PlzNavigate: Enforce 'frame-src' CSP on the browser.

third_party/WebKit/Source/web/WebLocalFrameImpl.cpp

Index: third_party/WebKit/Source/web/WebLocalFrameImpl.cpp
diff --git a/third_party/WebKit/Source/web/WebLocalFrameImpl.cpp b/third_party/WebKit/Source/web/WebLocalFrameImpl.cpp
index 859ed9967d4c420907b7b2fb2ce70167129e7875..b7029760a8330385cdfb48abc9ef6f1781870144 100644
--- a/third_party/WebKit/Source/web/WebLocalFrameImpl.cpp
+++ b/third_party/WebKit/Source/web/WebLocalFrameImpl.cpp
@@ -2044,6 +2044,27 @@ bool WebLocalFrameImpl::maybeRenderFallbackContent(
   return true;
 }
 
+// Called when a navigation is blocked because a Content Security Policy (CSP)
+// is infringed.
+void WebLocalFrameImpl::contentSecurityPolicyViolation(
+    const blink::WebContentSecurityPolicyViolation& violation) {
+  DCHECK(frame() && frame()->document());
+  Document* document = frame()->document();
+  Vector<String> reportEndpoints;
+  for (const WebString& endPoint : violation.reportEndpoints)
+    reportEndpoints.push_back(endPoint);
+  document->contentSecurityPolicy()->reportViolation(
+      violation.directive, /* directiveText */
+      ContentSecurityPolicy::getDirectiveType(
+          violation.effectiveDirective), /* effectiveType */
+      violation.consoleMessage,          /* consoleMessage */
+      violation.blockedUrl,              /* blockedUrl */
+      reportEndpoints,                   /* reportEndpoints */
+      violation.header,                  /* header */
+      static_cast<ContentSecurityPolicyHeaderType>(violation.disposition),
+      ContentSecurityPolicy::ViolationType::URLViolation); /* ViolationType */
+}
+
 bool WebLocalFrameImpl::isLoading() const {
   if (!frame() || !frame()->document())
     return false;