Forward CSP violation reporting from RenderFrameProxy to RenderFrameImpl.

content/common/frame_messages.h

Index: content/common/frame_messages.h
diff --git a/content/common/frame_messages.h b/content/common/frame_messages.h
index c1b4fd4cfe84884739bc761d435aa1da53f238bf..71a83d144262b2d0f431dd91861ec528cdeb04fe 100644
--- a/content/common/frame_messages.h
+++ b/content/common/frame_messages.h
@@ -18,7 +18,7 @@
 #include "cc/surfaces/surface_sequence.h"
 #include "content/common/content_export.h"
 #include "content/common/content_param_traits.h"
-#include "content/common/content_security_policy_header.h"
+#include "content/common/content_security_policy_structs.h"
 #include "content/common/frame_message_enums.h"
 #include "content/common/frame_owner_properties.h"
 #include "content/common/frame_replication_state.h"
@@ -557,6 +557,16 @@ IPC_STRUCT_BEGIN(FrameHostMsg_CreateChildFrame_Params)
   IPC_STRUCT_MEMBER(content::FrameOwnerProperties, frame_owner_properties)
 IPC_STRUCT_END()
 
+IPC_STRUCT_TRAITS_BEGIN(content::ContentSecurityPolicyViolation)
+  IPC_STRUCT_TRAITS_MEMBER(directive_text)
+  IPC_STRUCT_TRAITS_MEMBER(effective_directive)
+  IPC_STRUCT_TRAITS_MEMBER(console_message)
+  IPC_STRUCT_TRAITS_MEMBER(blocked_url)
+  IPC_STRUCT_TRAITS_MEMBER(header)

[alexmos, 2016/08/09 18:01:19]

Does |report_endpoints| also need to be here?

[Łukasz Anforowicz, 2016/08/09 22:23:20]

Ooops.  Thanks for catching this.  Done.

+  IPC_STRUCT_TRAITS_MEMBER(violation_type)
+  IPC_STRUCT_TRAITS_MEMBER(followed_redirect)
+IPC_STRUCT_TRAITS_END()
+
 IPC_STRUCT_TRAITS_BEGIN(content::ContentSecurityPolicyHeader)
   IPC_STRUCT_TRAITS_MEMBER(header_value)
   IPC_STRUCT_TRAITS_MEMBER(type)
@@ -811,6 +821,16 @@ IPC_MESSAGE_ROUTED1(FrameMsg_AddContentSecurityPolicy,
 // Resets ContentSecurityPolicy in a frame proxy / in RemoteSecurityContext.
 IPC_MESSAGE_ROUTED0(FrameMsg_ResetContentSecurityPolicy)
 
+// Reports Content Security Policy violation from within the target frame.

[alexmos, 2016/08/09 18:01:19]

I was a bit confused by what "from within the target frame" means.   Maybe just
unify with next sentence into something like "Reports a CSP violation that was
triggered in another process"?  Also, maybe explicitly mention frame-src, so one
can quickly get an idea of which directives this is for?

[Łukasz Anforowicz, 2016/08/09 22:23:20]

Done (I think).

+// This is useful if the CSP violation has been detected in another process
+// (e.g. in another renderer process - https://crbug.com/611232 or [in the
+// future] in the browser process - https://crbug.com/376522).  In this case
+// we need to notify the frame where Content Security Policy originated from
+// so that *this* frame can raise SecurityPolicyViolationEvent event (and do

[alexmos, 2016/08/09 18:01:19]

nit: I'd remove the parens and simplify their contents to just "and finish
reporting the violation". 

[Łukasz Anforowicz, 2016/08/09 22:23:20]

Done.

+// other things needed to finish reporting the violation).
+IPC_MESSAGE_ROUTED1(FrameMsg_ReportContentSecurityPolicyViolation,
+                    content::ContentSecurityPolicyViolation)
+
 // Update a proxy's replicated enforcement of insecure request policy.
 // Used when the frame's policy is changed in another process.
 IPC_MESSAGE_ROUTED1(FrameMsg_EnforceInsecureRequestPolicy,
@@ -1062,6 +1082,12 @@ IPC_MESSAGE_ROUTED2(FrameHostMsg_DidChangeName,
 IPC_MESSAGE_ROUTED1(FrameHostMsg_DidAddContentSecurityPolicy,
                     content::ContentSecurityPolicyHeader)
 
+// Asks the browser to forward a Content Security Policy violation from a frame
+// proxy to the real frame.  See also
+// FrameMsg_ReportContentSecurityPolicyViolation.
+IPC_MESSAGE_ROUTED1(FrameHostMsg_ForwardContentSecurityPolicyViolation,
+                    content::ContentSecurityPolicyViolation)
+
 // Sent when the frame starts enforcing an insecure request policy. Sending
 // this information in DidCommitProvisionalLoad isn't sufficient; this
 // message is needed because, for example, a document can dynamically insert