Replicate Content-Security-Policy into remote frame proxies.

third_party/WebKit/public/web/WebFrameClient.h

 /*
  * Copyright (C) 2011, 2012 Google Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions are
  * met:
  *
  *     * Redistributions of source code must retain the above copyright
  * notice, this list of conditions and the following disclaimer.
  *     * Redistributions in binary form must reproduce the above
@@ skipping 39 matching lines @@
 #include "public/platform/WebEffectiveConnectionType.h"
 #include "public/platform/WebFileSystem.h"
 #include "public/platform/WebFileSystemType.h"
 #include "public/platform/WebLoadingBehaviorFlag.h"
 #include "public/platform/WebSecurityOrigin.h"
 #include "public/platform/WebSetSinkIdCallbacks.h"
 #include "public/platform/WebStorageQuotaCallbacks.h"
 #include "public/platform/WebStorageQuotaType.h"
 #include "public/platform/WebURLError.h"
 #include "public/platform/WebURLRequest.h"
+#include "public/web/WebContentSecurityPolicy.h"
 #include <v8.h>
 
 namespace blink {
 
 enum class WebTreeScopeType;
 class ServiceRegistry;
 class WebApplicationCacheHost;
 class WebApplicationCacheHostClient;
 class WebAppBannerClient;
 class WebBluetooth;
@@ skipping 120 matching lines @@
     // considered potentially trustworthy if
     // |isPotentiallyTrustworthyUniqueOrigin| is true. TODO(estark):
     // this method only exists to support dynamic sandboxing via a CSP
     // delivered in a <meta> tag. This is not supposed to be allowed per
     // the CSP spec and should be ripped out. https://crbug.com/594645
     virtual void didUpdateToUniqueOrigin(bool isPotentiallyTrustworthyUniqueOrigin) {}
 
     // The sandbox flags have changed for a child frame of this frame.
     virtual void didChangeSandboxFlags(WebFrame* childFrame, WebSandboxFlags flags) { }
 
+    // Called when a new Content Security Policy is added to the frame's
+    // document.  This can be triggered by handling of HTTP headers, handling
+    // of <meta> element, or by inheriting CSP from the parent (in case of
+    // about:blank).
+    virtual void didAddContentSecurityPolicy(const WebString& headerValue, WebContentSecurityPolicyType, WebContentSecurityPolicySource) { }
+
     // Some frame owner properties have changed for a child frame of this frame.
     // Frame owner properties currently include: scrolling, marginwidth and
     // marginheight.
     virtual void didChangeFrameOwnerProperties(WebFrame* childFrame, const WebFrameOwnerProperties&) { }
 
     // Called when a watched CSS selector matches or stops matching.
     virtual void didMatchCSS(WebLocalFrame*, const WebVector<WebString>& newlyMatchingSelectors, const WebVector<WebString>& stoppedMatchingSelectors) { }
 
 
     // Console messages ----------------------------------------------------
@@ skipping 501 matching lines @@
     // Mojo ----------------------------------------------------------------
     virtual ServiceRegistry* serviceRegistry() { return nullptr; }
 
 protected:
     virtual ~WebFrameClient() { }
 };
 
 } // namespace blink
 
 #endif