We should probably merge
CSP: Redirects in DocumentThreadableLoader should respect the active policy.
Canary currently fails test 150 and 156 of Erlend Oftedal's "CSP Testing"
checks. Both fail because we currently only check the URL to which an XHR
connects during 'xhr.open()'. This patch adjusts the checks happening inside
DocumentThreadableLoader::redirectReceived in order to verify that the URL to
which we've been redirected passes through the page's Content Security Policy
*** This bug has been marked as a duplicate of bug 69359 ***