CSPSource(this, origin->protocol(), origin->host(), origin->port(), String(), false, false));

[jochen (gone - plz use gerrit), 2014/09/11 12:49:44]

bool parameters? sadness...

+}
+
 const String& ContentSecurityPolicy::deprecatedHeader() const
 {
     return m_policies.isEmpty() ? emptyString() : m_policies[0]->header();
@@ -624,6 +633,10 @@ static void gatherSecurityPolicyViolationEventData(SecurityPolicyViolationEventI
 
 void ContentSecurityPolicy::reportViolation(const String& directiveText, const String& effectiveDirective, const String& consoleMessage, const KURL& blockedURL, const Vector<String>& reportEndpoints, const String& header)
 {
+    // FIXME: Support sending 'frame-ancestor' reports (which occur before we're bound to an execution context)
+    if (!m_executionContext)
+        return;
+
     // FIXME: Support sending reports from worker.
     Document* document = this->document();
     if (!document)