Implement ContentSecurityPolicy on the browser-side.

third_party/WebKit/Source/core/frame/csp/CSPDirectiveList.h

Index: third_party/WebKit/Source/core/frame/csp/CSPDirectiveList.h
diff --git a/third_party/WebKit/Source/core/frame/csp/CSPDirectiveList.h b/third_party/WebKit/Source/core/frame/csp/CSPDirectiveList.h
index 7dba69f3398462354117a0d391c704f04d508ad2..a2ea44228122aff45ba1950119dc2c74b9baf413 100644
--- a/third_party/WebKit/Source/core/frame/csp/CSPDirectiveList.h
+++ b/third_party/WebKit/Source/core/frame/csp/CSPDirectiveList.h
@@ -14,6 +14,7 @@
 #include "platform/network/HTTPParsers.h"
 #include "platform/network/ResourceRequest.h"
 #include "platform/weborigin/KURL.h"
+#include "public/platform/WebContentSecurityPolicy.h"
 #include "wtf/Vector.h"
 #include "wtf/text/AtomicString.h"
 #include "wtf/text/WTFString.h"
@@ -162,6 +163,8 @@ class CORE_EXPORT CSPDirectiveList
   // https://w3c.github.io/webappsec-csp/embedded/#subsume-policy
   bool subsumes(const CSPDirectiveListVector&);
 
+  WebContentSecurityPolicyPolicy expose() const;

[Mike West, 2017/02/13 14:10:51]

Please add a comment here regarding the directives this actually exposes in the
exported policy.

[arthursonzogni, 2017/02/14 17:07:03]

Yes, it is very important. Done.
I also added some comments for the classes I added.

+
   DECLARE_TRACE();
 
  private: