Forward CSP violation reporting from RenderFrameProxy to RenderFrameImpl.

content/common/frame_messages.h

 // Copyright 2013 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 // IPC messages for interacting with frames.
 // Multiply-included message file, hence no include guard.
 
 #include <stddef.h>
 #include <stdint.h>
 
 #include <map>
 #include <set>
 #include <string>
 #include <vector>
 
 #include "build/build_config.h"
 #include "cc/surfaces/surface_id.h"
 #include "cc/surfaces/surface_sequence.h"
 #include "content/common/content_export.h"
 #include "content/common/content_param_traits.h"
-#include "content/common/content_security_policy_header.h"
+#include "content/common/content_security_policy_structs.h"
 #include "content/common/frame_message_enums.h"
 #include "content/common/frame_owner_properties.h"
 #include "content/common/frame_replication_state.h"
 #include "content/common/navigation_gesture.h"
 #include "content/common/navigation_params.h"
 #include "content/common/savable_subframe.h"
 #include "content/public/common/color_suggestion.h"
 #include "content/public/common/common_param_traits.h"
 #include "content/public/common/console_message_level.h"
 #include "content/public/common/context_menu_params.h"
@@ skipping 518 matching lines @@
 
 IPC_STRUCT_BEGIN(FrameHostMsg_CreateChildFrame_Params)
   IPC_STRUCT_MEMBER(int32_t, parent_routing_id)
   IPC_STRUCT_MEMBER(blink::WebTreeScopeType, scope)
   IPC_STRUCT_MEMBER(std::string, frame_name)
   IPC_STRUCT_MEMBER(std::string, frame_unique_name)
   IPC_STRUCT_MEMBER(blink::WebSandboxFlags, sandbox_flags)
   IPC_STRUCT_MEMBER(content::FrameOwnerProperties, frame_owner_properties)
 IPC_STRUCT_END()
 
+IPC_STRUCT_TRAITS_BEGIN(content::ContentSecurityPolicyViolation)
+  IPC_STRUCT_TRAITS_MEMBER(directive_text)
+  IPC_STRUCT_TRAITS_MEMBER(effective_directive)
+  IPC_STRUCT_TRAITS_MEMBER(console_message)
+  IPC_STRUCT_TRAITS_MEMBER(blocked_url)
+  IPC_STRUCT_TRAITS_MEMBER(header)

[alexmos, 2016/08/09 18:01:19]

Does |report_endpoints| also need to be here?

[Łukasz Anforowicz, 2016/08/09 22:23:20]

Ooops.  Thanks for catching this.  Done.

+  IPC_STRUCT_TRAITS_MEMBER(violation_type)
+  IPC_STRUCT_TRAITS_MEMBER(followed_redirect)
+IPC_STRUCT_TRAITS_END()
+
 IPC_STRUCT_TRAITS_BEGIN(content::ContentSecurityPolicyHeader)
   IPC_STRUCT_TRAITS_MEMBER(header_value)
   IPC_STRUCT_TRAITS_MEMBER(type)
   IPC_STRUCT_TRAITS_MEMBER(source)
 IPC_STRUCT_TRAITS_END()
 
 IPC_STRUCT_TRAITS_BEGIN(content::FileChooserFileInfo)
   IPC_STRUCT_TRAITS_MEMBER(file_path)
   IPC_STRUCT_TRAITS_MEMBER(display_name)
   IPC_STRUCT_TRAITS_MEMBER(file_system_url)
@@ skipping 234 matching lines @@
                     std::string /* name */,
                     std::string /* unique_name */)
 
 // Updates replicated ContentSecurityPolicy in a frame proxy.
 IPC_MESSAGE_ROUTED1(FrameMsg_AddContentSecurityPolicy,
                     content::ContentSecurityPolicyHeader)
 
 // Resets ContentSecurityPolicy in a frame proxy / in RemoteSecurityContext.
 IPC_MESSAGE_ROUTED0(FrameMsg_ResetContentSecurityPolicy)
 
+// Reports Content Security Policy violation from within the target frame.

