Implement CSP check for manifest fetching

Source/core/frame/csp/ContentSecurityPolicy.h

Index: Source/core/frame/csp/ContentSecurityPolicy.h
diff --git a/Source/core/frame/csp/ContentSecurityPolicy.h b/Source/core/frame/csp/ContentSecurityPolicy.h
index 925200321cbf5aedda5f51a009f737804b352101..fbeb52a2535f1ab1cbfbb4d9bd6f098648c57bef 100644
--- a/Source/core/frame/csp/ContentSecurityPolicy.h
+++ b/Source/core/frame/csp/ContentSecurityPolicy.h
@@ -86,6 +86,10 @@ public:
     static const char ReflectedXSS[];
     static const char Referrer[];
 
+    // Manifest Directives (to be merged into CSP 1.1)

[Mike West, 2014/09/29 11:00:46]

Nit: Can you change this and line 80 to refer to "CSP Level 2"? We changed the
versioning.

+    // https://w3c.github.io/manifest/#content-security-policy
+    static const char ManifestSrc[];
+
     enum ReportingStatus {
         SendReport,
         SuppressReport
@@ -129,6 +133,8 @@ public:
     bool allowChildContextFromSource(const KURL&, ReportingStatus = SendReport) const;
     bool allowWorkerContextFromSource(const KURL&, ReportingStatus = SendReport) const;
 
+    bool allowManifestFromSource(const KURL&, ReportingStatus = SendReport) const;
+
     // The nonce and hash allow functions are guaranteed to not have any side
     // effects, including reporting.
     // Nonce/Hash functions check all policies relating to use of a script/style