Adding Embedding-CSP HTTP header

third_party/WebKit/Source/core/loader/FrameLoader.cpp

 /*
  * Copyright (C) 2006, 2007, 2008, 2009, 2010, 2011 Apple Inc. All rights
  * reserved.
  * Copyright (C) 2008 Nokia Corporation and/or its subsidiary(-ies)
  * Copyright (C) 2008, 2009 Torch Mobile Inc. All rights reserved.
  * (http://www.torchmobile.com/)
  * Copyright (C) 2008 Alp Toker <alp@atoker.com>
  * Copyright (C) Research In Motion Limited 2009. All rights reserved.
  * Copyright (C) 2011 Kris Jordan <krisjordan@gmail.com>
  * Copyright (C) 2011 Google Inc. All rights reserved.
@@ skipping 1588 matching lines @@
   NavigationType navigationType = determineNavigationType(
       type,
       frameLoadRequest.resourceRequest().httpBody() || frameLoadRequest.form(),
       frameLoadRequest.triggeringEvent());
   frameLoadRequest.resourceRequest().setRequestContext(
       determineRequestContextFromNavigationType(navigationType));
   frameLoadRequest.resourceRequest().setFrameType(
       m_frame->isMainFrame() ? WebURLRequest::FrameTypeTopLevel
                              : WebURLRequest::FrameTypeNested);
   ResourceRequest& request = frameLoadRequest.resourceRequest();
-  upgradeInsecureRequest(request, nullptr);
+
+  // Record the latest requiredCSP value that will be used when sending this request.
+  recordLatestRequiredCSP();
+  modifyRequestForCSP(request, nullptr);
   if (!shouldContinueForNavigationPolicy(
           request, frameLoadRequest.substituteData(), nullptr,
           frameLoadRequest.shouldCheckMainWorldContentSecurityPolicy(),
           navigationType, navigationPolicy,
           type == FrameLoadTypeReplaceCurrentItem,
           frameLoadRequest.clientRedirect() ==
               ClientRedirectPolicy::ClientRedirect,
           frameLoadRequest.form()))
     return;
 
@@ skipping 191 matching lines @@
 
   // FIXME: We need a way to propagate insecure requests policy flags to
   // out-of-process frames. For now, we'll always use default behavior.
   if (!parentFrame->isLocalFrame())
     return nullptr;
 
   DCHECK(toLocalFrame(parentFrame)->document());
   return toLocalFrame(parentFrame)->document()->insecureNavigationsToUpgrade();
 }
 
-void FrameLoader::upgradeInsecureRequest(ResourceRequest& resourceRequest,
-                                         Document* document) const {
-  // Tack an 'Upgrade-Insecure-Requests' header to outgoing navigational
-  // requests, as described in
+void FrameLoader::modifyRequestForCSP(ResourceRequest& resourceRequest,
+                                      Document* document) const {
+  if (RuntimeEnabledFeatures::embedderCSPEnforcementEnabled() &&
+      !requiredCSP().isEmpty()) {
+    DCHECK(requiredCSP());

[Mike West, 2016/10/07 12:11:59]

I was going for something more like `DCHECK(requiredCSP() does not contain crazy
characters.)`.

+    resourceRequest.setHTTPHeaderField(HTTPNames::Embedding_CSP, requiredCSP());
+  }
+
+  // Tack an 'Upgrade-Insecure-Requests' header to outgoing navigational requests, as described in
   // https://w3c.github.io/webappsec/specs/upgrade/#feature-detect
   if (resourceRequest.frameType() != WebURLRequest::FrameTypeNone) {
     // Early return if the request has already been upgraded.
     if (resourceRequest.httpHeaderField("Upgrade-Insecure-Requests") ==
         AtomicString("1"))
       return;
 
     resourceRequest.addHTTPHeaderField("Upgrade-Insecure-Requests", "1");
   }
 
+  upgradeInsecureRequest(resourceRequest, document);
+}
+
+void FrameLoader::upgradeInsecureRequest(ResourceRequest& resourceRequest,
+                                         Document* document) const {
   KURL url = resourceRequest.url();
 
   // If we don't yet have an |m_document| (because we're loading an iframe, for
   // instance), check the FrameLoader's policy.
   WebInsecureRequestPolicy relevantPolicy =
       document ? document->getInsecureRequestPolicy()
                : getInsecureRequestPolicy();
   SecurityContext::InsecureNavigationsSet* relevantNavigationSet =
       document ? document->insecureNavigationsToUpgrade()
                : insecureNavigationsToUpgrade();
@@ skipping 12 matching lines @@
       UseCounter::count(document,
                         UseCounter::UpgradeInsecureRequestsUpgradedRequest);
       url.setProtocol("https");
       if (url.port() == 80)
         url.setPort(443);
       resourceRequest.setURL(url);
     }
   }
 }
 
+void FrameLoader::recordLatestRequiredCSP() {
+  m_requiredCSP = m_frame->owner() ? m_frame->owner()->csp() : nullAtom;
+}
+
 std::unique_ptr<TracedValue> FrameLoader::toTracedValue() const {
   std::unique_ptr<TracedValue> tracedValue = TracedValue::create();
   tracedValue->beginDictionary("frame");
   tracedValue->setString(
       "id_ref",
       String::format(
           "0x%" PRIx64,
           static_cast<uint64_t>(reinterpret_cast<uintptr_t>(m_frame.get()))));
   tracedValue->endDictionary();
   tracedValue->setBoolean("isLoadingMainFrame", isLoadingMainFrame());
   tracedValue->setString("stateMachine", m_stateMachine.toString());
   tracedValue->setString("provisionalDocumentLoaderURL",
                          m_provisionalDocumentLoader
                              ? m_provisionalDocumentLoader->url()
                              : String());
   tracedValue->setString("documentLoaderURL",
                          m_documentLoader ? m_documentLoader->url() : String());
   return tracedValue;
 }
 
 inline void FrameLoader::takeObjectSnapshot() const {
   TRACE_EVENT_OBJECT_SNAPSHOT_WITH_ID("loading", "FrameLoader", this,
                                       toTracedValue());
 }
 
 }  // namespace blink