Replicate feature policy headers to remote frames

content/renderer/render_frame_impl.cc

Index: content/renderer/render_frame_impl.cc
diff --git a/content/renderer/render_frame_impl.cc b/content/renderer/render_frame_impl.cc
index 1115f80527d5811b2a518473947ab65682847fd5..e83e3f4724d5df95ace2839df604a8ed1710eeb0 100644
--- a/content/renderer/render_frame_impl.cc
+++ b/content/renderer/render_frame_impl.cc
@@ -3122,6 +3122,14 @@ void RenderFrameImpl::didChangeSandboxFlags(blink::WebFrame* child_frame,
       routing_id_, GetRoutingIdForFrameOrProxy(child_frame), flags));
 }
 
+void RenderFrameImpl::didSetFeaturePolicyHeader(
+    const blink::WebString& header_value) {
+  if (!SiteIsolationPolicy::AreCrossProcessFramesPossible())
+    return;

[raymes, 2016/11/07 23:10:25]

Hmm - we will want this to be replicated to the browser even if site isolation
is disabled. Do you know if that will still happen with this check in place?
Should we remove it? alexmos@ might know.

[iclelland, 2016/11/08 03:13:41]

That's a good point - once we start using it for browser-side features /
permissions, then we will want to send this to the browser. I can remove it
here, or we can remove it later, once it's used for something other than site
isolation.

[alexmos, 2016/11/09 01:16:55]

I'd say just remove this now.  

AreCrossProcessFramesPossible would be true if any kind of OOPIF mode is active,
and it's already true for lots of canary/dev/beta users in our field trial for
--isolate-extensions.  The value of this on ToT had been true for a while; we
had to flip it to false recently but anticipate turning it back on after branch
point.

I think it's ok to just always send the IPC, as down the road, if your
browser-side code starts relying on the header and you forget to remove this,
you might have a nasty surprise if ToT value of this is |true|, but our field
trials make it |false| for some users.

On that note, if you plan to use this on the browser side, it'd be good to have
a browsertest to verify the feature_policy_header on FrameTreeNode (see the CSP
and other replication tests in SitePerProcessBrowserTest).  Probably fine if you
want to add it later though, given that you have end-to-end coverage with your
layout test.

[iclelland, 2016/11/09 18:07:59]

Done, make sense. Thanks.
Added https://bugs.chromium.org/p/chromium/issues/detail?id=663731 so it doesn't
get forgotten.

+  Send(new FrameHostMsg_DidSetFeaturePolicyHeader(
+      routing_id_, base::UTF16ToUTF8(base::StringPiece16(header_value))));
+}
+
 void RenderFrameImpl::didAddContentSecurityPolicy(
     const blink::WebString& header_value,
     blink::WebContentSecurityPolicyType type,