PlzNavigate: Enforce 'frame-src' CSP on the browser.

content/common/content_security_policy/csp_context.h

Index: content/common/content_security_policy/csp_context.h
diff --git a/content/common/content_security_policy/csp_context.h b/content/common/content_security_policy/csp_context.h
index a7573defdfcf8861023052b2aa6cdfc1a3f5423c..a7122921142f3b81d8a3ec5a94bfd93363670c74 100644
--- a/content/common/content_security_policy/csp_context.h
+++ b/content/common/content_security_policy/csp_context.h
@@ -15,6 +15,8 @@
 
 namespace content {
 
+struct CSPViolationParams;
+
 // A CSPContext define every dependencies that have to be implemented to be
 // able to check the Content-Security-Policy and report violations to the users.
 class CONTENT_EXPORT CSPContext {
@@ -32,14 +34,7 @@ class CONTENT_EXPORT CSPContext {
   bool ProtocolMatchesSelf(const GURL& url);
 
   virtual void LogToConsole(const std::string& message);
-  virtual void ReportViolation(
-      const std::string& directive_text,
-      const std::string& effective_directive,
-      const std::string& message,
-      const GURL& blocked_url,
-      const std::vector<std::string>& report_end_points,
-      const std::string& header,
-      blink::WebContentSecurityPolicyType disposition);
+  virtual void ReportViolation(const CSPViolationParams& violation_params);
 
   bool SelfSchemeShouldBypassCSP();
 
@@ -53,5 +48,47 @@ class CONTENT_EXPORT CSPContext {
   DISALLOW_COPY_AND_ASSIGN(CSPContext);
 };
 
+// Used in CSPContext::ReportViolation()
+struct CONTENT_EXPORT CSPViolationParams {
+  CSPViolationParams();
+  CSPViolationParams(const std::string& directive,
+                     const std::string& effective_directive,
+                     const std::string& console_message,
+                     const GURL& blocked_url,
+                     const std::vector<std::string>& report_endpoints,
+                     const std::string& header,
+                     const blink::WebContentSecurityPolicyType& disposition,
+                     bool followed_redirect);
+  CSPViolationParams(const CSPViolationParams& other);
+  ~CSPViolationParams();
+
+  // The name of the directive that infringe the policy. |directive| might be a
+  // directive that serves as a fallback to the |effective_directive|.
+  std::string directive;
+
+  // The name the effective directive that was checked against.
+  std::string effective_directive;
+
+  // The console message that was displayed to the user.

[nasko, 2017/02/15 21:28:44]

"to be displayed"? This will be sent to the renderer to display the error in the
future, right?

+  std::string console_message;
+
+  // The URL that was blocked by the policy.
+  GURL blocked_url;
+
+  // The set of URI where a JSON-formatted report of the violation should be
+  // sent.
+  std::vector<std::string> report_endpoints;
+
+  // The raw content security policy header that was infringed.

[nasko, 2017/02/15 21:28:44]

nit: s/infringed/violated/

+  std::string header;
+
+  // Each policy has an associated disposition, which is either "enforce" or
+  // "report".
+  blink::WebContentSecurityPolicyType disposition;
+
+  // Whether or not the violation happens after a redirect.
+  bool followed_redirect;

[nasko, 2017/02/15 21:28:44]

nit: after_redirect?

[arthursonzogni, 2017/02/16 17:32:41]

I followed the naming I've found in:
https://codereview.chromium.org/2190183002/

But yes, why not. Thanks.

+};
+
 }  // namespace content
 #endif  // CONTENT_COMMON_CONTENT_SECURITY_POLICY_CSP_CONTEXT_H_