Replicate Content-Security-Policy into remote frame proxies.

third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.cpp

Index: third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.cpp
diff --git a/third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.cpp b/third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.cpp
index 950512fc3bd9385c4a1d926f40470d5a51b68772..cb7e8066af84b847e82f0b50740f542e8fa4ea11 100644
--- a/third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.cpp
+++ b/third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.cpp
@@ -31,6 +31,7 @@
 #include "core/dom/Document.h"
 #include "core/dom/SandboxFlags.h"
 #include "core/events/SecurityPolicyViolationEvent.h"
+#include "core/frame/FrameClient.h"
 #include "core/frame/LocalDOMWindow.h"
 #include "core/frame/LocalFrame.h"
 #include "core/frame/UseCounter.h"
@@ -42,6 +43,7 @@
 #include "core/inspector/ConsoleMessage.h"
 #include "core/inspector/InspectorInstrumentation.h"
 #include "core/loader/DocumentLoader.h"
+#include "core/loader/FrameLoaderClient.h"
 #include "core/loader/PingLoader.h"
 #include "platform/JSONValues.h"
 #include "platform/ParsingUtilities.h"
@@ -157,13 +159,20 @@ void ContentSecurityPolicy::bindToExecutionContext(ExecutionContext* executionCo
     applyPolicySideEffectsToExecutionContext();
 }
 
+void ContentSecurityPolicy::setupSelf(const SecurityOrigin& securityOrigin)
+{
+    // Ensure that 'self' processes correctly.
+    m_selfProtocol = securityOrigin.protocol();
+    m_selfSource = new CSPSource(this, m_selfProtocol, securityOrigin.host(), securityOrigin.port(), String(), CSPSource::NoWildcard, CSPSource::NoWildcard);
+}
+
 void ContentSecurityPolicy::applyPolicySideEffectsToExecutionContext()
 {
     ASSERT(m_executionContext);
-    ASSERT(getSecurityOrigin());
-    // Ensure that 'self' processes correctly.
-    m_selfProtocol = getSecurityOrigin()->protocol();
-    m_selfSource = new CSPSource(this, m_selfProtocol, getSecurityOrigin()->host(), getSecurityOrigin()->port(), String(), CSPSource::NoWildcard, CSPSource::NoWildcard);
+
+    SecurityOrigin* securityOrigin = m_executionContext->securityContext().getSecurityOrigin();
+    ASSERT(securityOrigin);
+    setupSelf(*securityOrigin);
 
     if (didSetReferrerPolicy())
         m_executionContext->setReferrerPolicy(m_referrerPolicy);
@@ -182,8 +191,8 @@ void ContentSecurityPolicy::applyPolicySideEffectsToExecutionContext()
         if (m_insecureRequestsPolicy == SecurityContext::InsecureRequestsUpgrade) {
             UseCounter::count(document, UseCounter::UpgradeInsecureRequestsEnabled);
             document->setInsecureRequestsPolicy(m_insecureRequestsPolicy);
-            if (!getSecurityOrigin()->host().isNull())
-                document->addInsecureNavigationUpgrade(getSecurityOrigin()->host().impl()->hash());
+            if (!securityOrigin->host().isNull())
+                document->addInsecureNavigationUpgrade(securityOrigin->host().impl()->hash());
         }
 
         for (const auto& consoleMessage : m_consoleMessages)
@@ -255,7 +264,12 @@ void ContentSecurityPolicy::didReceiveHeader(const String& header, ContentSecuri
         applyPolicySideEffectsToExecutionContext();
 }
 
-void ContentSecurityPolicy::addPolicyFromHeaderValue(const String& header, ContentSecurityPolicyHeaderType type, ContentSecurityPolicyHeaderSource source)
+void ContentSecurityPolicy::replicateHeader(const String& header, ContentSecurityPolicyHeaderType type, ContentSecurityPolicyHeaderSource source)
+{
+    addPolicyFromHeaderValue(header, type, source, DontNotifyFrameLoaderClient);
+}
+
+void ContentSecurityPolicy::addPolicyFromHeaderValue(const String& header, ContentSecurityPolicyHeaderType type, ContentSecurityPolicyHeaderSource source, FrameLoaderClientNotificationStatus notificationStatus)

[alexmos, 2016/05/12 22:37:25]

nit: maybe "action" instead of "status"?  

[Łukasz Anforowicz, 2016/05/13 17:29:15]

Done.

 {
     // If this is a report-only header inside a <meta> element, bail out.
     if (source == ContentSecurityPolicyHeaderSourceMeta && type == ContentSecurityPolicyHeaderTypeReport) {
@@ -263,6 +277,15 @@ void ContentSecurityPolicy::addPolicyFromHeaderValue(const String& header, Conte
         return;
     }
 
+    // Notify about the new header, so that it can be reported back to the
+    // browser process.  This is needed in order to:
+    // 1) replicate CSP directives (i.e. frame-src) to OOPIFs (only for now / short-term).
+    // 2) enforce CSP in the browser (not yet / long-term - see https://crbug.com/376522).

[alexmos, 2016/05/12 22:37:25]

nit: s/browser/browser process/

[Łukasz Anforowicz, 2016/05/13 17:29:15]

Done.

+    if (notificationStatus == NotifyFrameLoaderClient && document() && document()->frame()) {
+        static_cast<FrameLoaderClient*>(document()->frame()->client())
+            ->didAddContentSecurityPolicy(header, type, source);
+    }
+
     Vector<UChar> characters;
     header.appendTo(characters);
 
@@ -710,11 +733,6 @@ bool ContentSecurityPolicy::didSetReferrerPolicy() const
     return false;
 }
 
-SecurityOrigin* ContentSecurityPolicy::getSecurityOrigin() const
-{
-    return m_executionContext->securityContext().getSecurityOrigin();
-}
-
 const KURL ContentSecurityPolicy::url() const
 {
     return m_executionContext->contextURL();
@@ -796,6 +814,15 @@ static void gatherSecurityPolicyViolationEventData(SecurityPolicyViolationEventI
 void ContentSecurityPolicy::reportViolation(const String& directiveText, const String& effectiveDirective, const String& consoleMessage, const KURL& blockedURL, const Vector<String>& reportEndpoints, const String& header, ViolationType violationType, LocalFrame* contextFrame)
 {
     ASSERT(violationType == URLViolation || blockedURL.isEmpty());
+
+    // TODO(lukasza): Support sending reports from OOPIFs - https://crbug.com/611232
+    // (or move CSP child-src and frame-src checks to the browser - https://crbug.com/376522).

[alexmos, 2016/05/12 22:37:24]

nit: s/browser/browser process/

[Łukasz Anforowicz, 2016/05/13 17:29:15]

Done.

+    if (!m_executionContext && !contextFrame) {
+        ASSERT(equalIgnoringCase(effectiveDirective, ContentSecurityPolicy::ChildSrc)
+            || equalIgnoringCase(effectiveDirective, ContentSecurityPolicy::FrameSrc));
+        return;
+    }
+
     ASSERT((m_executionContext && !contextFrame) || (equalIgnoringCase(effectiveDirective, ContentSecurityPolicy::FrameAncestors) && contextFrame));
 
     // FIXME: Support sending reports from worker.