Replicate feature policy headers to remote frames

content/renderer/render_frame_proxy.cc

Index: content/renderer/render_frame_proxy.cc
diff --git a/content/renderer/render_frame_proxy.cc b/content/renderer/render_frame_proxy.cc
index 8f429c68c4b94f2e76c960d3842550098535b48f..6e02e0173d20b8dad58099ccbb91057f3e980a33 100644
--- a/content/renderer/render_frame_proxy.cc
+++ b/content/renderer/render_frame_proxy.cc
@@ -226,6 +226,10 @@ void RenderFrameProxy::SetReplicatedState(const FrameReplicationState& state) {
   web_frame_->setReplicatedInsecureRequestPolicy(state.insecure_request_policy);
   web_frame_->setReplicatedPotentiallyTrustworthyUniqueOrigin(
       state.has_potentially_trustworthy_unique_origin);
+  web_frame_->resetReplicatedContentSecurityPolicy();

[raymes, 2016/11/07 02:16:01]

This calls the wrong thing by the looks of it!

[iclelland, 2016/11/07 03:37:03]

Quite likely :) This is all very very WIP; not nearly ready for review. I wanted
to make sure you were aware of the space I'd been working in, so we didn't
duplicate efforts.

+  for (const auto& header : state.feature_policy_headers)
+    web_frame_->addReplicatedFeaturePolicyHeader(

[raymes, 2016/11/07 02:16:01]

Similarly here, I think we could just get rid of the array and do
setReplicatedFeaturePolicyHeader rather than addReplicatedFeaturePolicyHeader.

The same in all the other places where we have add (as opposed to set).

If we're able to do that then reset probably is unnecessary

[iclelland, 2016/11/07 03:37:03]

Agreed. Since the headers are already fully received and combined by this point,
there's no need for the vector.

+        blink::WebString::fromUTF8(header));
 
   web_frame_->resetReplicatedContentSecurityPolicy();
   for (const auto& header : state.accumulated_csp_headers)