[alexmos, 2016/08/09 18:01:19]

I was a bit confused by what "from within the target frame" means.   Maybe just
unify with next sentence into something like "Reports a CSP violation that was
triggered in another process"?  Also, maybe explicitly mention frame-src, so one
can quickly get an idea of which directives this is for?

[Łukasz Anforowicz, 2016/08/09 22:23:20]

Done (I think).

+// This is useful if the CSP violation has been detected in another process
+// (e.g. in another renderer process - https://crbug.com/611232 or [in the
+// future] in the browser process - https://crbug.com/376522).  In this case
+// we need to notify the frame where Content Security Policy originated from
+// so that *this* frame can raise SecurityPolicyViolationEvent event (and do

[alexmos, 2016/08/09 18:01:19]

nit: I'd remove the parens and simplify their contents to just "and finish
reporting the violation". 

[Łukasz Anforowicz, 2016/08/09 22:23:20]

Done.

+// other things needed to finish reporting the violation).
+IPC_MESSAGE_ROUTED1(FrameMsg_ReportContentSecurityPolicyViolation,
+                    content::ContentSecurityPolicyViolation)
+
 // Update a proxy's replicated enforcement of insecure request policy.
 // Used when the frame's policy is changed in another process.
 IPC_MESSAGE_ROUTED1(FrameMsg_EnforceInsecureRequestPolicy,
                     blink::WebInsecureRequestPolicy)
 
 // Update a proxy's replicated origin.  Used when the frame is navigated to a
 // new origin.
 IPC_MESSAGE_ROUTED2(FrameMsg_DidUpdateOrigin,
                     url::Origin /* origin */,
                     bool /* is potentially trustworthy unique origin */)
@@ skipping 231 matching lines @@
 
 // Notifies the browser process about a new Content Security Policy that needs
 // to be applies to the frame.  This message is sent when a frame commits
 // navigation to a new location (reporting accumulated policies from HTTP
 // headers and/or policies that might have been inherited from the parent frame)
 // or when a new policy has been discovered afterwards (i.e. found in a
 // dynamically added or a static <meta> element).
 IPC_MESSAGE_ROUTED1(FrameHostMsg_DidAddContentSecurityPolicy,
                     content::ContentSecurityPolicyHeader)
 
+// Asks the browser to forward a Content Security Policy violation from a frame
+// proxy to the real frame.  See also
+// FrameMsg_ReportContentSecurityPolicyViolation.
+IPC_MESSAGE_ROUTED1(FrameHostMsg_ForwardContentSecurityPolicyViolation,
+                    content::ContentSecurityPolicyViolation)
+
 // Sent when the frame starts enforcing an insecure request policy. Sending
 // this information in DidCommitProvisionalLoad isn't sufficient; this
 // message is needed because, for example, a document can dynamically insert
 // a <meta> tag that causes strict mixed content checking to be enforced.
 IPC_MESSAGE_ROUTED1(FrameHostMsg_EnforceInsecureRequestPolicy,
                     blink::WebInsecureRequestPolicy)
 
 // Sent when the frame is set to a unique origin. TODO(estark): this IPC
 // only exists to support dynamic sandboxing via a CSP delivered in a
 // <meta> tag. This is not supposed to be allowed per the CSP spec and
@@ skipping 493 matching lines @@
 // nearest find result in the sending frame.
 IPC_MESSAGE_ROUTED2(FrameHostMsg_GetNearestFindResult_Reply,
                     int /* nfr_request_id */,
                     float /* distance */)
 #endif
 
 // Adding a new message? Stick to the sort order above: first platform
 // independent FrameMsg, then ifdefs for platform specific FrameMsg, then
 // platform independent FrameHostMsg, then ifdefs for platform specific
 // FrameHostMsg.