Implement CSP check for manifest fetching

Source/core/fetch/ResourceFetcher.cpp

Index: Source/core/fetch/ResourceFetcher.cpp
diff --git a/Source/core/fetch/ResourceFetcher.cpp b/Source/core/fetch/ResourceFetcher.cpp
index 73149d0feafa4792027a8cfae678c90ff5413ecf..2436d8d86fb0904e0c23caa459eea4274610ee08 100644
--- a/Source/core/fetch/ResourceFetcher.cpp
+++ b/Source/core/fetch/ResourceFetcher.cpp
@@ -555,6 +555,12 @@ bool ResourceFetcher::canRequest(Resource::Type type, const ResourceRequest& res
             return false;
     }
 
+    // FIXME(mkwst): Make sure that CSP uses RequestContext instead of this terrible Resource::Type enum.

[Mike West, 2014/09/16 11:46:20]

Nit: We don't generally do the (<nick>) thing in Blink. Please just link to
http://crbug.com/390497 instead... bugs usually live longer than contributors.
:)

+    if (resourceRequest.requestContext() == WebURLRequest::RequestContextManifest) {
+        if (!shouldBypassMainWorldCSP && !csp->allowManifestFromSource(url, cspReporting))
+            return false;
+    }
+
     // Last of all, check for mixed content. We do this last so that when
     // folks block mixed content with a CSP policy, they don't get a warning.
     // They'll still get a warning in the console about CSP blocking the load.