CSP: Suppress violation reports for extension resources.

We should never get to a point where a `chrome-extension:` resource
shows up in the stack trace for a blocked resource. That said, we're
apparently hitting that scenario somewhat often.

This patch at least ensures that our brokenness isn't spamming reporting
endpoints, and revealing the extensions that users have installed to the
site owners.

BUG=524356

Review URL: https://codereview.chromium.org/1302363004

git-svn-id: svn://svn.chromium.org/blink/trunk@201969 bbb929c8-8fbe-4397-9dbb-9b2b20218538

third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.cpp

@@ -752,6 +752,13 @@ void ContentSecurityPolicy::reportViolation(const String& directiveText, const S
     if (reportEndpoints.isEmpty())
         return;
 
+    // TODO(mkwst): Obviously, we shouldn't hit this check, as extension-loaded
+    // resources should be allowed regardless. We apparently do, however, so
+    // we should at least stop spamming reporting endpoints. See
+    // https://crbug.com/524356 for detail.
+    if (!violationData.sourceFile().isEmpty() && SchemeRegistry::schemeShouldBypassContentSecurityPolicy(KURL(ParsedURLString, violationData.sourceFile()).protocol()))
+        return;
+
     // We need to be careful here when deciding what information to send to the
     // report-uri. Currently, we send only the current document's URL and the
     // directive that was violated. The document's URL is safe to send because