Index: content/browser/frame_host/render_frame_host_impl.cc |
diff --git a/content/browser/frame_host/render_frame_host_impl.cc b/content/browser/frame_host/render_frame_host_impl.cc |
index 4bfe8a73ba392bff532f93ff06ae665a58b6f5a0..f9f5986ee911c0792ed9b57fdf111618a580f3fa 100644 |
--- a/content/browser/frame_host/render_frame_host_impl.cc |
+++ b/content/browser/frame_host/render_frame_host_impl.cc |
@@ -346,6 +346,7 @@ RenderFrameHostImpl::RenderFrameHostImpl(SiteInstance* site_instance, |
frame_host_binding_(this), |
waiting_for_init_(renderer_initiated_creation), |
has_focused_editable_element_(false), |
+ csp_context_(new CSPContextImpl(this)), |
weak_ptr_factory_(this) { |
frame_tree_->AddRenderViewHostRef(render_view_host_); |
GetProcess()->AddRoute(routing_id_, this); |
@@ -1844,7 +1845,9 @@ void RenderFrameHostImpl::OnDidSetFeaturePolicyHeader( |
void RenderFrameHostImpl::OnDidAddContentSecurityPolicy( |
const ContentSecurityPolicyHeader& header, |
const std::vector<ContentSecurityPolicy>& policies) { |
alexmos
2017/02/24 06:40:27
This wasn't in this CL, but I'm a bit confused by
arthursonzogni
2017/02/24 16:13:29
RFC2616, section 4.2 specifies that headers appear
alexmos
2017/03/01 02:22:28
Acknowledged. I didn't know this, and indeed, Bli
arthursonzogni
2017/03/06 15:09:02
I will add a comment.
FYI, the |policies| argument
|
- frame_tree_node()->AddContentSecurityPolicy(header, policies); |
+ frame_tree_node()->AddContentSecurityPolicy(header); |
+ content_security_policies_.insert(content_security_policies_.end(), |
+ policies.begin(), policies.end()); |
} |
void RenderFrameHostImpl::OnEnforceInsecureRequestPolicy( |
@@ -2523,7 +2526,8 @@ void RenderFrameHostImpl::NavigateToInterstitialURL(const GURL& data_url) { |
data_url, Referrer(), ui::PAGE_TRANSITION_LINK, |
FrameMsg_Navigate_Type::DIFFERENT_DOCUMENT, false, false, |
base::TimeTicks::Now(), FrameMsg_UILoadMetricsReportType::NO_REPORT, |
- GURL(), GURL(), PREVIEWS_OFF, base::TimeTicks::Now(), "GET", nullptr); |
+ GURL(), GURL(), PREVIEWS_OFF, base::TimeTicks::Now(), "GET", nullptr, |
+ false /* should_bypass_main_world_csp */); |
if (IsBrowserSideNavigationEnabled()) { |
CommitNavigation(nullptr, nullptr, common_params, RequestNavigationParams(), |
false); |
@@ -2759,6 +2763,12 @@ void RenderFrameHostImpl::FailedNavigation( |
frame_tree_node_->ResetNavigationRequest(true); |
} |
+void RenderFrameHostImpl::ReportContentSecurityPolicyViolation( |
+ const CSPViolationParams& violation_params) { |
+ Send(new FrameMsg_ReportContentSecurityPolicyViolation(routing_id_, |
+ violation_params)); |
+} |
+ |
void RenderFrameHostImpl::SetUpMojoIfNeeded() { |
if (interface_registry_.get()) |
return; |
@@ -3430,7 +3440,9 @@ RenderFrameHostImpl::TakeNavigationHandleForCommit( |
return NavigationHandleImpl::Create( |
params.url, params.redirects, frame_tree_node_, is_renderer_initiated, |
params.was_within_same_page, base::TimeTicks::Now(), |
- pending_nav_entry_id, false); // started_from_context_menu |
+ pending_nav_entry_id, |
+ false, // started_from_context_menu |
+ false); // should_bypass_main_world_csp |
} |
// Determine if the current NavigationHandle can be used. |
@@ -3482,7 +3494,9 @@ RenderFrameHostImpl::TakeNavigationHandleForCommit( |
return NavigationHandleImpl::Create( |
params.url, params.redirects, frame_tree_node_, is_renderer_initiated, |
params.was_within_same_page, base::TimeTicks::Now(), |
- entry_id_for_data_nav, false); // started_from_context_menu |
+ entry_id_for_data_nav, |
+ false, // started_from_context_menu |
+ false); // should_bypass_main_world_csp |
} |
} // namespace content |