PlzNavigate: Enforce 'frame-src' CSP on the browser.

content/browser/frame_host/render_frame_host_impl.cc

 // Copyright 2013 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "content/browser/frame_host/render_frame_host_impl.h"
 
 #include <algorithm>
 #include <utility>
 
 #include "base/bind.h"
@@ skipping 328 matching lines @@
       browser_plugin_embedder_ax_tree_id_(AXTreeIDRegistry::kNoAXTreeID),
       no_create_browser_accessibility_manager_for_testing_(false),
       web_ui_type_(WebUI::kNoWebUI),
       pending_web_ui_type_(WebUI::kNoWebUI),
       should_reuse_web_ui_(false),
       has_selection_(false),
       last_navigation_previews_state_(PREVIEWS_UNSPECIFIED),
       frame_host_binding_(this),
       waiting_for_init_(renderer_initiated_creation),
       has_focused_editable_element_(false),
+      csp_context_(new CSPContextImpl(this)),
       weak_ptr_factory_(this) {
   frame_tree_->AddRenderViewHostRef(render_view_host_);
   GetProcess()->AddRoute(routing_id_, this);
   g_routing_id_frame_map.Get().insert(std::make_pair(
       RenderFrameHostID(GetProcess()->GetID(), routing_id_),
       this));
   site_instance_->AddObserver(this);
   GetSiteInstance()->IncrementActiveFrameCount();
 
   if (frame_tree_node_->parent()) {
@@ skipping 1477 matching lines @@
 
 void RenderFrameHostImpl::OnDidSetFeaturePolicyHeader(
     const ParsedFeaturePolicyHeader& parsed_header) {
   frame_tree_node()->SetFeaturePolicyHeader(parsed_header);
   ResetFeaturePolicy();
   feature_policy_->SetHeaderPolicy(parsed_header);
 }
 
 void RenderFrameHostImpl::OnDidAddContentSecurityPolicy(
     const ContentSecurityPolicyHeader& header,
     const std::vector<ContentSecurityPolicy>& policies) {

[alexmos, 2017/02/24 06:40:27]

This wasn't in this CL, but I'm a bit confused by this.  Why is this a vector? 
Wouldn't one header correspond to one policy?  (I.e., I thought this message is
sent multiple times, each time a new header, csp in <meta>, etc. is added -- so
how does this correspond with this vector of policies?)

[arthursonzogni, 2017/02/24 16:13:29]

RFC2616, section 4.2 specifies that headers appearing multiple times can be
combined with a comma. So, you can have two CSP defined inside one header :(

We could split the header by comma and send the policies one by one if we wanted
to. I choose not to modify how the data in the frame_replication_state in my
patch. I think we can though.

[alexmos, 2017/03/01 02:22:28]

Acknowledged.  I didn't know this, and indeed, Blink's
ContentSecurityPolicy::addPolicyFromHeaderValue handles exactly this.  It'd be
nice to add a comment to explain this, as it's not obvious.

[arthursonzogni, 2017/03/06 15:09:02]

I will add a comment.
FYI, the |policies| argument could be empty if the |header| contain an invalid
policy.

-  frame_tree_node()->AddContentSecurityPolicy(header, policies);
+  frame_tree_node()->AddContentSecurityPolicy(header);
+  content_security_policies_.insert(content_security_policies_.end(),
+                                    policies.begin(), policies.end());
 }
 
 void RenderFrameHostImpl::OnEnforceInsecureRequestPolicy(
     blink::WebInsecureRequestPolicy policy) {
   frame_tree_node()->SetInsecureRequestPolicy(policy);
 }
 
 void RenderFrameHostImpl::OnUpdateToUniqueOrigin(
     bool is_potentially_trustworthy_unique_origin) {
   url::Origin origin;
@@ skipping 658 matching lines @@
   if (!common_params.url.SchemeIs(url::kJavaScriptScheme))
     OnDidStartLoading(true);
 }
 
