Implement ContentSecurityPolicy on the browser-side.

content/browser/frame_host/frame_tree_node.h

 // Copyright 2013 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #ifndef CONTENT_BROWSER_FRAME_HOST_FRAME_TREE_NODE_H_
 #define CONTENT_BROWSER_FRAME_HOST_FRAME_TREE_NODE_H_
 
 #include <stddef.h>
 
 #include <memory>
 #include <string>
 #include <vector>
 
 #include "base/macros.h"
 #include "base/memory/ref_counted.h"
 #include "content/browser/frame_host/frame_tree_node_blame_context.h"
 #include "content/browser/frame_host/render_frame_host_impl.h"
 #include "content/browser/frame_host/render_frame_host_manager.h"
 #include "content/common/content_export.h"
+#include "content/common/content_security_policy/content_security_policy.h"
 #include "content/common/frame_owner_properties.h"
 #include "content/common/frame_replication_state.h"
 #include "third_party/WebKit/public/platform/WebInsecureRequestPolicy.h"
 #include "url/gurl.h"
 #include "url/origin.h"
 
 namespace content {
 
 class FrameTree;
 class NavigationRequest;
@@ skipping 130 matching lines @@
 
   // Set the current name and notify proxies about the update.
   void SetFrameName(const std::string& name, const std::string& unique_name);
 
   // Set the frame's feature policy header, clearing any existing header.
   void SetFeaturePolicyHeader(const ParsedFeaturePolicyHeader& parsed_header);
 
   // Clear any feature policy header associated with the frame.
   void ResetFeaturePolicyHeader();
 
-  // Add CSP header to replication state and notify proxies about the update.
-  void AddContentSecurityPolicy(const ContentSecurityPolicyHeader& header);
+  // Add CSP header to replication state, notify proxies about the update and
+  // enforce it on the browser.
+  void AddContentSecurityPolicy(
+      const ContentSecurityPolicyHeader& header,
+      const std::vector<ContentSecurityPolicy>& policies);
 
   // Discards previous CSP headers and notifies proxies about the update.
   // Typically invoked after committing navigation to a new document (since the
   // new document comes with a fresh set of CSP http headers).
   void ResetContentSecurityPolicy();
 
   // Sets the current insecure request policy, and notifies proxies about the
   // update.
   void SetInsecureRequestPolicy(blink::WebInsecureRequestPolicy policy);
 
@@ skipping 211 matching lines @@
   // List of objects observing this FrameTreeNode.
   base::ObserverList<Observer> observers_;
 
   base::TimeTicks last_focus_time_;
 
   // A helper for tracing the snapshots of this FrameTreeNode and attributing
   // browser process activities to this node (when possible).  It is unrelated
   // to the core logic of FrameTreeNode.
   FrameTreeNodeBlameContext blame_context_;
 
+  // A set of Content-Security-Policies to enforce on the browser-side.
+  std::vector<ContentSecurityPolicy> csp_policies_;
+
   DISALLOW_COPY_AND_ASSIGN(FrameTreeNode);
 };
 
 }  // namespace content
 
 #endif  // CONTENT_BROWSER_FRAME_HOST_FRAME_TREE_NODE_H_