Make content::FeaturePolicy implement WebFeaturePolicy, and use it in blink code

third_party/WebKit/Source/core/dom/SecurityContext.cpp

 /*
  * Copyright (C) 2011 Google Inc. All Rights Reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
  * 1. Redistributions of source code must retain the above copyright
  *    notice, this list of conditions and the following disclaimer.
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in the
@@ skipping 11 matching lines @@
  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
  * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  *
  */
 
 #include "core/dom/SecurityContext.h"
 
 #include "core/frame/csp/ContentSecurityPolicy.h"
 #include "platform/RuntimeEnabledFeatures.h"
 #include "platform/weborigin/SecurityOrigin.h"
+#include "public/platform/Platform.h"
 
 namespace blink {
 
 SecurityContext::SecurityContext()
     : m_sandboxFlags(SandboxNone),
       m_addressSpace(WebAddressSpacePublic),
       m_insecureRequestPolicy(kLeaveInsecureRequestsAlone) {}
 
 SecurityContext::~SecurityContext() {}
 
@@ skipping 52 matching lines @@
   DCHECK(RuntimeEnabledFeatures::suboriginsEnabled());
   DCHECK(m_securityOrigin.get());
   DCHECK(!m_securityOrigin->hasSuborigin() ||
          m_securityOrigin->suborigin()->name() == suborigin.name());
   m_securityOrigin->addSuborigin(suborigin);
   didUpdateSecurityOrigin();
 }
 
 void SecurityContext::setFeaturePolicyFromHeader(
     const WebParsedFeaturePolicyHeader& parsedHeader,
-    FeaturePolicy* parentFeaturePolicy) {
+    const WebFeaturePolicy* parentFeaturePolicy) {
   DCHECK(!m_featurePolicy);
-  m_featurePolicy = FeaturePolicy::createFromParentPolicy(parentFeaturePolicy,
-                                                          m_securityOrigin);
-  m_featurePolicy->setHeaderPolicy(parsedHeader);
+
+  // Compose the new policy based on the parent policy, with the new header
+  WebSecurityOrigin origin = WebSecurityOrigin(m_securityOrigin);
+  m_featurePolicy.reset(Platform::current()->createFeaturePolicy(
+      parentFeaturePolicy, parsedHeader, origin));
+}
+
+void SecurityContext::updateFeaturePolicyOrigin() {

[raymes, 2017/02/13 04:45:22]

Should we just call this from setSecurityOrigin instead? Would that provide more
of a guarantee that things would be in-sync?

[iclelland, 2017/02/23 20:04:12]

Yes. Done.

+  if (!m_featurePolicy)
+    return;
+  Platform::current()->updateFeaturePolicyOrigin(
+      m_featurePolicy.get(), WebSecurityOrigin(m_securityOrigin));

[raymes, 2017/02/13 04:45:22]

Do you know under what circumstances we can change the security origin at
runtime? I haven't thought hard about this case, I hope it doesn't violate our
assumptions :)

[iclelland, 2017/02/23 20:04:12]

There are a few odd scenarios around document.open (and write, by extension, I
think). I'm not sure when else, but I'll do some spelunking in the code and see
what I can find out.

 }
 
 }  // namespace blink