Why do `base-uri` and `frame-ancestors` have different grammars?

[bakkot]

The value for base-uri is a serialized-source-list, which means that, for example, base-uri 'unsafe-eval' is legal.

By contrast, the value frame-ancestors is an ancestor-source-list, which is exactly like serialized-source-list except that it only takes hosts, schemes, or 'self', or 'none'.

In both cases the only operation performed is Does url match source list in origin with redirect count?, which is only concerned with hosts, schemes, and 'self'. In neither case is there a fallback to any other directive. So why do they have different grammars?

(navigate-to similarly only cares about URLs except that it also allows 'unsafe-allow-redirects', which is technically a keyword-source, but is used only by navigate-to.)

[annevk]

Are there detailed tests for this? What browsers do probably influences to what extent this can be cleaned up.

[bakkot]

There do not appear to be any tests for base-uri directives which contain anything other than a single fully qualified URL.

(In general the behavior for unusual CSPs is very poorly specified and even more poorly tested.)