Forward CSP violation reporting from RenderFrameProxy to RenderFrameImpl.

third_party/WebKit/Source/web/WebLocalFrameImpl.cpp

 /*
  * Copyright (C) 2009 Google Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions are
  * met:
  *
  *     * Redistributions of source code must retain the above copyright
  * notice, this list of conditions and the following disclaimer.
  *     * Redistributions in binary form must reproduce the above
@@ skipping 2228 matching lines @@
     } else if (metric == "npnNegotiatedProtocol") {
         feature = UseCounter::ChromeLoadTimesNpnNegotiatedProtocol;
     } else if (metric == "wasAlternateProtocolAvailable") {
         feature = UseCounter::ChromeLoadTimesWasAlternateProtocolAvailable;
     } else if (metric == "connectionInfo") {
         feature = UseCounter::ChromeLoadTimesConnectionInfo;
     }
     UseCounter::count(frame(), feature);
 }
 
+void WebLocalFrameImpl::reportContentSecurityPolicyViolation(
+    const WebString& directiveText,
+    const WebString& effectiveDirective,
+    const WebString& consoleMessage,
+    const WebURL& blockedURL,
+    const WebVector<WebString>& reportEndpoints,
+    const WebString& header,
+    WebContentSecurityPolicyViolationType violationType,
+    bool followedRedirect)
+{
+    ContentSecurityPolicy* policy = m_frame->securityContext()->contentSecurityPolicy();
+
+    Vector<String> coreReportEndpoints;
+    coreReportEndpoints.reserveInitialCapacity(reportEndpoints.size());
+    for (const WebString& reportEndpoint : reportEndpoints) {
+        // |reportEndpoints| comes from another renderer process - restrict it
+        // to endpoints actually covered by our Content Security Policy.
+        if (policy->coversReportEndpoint(reportEndpoint))
+            coreReportEndpoints.append(reportEndpoint);
+    }
+
+    auto redirectStatus = followedRedirect
+        ? ResourceRequest::RedirectStatus::FollowedRedirect
+        : ResourceRequest::RedirectStatus::NoRedirect;
+
+    // This method has no |contextLine| parameter, because source information
+    // should not be disclosed cross-site and therefore caller of this method
+    // (by design) does not have access to the line number associated with this
+    // Content Security Policy violation.
+    int contextLine = 0;
+
+    policy->logToConsole(ConsoleMessage::create(
+        SecurityMessageSource,
+        ErrorMessageLevel,
+        consoleMessage));
+    policy->reportViolation(
+        directiveText,
+        effectiveDirective,
+        consoleMessage,
+        blockedURL,
+        coreReportEndpoints,
+        header,
+        static_cast<ContentSecurityPolicy::ViolationType>(violationType),
+        nullptr, // contextFrame
+        redirectStatus,
+        contextLine);
+}
+
 } // namespace blink