Implement ContentSecurityPolicy on the browser-side.

content/browser/frame_host/frame_tree_node.h

Index: content/browser/frame_host/frame_tree_node.h
diff --git a/content/browser/frame_host/frame_tree_node.h b/content/browser/frame_host/frame_tree_node.h
index 701787120d6ce6863e0ea4672ceeeb46e037e361..c3de4e332c6881b4e07b1a59b416eed18128e349 100644
--- a/content/browser/frame_host/frame_tree_node.h
+++ b/content/browser/frame_host/frame_tree_node.h
@@ -17,6 +17,7 @@
 #include "content/browser/frame_host/render_frame_host_impl.h"
 #include "content/browser/frame_host/render_frame_host_manager.h"
 #include "content/common/content_export.h"
+#include "content/common/content_security_policy/csp_policy.h"
 #include "content/common/frame_owner_properties.h"
 #include "content/common/frame_replication_state.h"
 #include "third_party/WebKit/public/platform/WebInsecureRequestPolicy.h"
@@ -161,7 +162,8 @@ class CONTENT_EXPORT FrameTreeNode {
   void ResetFeaturePolicy();
 
   // Add CSP header to replication state and notify proxies about the update.
-  void AddContentSecurityPolicy(const ContentSecurityPolicyHeader& header);
+  void AddContentSecurityPolicy(const ContentSecurityPolicyHeader& header,
+                                const CSPPolicy& policy);
 
   // Discards previous CSP headers and notifies proxies about the update.
   // Typically invoked after committing navigation to a new document (since the
@@ -383,6 +385,9 @@ class CONTENT_EXPORT FrameTreeNode {
   // to the core logic of FrameTreeNode.
   FrameTreeNodeBlameContext blame_context_;
 
+  // A set of Content-Security-Policies to enforce on the browser-side.
+  std::vector<CSPPolicy> csp_policies;
+
   DISALLOW_COPY_AND_ASSIGN(FrameTreeNode);
 };