Refactor InitializeContentSecurityPolicy().

(This is a pure refactor. Changes in behavior aren't expected)

- Use early returns, it avoid using too many nested if/then/else. There
  was up to 4 level of indentation in this function.

- Remove unnecessary DCHECK. Checking a pointer to be non-null before
  dereferencing it is useless, because it would have immediately crash
  anyway.

Bug: 1001982
Change-Id: Id54de8441bb0b19b91a70d22435dff5fcd6c5260
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1806674Reviewed-by: Daniel Cheng <dcheng@chromium.org>
Commit-Queue: Arthur Sonzogni <arthursonzogni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#697538}

third_party/blink/renderer/core/dom/document.cc

@@ -697,44 +697,43 @@ class Document::SecurityContextInit : public FeaturePolicyParserDelegate {
         frame ? frame->Loader().GetLastOriginDocumentCSP() : nullptr;
 
     KURL url;
-    if (initializer.ShouldSetURL()) {
-      url = initializer.Url();
-      if (url.IsEmpty())
-        url = BlankURL();
-    }
-
-    if (initializer.HasSecurityContext() && !initializer.OriginToCommit() &&
-        initializer.OwnerDocument()) {
-      // Alias certain security properties from |owner_document|. Used for
-      // the case of about:blank pages inheriting the security properties of
-      //   their requestor context.
-      // Note that this is currently somewhat broken; Blink always inherits
-      // from the parent or opener, even though it should actually be
-      // inherited from the request initiator.
-      if (url.IsEmpty()) {
+    if (initializer.ShouldSetURL())
+      url = initializer.Url().IsEmpty() ? BlankURL() : initializer.Url();
+
+    // Alias certain security properties from |owner_document|. Used for the
+    // case of about:blank pages inheriting the security properties of their
+    // requestor context.
+    //
+    // Note that this is currently somewhat broken; Blink always inherits from
+    // the parent or opener, even though it should actually be inherited from
+    // the request initiator.
+    if (url.IsEmpty() && initializer.HasSecurityContext() &&
+        !initializer.OriginToCommit() && initializer.OwnerDocument()) {
       last_origin_document_csp =
           initializer.OwnerDocument()->GetContentSecurityPolicy();
     }
-    }
 
     csp_ = initializer.GetContentSecurityPolicy();
 
-    if (!csp_ && initializer.ImportsController()) {
+    if (!csp_) {
+      if (initializer.ImportsController()) {
         // If this document is an HTML import, grab a reference to its master
         // document's Content Security Policy. We don't bind the CSP's delegate
-      // in 'InitSecurityPolicy' in this case, as we can't rebind the
-      // master document's policy object: The Content Security Policy's delegate
+        // in 'InitSecurityPolicy' in this case, as we can't rebind the master
+        // document's policy object: The Content Security Policy's delegate
         // needs to remain set to the master document.
-      csp_ =
-          initializer.ImportsController()->Master()->GetContentSecurityPolicy();
-    } else {
-      if (!csp_) {
+        csp_ = initializer.ImportsController()
+                   ->Master()
+                   ->GetContentSecurityPolicy();
+        return;
+      }
+
       csp_ = MakeGarbageCollected<ContentSecurityPolicy>();
       bind_csp_immediately_ = true;
     }
 
-      // We should inherit the navigation initiator CSP if the document is
-      // loaded using a local-scheme url.
+    // We should inherit the navigation initiator CSP if the document is loaded
+    // using a local-scheme url.
     if (last_origin_document_csp &&
         (url.IsEmpty() || url.ProtocolIsAbout() || url.ProtocolIsData() ||
          url.ProtocolIs("blob") || url.ProtocolIs("filesystem"))) {
@@ -742,26 +741,25 @@ class Document::SecurityContextInit : public FeaturePolicyParserDelegate {
     }
 
     if (document_classes & kPluginDocumentClass) {
-        // TODO(andypaicu): This should inherit the origin document's plugin
-        // types but because this could be a OOPIF document it might not have
-        // access. In this situation we fallback on using the parent/opener.
       if (last_origin_document_csp) {
         csp_->CopyPluginTypesFrom(last_origin_document_csp);
-        } else if (frame) {
+        return;
+      }
+
+      // TODO(andypaicu): This should inherit the origin document's plugin types
+      // but because this could be a OOPIF document it might not have access. In
+      // this situation we fallback on using the parent/opener:
+      if (frame) {
         Frame* inherit_from = frame->Tree().Parent()
                                   ? frame->Tree().Parent()
                                   : frame->Client()->Opener();
         if (inherit_from && frame != inherit_from) {
-            DCHECK(
-                inherit_from->GetSecurityContext() &&
-                inherit_from->GetSecurityContext()->GetContentSecurityPolicy());
           csp_->CopyPluginTypesFrom(
               inherit_from->GetSecurityContext()->GetContentSecurityPolicy());
         }
       }
     }
   }
-  }
 
   void InitializeSandboxFlags(const DocumentInit& initializer) {
     sandbox_flags_ = initializer.GetSandboxFlags() | csp_->GetSandboxMask();