PlzNavigate: Enforce 'frame-src' CSP on the browser.

content/browser/frame_host/csp_context_impl.h

+// Copyright 2017 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef CONTENT_BROWSER_FRAME_HOST_CSP_CONTEXT_IMPL_H_
+#define CONTENT_BROWSER_FRAME_HOST_CSP_CONTEXT_IMPL_H_
+
+#include "content/common/content_security_policy/csp_context.h"
+
+namespace content {
+
+class RenderFrameHostImpl;
+
+// The CSPContext class represents the system on which the CSP are enforced.

[alexmos, 2017/02/24 06:40:27]

nit: s/are/is/

[arthursonzogni, 2017/02/24 16:13:29]

Acknowledged. (File removed)

+// The CSPContextImpl is an implementation of it on the browser process.
+// It defines: - how to send a CSP violation report.
+//             - how to log a console error message.
+//             - what are the schemes that bypass the CSP checks.
+class CSPContextImpl : public CSPContext {
+ public:
+  CSPContextImpl(RenderFrameHostImpl* render_frame);

[alexmos, 2017/02/24 06:40:27]

nit: explicit

[arthursonzogni, 2017/02/24 16:13:29]

Acknowledged. (File removed)

+  void LogToConsole(const std::string& message) override;
+
+  // Inform the renderer process that a navigation has been blocked by a content
+  // security policy.
+  void ReportViolation(const CSPViolationParams& violation_params) override;
+
+ private:
+  bool SchemeShouldBypassCSP(const base::StringPiece& scheme) override;
+
+  // Never nullptr;
+  RenderFrameHostImpl* render_frame_;
+};
+
+}  // namespace content
+
+#endif  // CONTENT_BROWSER_FRAME_HOST_CSP_CONTEXT_IMPL_H_ */