CSP: "local schemes" should inherit policy when embedded.
https://w3c.github.io/webappsec-csp/#initialize-document-csp mandates
that resources with "local schemes" ('data:', 'blob:', 'filesystem:',
'about:') inherit the policy of their embedding context when pulled in
via an '<iframe>'.
I'm pretty sure this worked at some point in the past, but I apparently
didn't put a test on it. It does work in Firefox. Let's match their
behavior and lock it in.
BUG=513860
R=jochen@chromium.org, dcheng@chromium.org
Review-Url: https://codereview.chromium.org/2472333003
Cr-Commit-Position: refs/heads/master@{#435165}
11 files changed
