definitions of ancestor-source differ between documents

[kgoess]

Note the difference:

https://www.w3.org/TR/CSP2/#directive-frame-ancestors says

 ancestor-source      = scheme-source / host-source

https://w3c.github.io/webappsec-csp/#grammardef-ancestor-source-list says

ancestor-source      = scheme-source / host-source / "'self'"

The "self" is kind of an important omission on the first document.

[annevk]

CSP2 is no longer maintained and cannot be updated in place. Although maybe there's a possibility of adding a warning to the document about its status.