Make content::FeaturePolicy implement WebFeaturePolicy, and use it in blink code

third_party/WebKit/Source/core/dom/SecurityContext.cpp

 /*
  * Copyright (C) 2011 Google Inc. All Rights Reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
  * 1. Redistributions of source code must retain the above copyright
  *    notice, this list of conditions and the following disclaimer.
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in the
@@ skipping 11 matching lines @@
  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
  * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  *
  */
 
 #include "core/dom/SecurityContext.h"
 
 #include "core/frame/csp/ContentSecurityPolicy.h"
 #include "platform/RuntimeEnabledFeatures.h"
 #include "platform/weborigin/SecurityOrigin.h"
+#include "public/platform/Platform.h"
 
 namespace blink {
 
 SecurityContext::SecurityContext()
     : m_sandboxFlags(SandboxNone),
       m_addressSpace(WebAddressSpacePublic),
       m_insecureRequestPolicy(kLeaveInsecureRequestsAlone) {}
 
 SecurityContext::~SecurityContext() {}
 
 DEFINE_TRACE(SecurityContext) {
   visitor->trace(m_contentSecurityPolicy);
 }
 
 void SecurityContext::setSecurityOrigin(
     PassRefPtr<SecurityOrigin> securityOrigin) {
   m_securityOrigin = securityOrigin;
+  updateFeaturePolicyOrigin();
 }
 
 void SecurityContext::setContentSecurityPolicy(
     ContentSecurityPolicy* contentSecurityPolicy) {
   m_contentSecurityPolicy = contentSecurityPolicy;
 }
 
 void SecurityContext::enforceSandboxFlags(SandboxFlags mask) {
   applySandboxFlags(mask);
 }
@@ skipping 33 matching lines @@
 
   DCHECK(!suborigin.name().isEmpty());
   DCHECK(RuntimeEnabledFeatures::suboriginsEnabled());
   DCHECK(m_securityOrigin.get());
   DCHECK(!m_securityOrigin->hasSuborigin() ||
          m_securityOrigin->suborigin()->name() == suborigin.name());
   m_securityOrigin->addSuborigin(suborigin);
   didUpdateSecurityOrigin();
 }
 
-void SecurityContext::setFeaturePolicyFromHeader(
+void SecurityContext::initializeFeaturePolicy(
     const WebParsedFeaturePolicyHeader& parsedHeader,
-    FeaturePolicy* parentFeaturePolicy) {
+    const WebFeaturePolicy* parentFeaturePolicy) {
   DCHECK(!m_featurePolicy);
   // TODO(iclelland): Use the frame owner properties here to pass the frame
   // policy, if it exists.
-  m_featurePolicy = FeaturePolicy::createFromParentPolicy(
-      parentFeaturePolicy, nullptr, m_securityOrigin);
-  m_featurePolicy->setHeaderPolicy(parsedHeader);
+  WebParsedFeaturePolicyHeader containerPolicy;
+  WebSecurityOrigin origin = WebSecurityOrigin(m_securityOrigin);
+  m_featurePolicy.reset(Platform::current()->createFeaturePolicy(
+      parentFeaturePolicy, containerPolicy, parsedHeader, origin));
+}
+
+void SecurityContext::updateFeaturePolicyOrigin() {
+  if (!m_featurePolicy)
+    return;
+  m_featurePolicy.reset(Platform::current()->duplicateFeaturePolicyWithOrigin(
+      *m_featurePolicy, WebSecurityOrigin(m_securityOrigin)));

[haraken, 2017/03/04 07:36:01]

Oh, if your intention is just to *update* (not duplicate) the feature policy,
I'm also fine with an API like updateFeaturePolicyWithOrigin(m_featurePolicy),
which automatically updates m_featurePolicy.

[iclelland, 2017/03/06 04:17:40]

That is really the only modification being considered here, but after writing
it, I'm slightly more comfortable with the idea that the policy objects are
effectively immutable after they've been constructed, and the FP headers have
been read. The origin is used for interpreting the policy, and we might end up
breaking some assumptions inadvertently if we allow it to change after the
policy has been set.

 }
 
 }  // namespace blink