Replicate feature policy headers to remote frames

third_party/WebKit/Source/core/loader/FrameLoader.cpp

 /*
  * Copyright (C) 2006, 2007, 2008, 2009, 2010, 2011 Apple Inc. All rights
  * reserved.
  * Copyright (C) 2008 Nokia Corporation and/or its subsidiary(-ies)
  * Copyright (C) 2008, 2009 Torch Mobile Inc. All rights reserved.
  * (http://www.torchmobile.com/)
  * Copyright (C) 2008 Alp Toker <alp@atoker.com>
  * Copyright (C) Research In Motion Limited 2009. All rights reserved.
  * Copyright (C) 2011 Kris Jordan <krisjordan@gmail.com>
  * Copyright (C) 2011 Google Inc. All rights reserved.
@@ skipping 559 matching lines @@
       if (!headerContentLanguage.isEmpty()) {
         m_frame->document()->setContentLanguage(
             AtomicString(headerContentLanguage));
       }
     }
 
     OriginTrialContext::addTokensFromHeader(
         m_frame->document(),
         m_documentLoader->response().httpHeaderField(HTTPNames::Origin_Trial));
     if (RuntimeEnabledFeatures::featurePolicyEnabled()) {
-      std::unique_ptr<FeaturePolicy> featurePolicy(
-          FeaturePolicy::createFromParentPolicy(
-              (isLoadingMainFrame() ? nullptr
-                                    : m_frame->client()
-                                          ->parent()
-                                          ->securityContext()
-                                          ->getFeaturePolicy()),
-              m_frame->securityContext()->getSecurityOrigin()));
+      SecurityContext* parentSecurityContext =
+          (isLoadingMainFrame()
+               ? nullptr
+               : m_frame->client()->parent()->securityContext());
+      const String& featurePolicyHeader =
+          m_documentLoader->response().httpHeaderField(
+              HTTPNames::Feature_Policy);
       Vector<String> messages;
-      featurePolicy->setHeaderPolicy(
-          m_documentLoader->response().httpHeaderField(
-              HTTPNames::Feature_Policy),
-          messages);
+      m_frame->securityContext()->setFeaturePolicyFromHeader(

[raymes, 2016/11/21 02:17:34]

nit: since only the parent's feature policy is really needed, should we just
pass that in instead of the whole parentSecurityContext?

[iclelland, 2016/11/21 05:05:33]

Makes sense; I was thinking that methods on SecurityContext should really be
working at that level of abstraction (i.e., other SecurityContexts), but since
SC knows about FP, and provides methods to manipulate it, I don't see anything
wrong with using it as a parameter.

+          featurePolicyHeader, parentSecurityContext, &messages);
       for (auto& message : messages) {
         m_frame->document()->addConsoleMessage(ConsoleMessage::create(
             OtherMessageSource, ErrorMessageLevel,
             "Error with Feature-Policy header: " + message));
       }
-      m_frame->document()->setFeaturePolicy(std::move(featurePolicy));
+      if (client() && !featurePolicyHeader.isEmpty())

[dcheng, 2016/11/20 21:04:12]

Is this null check necessary? The frame should be attached here.

[iclelland, 2016/11/21 05:05:33]

I wasn't 100% certain that that had to be the case, so it was a sanity check for
me to ensure that it was nonnull before dereferencing it. I can easily replace
with a DCHECK, or eliminate if it's completely unnecessary.

+        client()->didSetFeaturePolicyHeader(featurePolicyHeader);
     }
   }
 
   if (m_documentLoader) {
     String referrerPolicyHeader = m_documentLoader->response().httpHeaderField(
         HTTPNames::Referrer_Policy);
     if (!referrerPolicyHeader.isNull()) {
       m_frame->document()->parseAndSetReferrerPolicy(referrerPolicyHeader);
     }
   }
@@ skipping 1343 matching lines @@
                          m_documentLoader ? m_documentLoader->url() : String());
   return tracedValue;
 }
 
 inline void FrameLoader::takeObjectSnapshot() const {
   TRACE_EVENT_OBJECT_SNAPSHOT_WITH_ID("loading", "FrameLoader", this,
                                       toTracedValue());
 }
 
 }  // namespace blink