Upgrade Insecure Requests: bugfixes, tests, and support for OOPIF.

content/common/frame_messages.h

 // Copyright 2013 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 // IPC messages for interacting with frames.
 // Multiply-included message file, hence no include guard.
 
 #include <stddef.h>
 #include <stdint.h>
 
@@ skipping 271 matching lines @@
   // How navigation metrics starting on UI action for this load should be
   // reported.
   IPC_STRUCT_MEMBER(FrameMsg_UILoadMetricsReportType::Value, report_type)
 
   // Timestamp at which the UI action that triggered the navigation originated.
   IPC_STRUCT_MEMBER(base::TimeTicks, ui_timestamp)
 
   // The insecure request policy the document for the load is enforcing.
   IPC_STRUCT_MEMBER(blink::WebInsecureRequestPolicy, insecure_request_policy)
 
+  // The upgrade insecure navigations set the document for the load is
+  // enforcing.
+  IPC_STRUCT_MEMBER(std::vector<uint32_t>, insecure_navigations_set)
+
   // True if the document for the load is a unique origin that should be
   // considered potentially trustworthy.
   IPC_STRUCT_MEMBER(bool, has_potentially_trustworthy_unique_origin)
 
   // See WebSearchableFormData for a description of these.
   // Not used by PlzNavigate: in that case these fields are sent to the browser
   // in BeginNavigationParams.
   IPC_STRUCT_MEMBER(GURL, searchable_form_url)
   IPC_STRUCT_MEMBER(std::string, searchable_form_encoding)
 IPC_STRUCT_END()
@@ skipping 96 matching lines @@
 
 IPC_STRUCT_TRAITS_BEGIN(content::FrameReplicationState)
   IPC_STRUCT_TRAITS_MEMBER(origin)
   IPC_STRUCT_TRAITS_MEMBER(sandbox_flags)
   IPC_STRUCT_TRAITS_MEMBER(name)
   IPC_STRUCT_TRAITS_MEMBER(unique_name)
   IPC_STRUCT_TRAITS_MEMBER(feature_policy_header)
   IPC_STRUCT_TRAITS_MEMBER(accumulated_csp_headers)
   IPC_STRUCT_TRAITS_MEMBER(scope)
   IPC_STRUCT_TRAITS_MEMBER(insecure_request_policy)
+  IPC_STRUCT_TRAITS_MEMBER(insecure_navigations_set)
   IPC_STRUCT_TRAITS_MEMBER(has_potentially_trustworthy_unique_origin)
 IPC_STRUCT_TRAITS_END()
 
 // Parameters included with an OpenURL request.
 // |is_history_navigation_in_new_child| is true in the case that the browser
 // process should look for an existing history item for the frame.
 IPC_STRUCT_BEGIN(FrameHostMsg_OpenURL_Params)
   IPC_STRUCT_MEMBER(GURL, url)
   IPC_STRUCT_MEMBER(bool, uses_post)
   IPC_STRUCT_MEMBER(scoped_refptr<content::ResourceRequestBodyImpl>,
@@ skipping 316 matching lines @@
                     content::ContentSecurityPolicyHeader)
 
 // Resets ContentSecurityPolicy in a frame proxy / in RemoteSecurityContext.
 IPC_MESSAGE_ROUTED0(FrameMsg_ResetContentSecurityPolicy)
 
 // Update a proxy's replicated enforcement of insecure request policy.
 // Used when the frame's policy is changed in another process.
 IPC_MESSAGE_ROUTED1(FrameMsg_EnforceInsecureRequestPolicy,
                     blink::WebInsecureRequestPolicy)
 
+// Update a proxy's replicated set for enforcement of insecure navigations.
+// Used when the frame's set is changed in another process.
+IPC_MESSAGE_ROUTED1(FrameMsg_EnforceInsecureNavigationsSet,
+                    std::vector<uint32_t> /* set */)
+
 // Update a proxy's replicated origin.  Used when the frame is navigated to a
 // new origin.
 IPC_MESSAGE_ROUTED2(FrameMsg_DidUpdateOrigin,
                     url::Origin /* origin */,
                     bool /* is potentially trustworthy unique origin */)
 
 // Notifies this frame or proxy that it is now focused.  This is used to
 // support cross-process focused frame changes.
 IPC_MESSAGE_ROUTED0(FrameMsg_SetFocusedFrame)
 
@@ skipping 244 matching lines @@
 IPC_MESSAGE_ROUTED1(FrameHostMsg_DidAddContentSecurityPolicy,
                     content::ContentSecurityPolicyHeader)
 
 // Sent when the frame starts enforcing an insecure request policy. Sending
 // this information in DidCommitProvisionalLoad isn't sufficient; this
 // message is needed because, for example, a document can dynamically insert
 // a <meta> tag that causes strict mixed content checking to be enforced.
 IPC_MESSAGE_ROUTED1(FrameHostMsg_EnforceInsecureRequestPolicy,
                     blink::WebInsecureRequestPolicy)
 
+// Sent when the frame starts enforcing an upgrade insecure navigations set.
+// Sending this information in DidCommitProvisionalLoad isn't sufficient; this
+// message is needed because, for example, a document can dynamically insert a
+// <meta> tag that causes "Upgrade Insecure Request" to be enabled and the
+// upgrade insecure navigations set to be augmented.
+IPC_MESSAGE_ROUTED1(FrameHostMsg_EnforceInsecureNavigationsSet,
+                    std::vector<uint32_t>)
+
 // Sent when the frame is set to a unique origin. TODO(estark): this IPC
 // only exists to support dynamic sandboxing via a CSP delivered in a
 // <meta> tag. This is not supposed to be allowed per the CSP spec and
 // should be ripped out. https://crbug.com/594645
 IPC_MESSAGE_ROUTED1(FrameHostMsg_UpdateToUniqueOrigin,
                     bool /* is potentially trustworthy unique origin */)
 
 // Sent when the renderer changed the progress of a load.
 IPC_MESSAGE_ROUTED1(FrameHostMsg_DidChangeLoadProgress,
                     double /* load_progress */)
@@ skipping 495 matching lines @@
 // nearest find result in the sending frame.
 IPC_MESSAGE_ROUTED2(FrameHostMsg_GetNearestFindResult_Reply,
                     int /* nfr_request_id */,
                     float /* distance */)
 #endif
 
 // Adding a new message? Stick to the sort order above: first platform
 // independent FrameMsg, then ifdefs for platform specific FrameMsg, then
 // platform independent FrameHostMsg, then ifdefs for platform specific
 // FrameHostMsg.