Replicate Content-Security-Policy into remote frame proxies.

third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.h

 /*
  * Copyright (C) 2011 Google, Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
  * 1. Redistributions of source code must retain the above copyright
  *    notice, this list of conditions and the following disclaimer.
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in the
@@ skipping 37 matching lines @@
 class OrdinalNumber;
 }
 
 namespace blink {
 
 class ContentSecurityPolicyResponseHeaders;
 class ConsoleMessage;
 class CSPDirectiveList;
 class CSPSource;
 class Document;
+class FrameLoaderClient;
 class KURL;
 class ResourceRequest;
 class SecurityOrigin;
 
 typedef int SandboxFlags;
 typedef HeapVector<Member<CSPDirectiveList>> CSPDirectiveListVector;
 typedef HeapVector<Member<ConsoleMessage>> ConsoleMessageVector;
 typedef std::pair<String, ContentSecurityPolicyHeaderType> CSPHeaderAndType;
 
 class CORE_EXPORT ContentSecurityPolicy : public GarbageCollectedFinalized<ContentSecurityPolicy> {
@@ skipping 67 matching lines @@
     };
 
     static ContentSecurityPolicy* create()
     {
         return new ContentSecurityPolicy();
     }
     ~ContentSecurityPolicy();
     DECLARE_TRACE();
 
     void bindToExecutionContext(ExecutionContext*);
+    void setupSelf(const SecurityOrigin&);
     void copyStateFrom(const ContentSecurityPolicy*);
     void copyPluginTypesFrom(const ContentSecurityPolicy*);
 
     void didReceiveHeaders(const ContentSecurityPolicyResponseHeaders&);
     void didReceiveHeader(const String&, ContentSecurityPolicyHeaderType, ContentSecurityPolicyHeaderSource);
+    void replicateHeader(const String&, ContentSecurityPolicyHeaderType, ContentSecurityPolicyHeaderSource);
+    void reportAccumulatedHeaders(FrameLoaderClient*) const;
 
     PassOwnPtr<Vector<CSPHeaderAndType>> headers() const;
 
     bool allowJavaScriptURLs(const String& contextURL, const WTF::OrdinalNumber& contextLine, ReportingStatus = SendReport) const;
     bool allowInlineEventHandler(const String& source, const String& contextURL, const WTF::OrdinalNumber& contextLine, ReportingStatus = SendReport) const;
     bool allowInlineScript(const String& contextURL, const WTF::OrdinalNumber& contextLine, const String& scriptContent, ReportingStatus = SendReport) const;
     bool allowInlineStyle(const String& contextURL, const WTF::OrdinalNumber& contextLine, const String& styleContent, ReportingStatus = SendReport) const;
     // When the reporting status is |SendReport|, the |ExceptionStatus|
     // should indicate whether the caller will throw a JavaScript
     // exception in the event of a violation. When the caller will throw
@@ skipping 104 matching lines @@
 
     static bool isDirectiveName(const String&);
 
     Document* document() const;
 
 private:
     ContentSecurityPolicy();
 
     void applyPolicySideEffectsToExecutionContext();
 
-    SecurityOrigin* getSecurityOrigin() const;
     KURL completeURL(const String&) const;
 
     void logToConsole(const String& message, MessageLevel = ErrorMessageLevel);
-    void addPolicyFromHeaderValue(const String&, ContentSecurityPolicyHeaderType, ContentSecurityPolicyHeaderSource);
+
+    FrameLoaderClient* frameLoaderClient() const;
+    enum FrameLoaderClientNotificationAction {

[dcheng, 2016/05/17 05:57:15]

This enum is quite a mouthful. Since the replication logic looks quite simple,
how about:

- The original logic for addPolicyFromheaderValue() goes into replicateHeader()
(or whatever you'd like to call it)
- addPolicyFromHeaderValue() just delegates to replicateHeader(), and always
calls FrameLoaderClient::didAddContentSecurityPolicy(...)

[Łukasz Anforowicz, 2016/05/17 17:01:23]

Done.

After the changes the check "if this is a report-only header inside a <meta>
element, bail out" happens *after* notifying FrameLoaderClient, but this should
be okay (the check will happen again when replicating so the incorrect header
will still get filtered out + the extra header in FrameReplicationState should
be rare).  I guess I could report success-vs-failure from
addPolicyFromHeaderValue and only notify FrameLoaderClient upon success (but
then this would require introducing a success-or-failure enum?  couldn't find a
generic one in Blink).

+        NotifyFrameLoaderClient,
+        DontNotifyFrameLoaderClient,
+    };
+    void addPolicyFromHeaderValue(const String&, ContentSecurityPolicyHeaderType, ContentSecurityPolicyHeaderSource, FrameLoaderClientNotificationAction = NotifyFrameLoaderClient);
 
     bool shouldSendViolationReport(const String&) const;
     void didSendViolationReport(const String&);
 
     Member<ExecutionContext> m_executionContext;
     bool m_overrideInlineStyleAllowed;
     CSPDirectiveListVector m_policies;
     ConsoleMessageVector m_consoleMessages;
 
     HashSet<unsigned, AlreadyHashed> m_violationReportsSent;
@@ skipping 12 matching lines @@
     String m_disableEvalErrorMessage;
     SecurityContext::InsecureRequestsPolicy m_insecureRequestsPolicy;
 
     Member<CSPSource> m_selfSource;
     String m_selfProtocol;
 };
 
 } // namespace blink
 
 #endif