CORS-RFC1918: Introduce 'treat-as-public-address' CSP directive

As defined at, this CSP
directive allows a document to drop any "external request" privileges it
might have based on the IP address from which it was served. This flag
isn't used yet, but will be once we start teaching the various loaders
about the joys and sorrows of external requests.


Review URL:

Cr-Commit-Position: refs/heads/master@{#378735}
5 files changed