Adding Embedding-CSP HTTP header

third_party/WebKit/Source/core/loader/FrameLoader.h

Index: third_party/WebKit/Source/core/loader/FrameLoader.h
diff --git a/third_party/WebKit/Source/core/loader/FrameLoader.h b/third_party/WebKit/Source/core/loader/FrameLoader.h
index e070156784df43e27622d189da8f346faf4b1468..883fba78f443e15bd72db10621371b62facdd2a3 100644
--- a/third_party/WebKit/Source/core/loader/FrameLoader.h
+++ b/third_party/WebKit/Source/core/loader/FrameLoader.h
@@ -148,11 +148,15 @@ public:
 
     WebInsecureRequestPolicy getInsecureRequestPolicy() const;
     SecurityContext::InsecureNavigationsSet* insecureNavigationsToUpgrade() const;
-    void upgradeInsecureRequest(ResourceRequest&, Document*) const;
+    void addOutgoingSecurityHeadersAndUpgradeRequest(ResourceRequest&, Document*) const;

[Mike West, 2016/10/06 08:00:51]

How about `modifyRequestForCSP`?

 
     Frame* opener();
     void setOpener(LocalFrame*);
 
+    const AtomicString& requiredCSP() const { return m_requiredCSP; }
+    void setRequiredCSP(const AtomicString& requiredCSP) { m_requiredCSP = requiredCSP; }
+    void recordLatestRequiredCSP();
+
     void detach();
 
     void finishedParsing();
@@ -223,10 +227,13 @@ private:
 
     void detachDocumentLoader(Member<DocumentLoader>&);
 
+    void upgradeInsecureRequest(ResourceRequest&, Document*) const;
+
     std::unique_ptr<TracedValue> toTracedValue() const;
     void takeObjectSnapshot() const;
 
     Member<LocalFrame> m_frame;
+    AtomicString m_requiredCSP;
 
     // FIXME: These should be std::unique_ptr<T> to reduce build times and simplify
     // header dependencies unless performance testing proves otherwise.