Replicate Content-Security-Policy into remote frame proxies.

content/browser/frame_host/render_frame_host_manager.cc

Index: content/browser/frame_host/render_frame_host_manager.cc
diff --git a/content/browser/frame_host/render_frame_host_manager.cc b/content/browser/frame_host/render_frame_host_manager.cc
index 58c17d54c34798e0e070878e4e572a594f41a3a3..9807b993dff696292d571e358668d5d57d2676f2 100644
--- a/content/browser/frame_host/render_frame_host_manager.cc
+++ b/content/browser/frame_host/render_frame_host_manager.cc
@@ -937,6 +937,21 @@ void RenderFrameHostManager::OnDidUpdateName(const std::string& name,
   }
 }
 
+void RenderFrameHostManager::OnDidAddContentSecurityPolicy(
+    const ContentSecurityPolicyHeader& header) {
+  for (const auto& pair : proxy_hosts_) {

[alexmos, 2016/05/11 19:46:40]

Should we return early if AreCrossProcessFramesPossible() is false, similarly to
functions above? (It would only be sending updates to popups/openers in other
FrameTrees in that case, which don't need CSP replication.)  

This is minor though, as AreCrossProcessFramesPossible will be true once we ship
--isolate-extensions.  Also, perhaps this should really replicate only to
proxies in the same FrameTree, but probably no need to do it in this CL, as this
also applies for a few other functions here.

[Łukasz Anforowicz, 2016/05/11 23:14:47]

Done.  I've also added this to RenderFrameImpl::didAddContentSecurityPolicy to
avoid unnecessary IPC when there are no RenderFrameProxies possible.
I don't understand - I thought that RenderFrameHostManager manages
RenderFrameHost + RenderFrameProxyHosts for a single frame (and doesn't know
about other frames, or frames from another frame tree).
Ack.

[alexmos, 2016/05/12 22:37:24]

The proxy_hosts_ for this node (the node with updated CSP), will have proxies
for all SiteInstances that can reach this frame.  This includes all
SiteInstances for cross-site frames in the same FrameTree, but might also
include SiteInstances of frames from other FrameTrees (e.g., those that might
reach this frame via window.opener, or from a window.open reference, or via
window.open("","foo")).  So if we have A-embed-B-embed-C, and C opens a popup D,
C's RFHM will have proxy_hosts_ for {A,B,D}.  What I meant was that there's no
need to replicate CSP to D, since things like frame-src or child-src don't apply
across popups.  (We already do something like this in
FrameTree::SetFocusedFrame, with CollectSiteInstances.)

[Łukasz Anforowicz, 2016/05/13 17:29:15]

Thank you for the explanation - I think I got it now.

As you say - we might want to do this in a separate CL (because it applies to
other things here + because hopefully this code will be short-lived and replaced
with browser-side checks).

+    pair.second->Send(new FrameMsg_AddContentSecurityPolicy(
+        pair.second->GetRoutingID(), header));
+  }
+}
+
+void RenderFrameHostManager::OnDidResetContentSecurityPolicy() {
+  for (const auto& pair : proxy_hosts_) {
+    pair.second->Send(
+        new FrameMsg_ResetContentSecurityPolicy(pair.second->GetRoutingID()));
+  }
+}
+
 void RenderFrameHostManager::OnEnforceStrictMixedContentChecking(
     bool should_enforce) {
   if (!SiteIsolationPolicy::AreCrossProcessFramesPossible())