Use origin rather than url in CSPDirectiveList::checkAncestors.

This should make this check compatible with remote frames, which don't
have access to URLs by design.

This causes a behavioral change for sandboxed documents, which will
no longer match as they would with URLs, since their origin is unique
(assuming no allow-same-origin).  This should be ok -- see
https://github.com/w3c/webappsec/issues/311 for discussion.

BUG=582544
CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_site_isolation

Review URL: https://codereview.chromium.org/1654393002

Cr-Commit-Position: refs/heads/master@{#373913}

0 files changed, 0 insertions, 0 deletions