Implement CSP check for manifest fetching

Source/core/fetch/ResourceFetcher.cpp

Index: Source/core/fetch/ResourceFetcher.cpp
diff --git a/Source/core/fetch/ResourceFetcher.cpp b/Source/core/fetch/ResourceFetcher.cpp
index 1b338d08ad250a1ff8457c470e53e9344db84ca4..f40e0523ced1335dede8d56a5ff17db3f2a1a641 100644
--- a/Source/core/fetch/ResourceFetcher.cpp
+++ b/Source/core/fetch/ResourceFetcher.cpp
@@ -557,6 +557,12 @@ bool ResourceFetcher::canRequest(Resource::Type type, const ResourceRequest& res
             return false;
     }
 
+    // FIXME(http://crbug.com/390497): Make sure that CSP uses RequestContext instead of this terrible Resource::Type enum.

[Mike West, 2014/09/29 11:00:46]

Nit: Can you change this to something like "FIXME: Once we use RequestContext
for CSP ([bug link]), remove this extra check."?

+    if (resourceRequest.requestContext() == WebURLRequest::RequestContextManifest) {
+        if (!shouldBypassMainWorldCSP && !csp->allowManifestFromSource(url, cspReporting))
+            return false;
+    }
+
     // Measure the number of legacy URL schemes ('ftp://') and the number of embedded-credential
     // ('http://user:password@...') resources embedded as subresources. in the hopes that we can
     // block them at some point in the future.