Implement ContentSecurityPolicy on the browser-side.

content/browser/frame_host/frame_tree_node.cc

Index: content/browser/frame_host/frame_tree_node.cc
diff --git a/content/browser/frame_host/frame_tree_node.cc b/content/browser/frame_host/frame_tree_node.cc
index a67de695a205b85c456d5c8f63254140222ec10f..42c3187df5387a224141eda2d14aecf39b1fc98a 100644
--- a/content/browser/frame_host/frame_tree_node.cc
+++ b/content/browser/frame_host/frame_tree_node.cc
@@ -265,7 +265,9 @@ void FrameTreeNode::ResetFeaturePolicy() {
 }
 
 void FrameTreeNode::AddContentSecurityPolicy(
-    const ContentSecurityPolicyHeader& header) {
+    const ContentSecurityPolicyHeader& header,
+    const CSPPolicy& policy) {
+  csp_policies.push_back(policy);
   replication_state_.accumulated_csp_headers.push_back(header);
   render_manager_.OnDidAddContentSecurityPolicy(header);
 }
@@ -273,6 +275,7 @@ void FrameTreeNode::AddContentSecurityPolicy(
 void FrameTreeNode::ResetContentSecurityPolicy() {
   replication_state_.accumulated_csp_headers.clear();
   render_manager_.OnDidResetContentSecurityPolicy();
+  csp_policies.clear();
 }
 
 void FrameTreeNode::SetInsecureRequestPolicy(