 void RenderFrameHostImpl::NavigateToInterstitialURL(const GURL& data_url) {
   DCHECK(data_url.SchemeIs(url::kDataScheme));
   CommonNavigationParams common_params(
       data_url, Referrer(), ui::PAGE_TRANSITION_LINK,
       FrameMsg_Navigate_Type::DIFFERENT_DOCUMENT, false, false,
       base::TimeTicks::Now(), FrameMsg_UILoadMetricsReportType::NO_REPORT,
-      GURL(), GURL(), PREVIEWS_OFF, base::TimeTicks::Now(), "GET", nullptr);
+      GURL(), GURL(), PREVIEWS_OFF, base::TimeTicks::Now(), "GET", nullptr,
+      false /* should_bypass_main_world_csp */);
   if (IsBrowserSideNavigationEnabled()) {
     CommitNavigation(nullptr, nullptr, common_params, RequestNavigationParams(),
                      false);
   } else {
     Navigate(common_params, StartNavigationParams(), RequestNavigationParams());
   }
 }
 
 void RenderFrameHostImpl::Stop() {
   Send(new FrameMsg_Stop(routing_id_));
@@ skipping 215 matching lines @@
   ResetWaitingState();
 
   Send(new FrameMsg_FailedNavigation(routing_id_, common_params, request_params,
                                      has_stale_copy_in_cache, error_code));
 
   // An error page is expected to commit, hence why is_loading_ is set to true.
   is_loading_ = true;
   frame_tree_node_->ResetNavigationRequest(true);
 }
 
+void RenderFrameHostImpl::ReportContentSecurityPolicyViolation(
+    const CSPViolationParams& violation_params) {
+  Send(new FrameMsg_ReportContentSecurityPolicyViolation(routing_id_,
+                                                         violation_params));
+}
+
 void RenderFrameHostImpl::SetUpMojoIfNeeded() {
   if (interface_registry_.get())
     return;
 
   interface_registry_ = base::MakeUnique<service_manager::InterfaceRegistry>(
       mojom::kNavigation_FrameSpec);
 
   ServiceManagerConnection* service_manager_connection =
       BrowserContext::GetServiceManagerConnectionFor(
           GetProcess()->GetBrowserContext());
@@ skipping 651 matching lines @@
         NavigationEntryImpl::FromNavigationEntry(
             frame_tree_node()->navigator()->GetController()->GetPendingEntry());
     if (pending_entry && pending_entry->GetUniqueID() == params.nav_entry_id) {
       pending_nav_entry_id = params.nav_entry_id;
       is_renderer_initiated = pending_entry->is_renderer_initiated();
     }
 
     return NavigationHandleImpl::Create(
         params.url, params.redirects, frame_tree_node_, is_renderer_initiated,
         params.was_within_same_page, base::TimeTicks::Now(),
-        pending_nav_entry_id, false);  // started_from_context_menu
+        pending_nav_entry_id,
+        false,   // started_from_context_menu
+        false);  // should_bypass_main_world_csp
   }
 
   // Determine if the current NavigationHandle can be used.
   if (navigation_handle_ && navigation_handle_->GetURL() == params.url) {
     return std::move(navigation_handle_);
   }
 
   // If the URL does not match what the NavigationHandle expects, treat the
   // commit as a new navigation. This can happen when loading a Data
   // navigation with LoadDataWithBaseURL.
@@ skipping 31 matching lines @@
     // Reset any existing NavigationHandle.
     navigation_handle_.reset();
   }
 
   // There is no pending NavigationEntry in these cases, so pass 0 as the
   // pending_nav_entry_id. If the previous handle was a prematurely aborted
   // navigation loaded via LoadDataWithBaseURL, propagate the entry id.
   return NavigationHandleImpl::Create(
       params.url, params.redirects, frame_tree_node_, is_renderer_initiated,
       params.was_within_same_page, base::TimeTicks::Now(),
-      entry_id_for_data_nav, false);  // started_from_context_menu
+      entry_id_for_data_nav,
+      false,   // started_from_context_menu
+      false);  // should_bypass_main_world_csp
 }
 
 }  // namespace content