PlzNavigate: Enforce 'frame-src' CSP on the browser.

content/browser/frame_host/render_frame_host_impl.cc

Index: content/browser/frame_host/render_frame_host_impl.cc
diff --git a/content/browser/frame_host/render_frame_host_impl.cc b/content/browser/frame_host/render_frame_host_impl.cc
index 4bfe8a73ba392bff532f93ff06ae665a58b6f5a0..f9f5986ee911c0792ed9b57fdf111618a580f3fa 100644
--- a/content/browser/frame_host/render_frame_host_impl.cc
+++ b/content/browser/frame_host/render_frame_host_impl.cc
@@ -346,6 +346,7 @@ RenderFrameHostImpl::RenderFrameHostImpl(SiteInstance* site_instance,
       frame_host_binding_(this),
       waiting_for_init_(renderer_initiated_creation),
       has_focused_editable_element_(false),
+      csp_context_(new CSPContextImpl(this)),
       weak_ptr_factory_(this) {
   frame_tree_->AddRenderViewHostRef(render_view_host_);
   GetProcess()->AddRoute(routing_id_, this);
@@ -1844,7 +1845,9 @@ void RenderFrameHostImpl::OnDidSetFeaturePolicyHeader(
 void RenderFrameHostImpl::OnDidAddContentSecurityPolicy(
     const ContentSecurityPolicyHeader& header,
     const std::vector<ContentSecurityPolicy>& policies) {

[alexmos, 2017/02/24 06:40:27]

This wasn't in this CL, but I'm a bit confused by this.  Why is this a vector? 
Wouldn't one header correspond to one policy?  (I.e., I thought this message is
sent multiple times, each time a new header, csp in <meta>, etc. is added -- so
how does this correspond with this vector of policies?)

[arthursonzogni, 2017/02/24 16:13:29]

RFC2616, section 4.2 specifies that headers appearing multiple times can be
combined with a comma. So, you can have two CSP defined inside one header :(

We could split the header by comma and send the policies one by one if we wanted
to. I choose not to modify how the data in the frame_replication_state in my
patch. I think we can though.

[alexmos, 2017/03/01 02:22:28]

Acknowledged.  I didn't know this, and indeed, Blink's
ContentSecurityPolicy::addPolicyFromHeaderValue handles exactly this.  It'd be
nice to add a comment to explain this, as it's not obvious.

[arthursonzogni, 2017/03/06 15:09:02]

I will add a comment.
FYI, the |policies| argument could be empty if the |header| contain an invalid
policy.

-  frame_tree_node()->AddContentSecurityPolicy(header, policies);
+  frame_tree_node()->AddContentSecurityPolicy(header);
+  content_security_policies_.insert(content_security_policies_.end(),
+                                    policies.begin(), policies.end());
 }
 
 void RenderFrameHostImpl::OnEnforceInsecureRequestPolicy(
@@ -2523,7 +2526,8 @@ void RenderFrameHostImpl::NavigateToInterstitialURL(const GURL& data_url) {
       data_url, Referrer(), ui::PAGE_TRANSITION_LINK,
       FrameMsg_Navigate_Type::DIFFERENT_DOCUMENT, false, false,
       base::TimeTicks::Now(), FrameMsg_UILoadMetricsReportType::NO_REPORT,
-      GURL(), GURL(), PREVIEWS_OFF, base::TimeTicks::Now(), "GET", nullptr);
+      GURL(), GURL(), PREVIEWS_OFF, base::TimeTicks::Now(), "GET", nullptr,
+      false /* should_bypass_main_world_csp */);
   if (IsBrowserSideNavigationEnabled()) {
     CommitNavigation(nullptr, nullptr, common_params, RequestNavigationParams(),
                      false);
@@ -2759,6 +2763,12 @@ void RenderFrameHostImpl::FailedNavigation(
   frame_tree_node_->ResetNavigationRequest(true);
 }
 
+void RenderFrameHostImpl::ReportContentSecurityPolicyViolation(
+    const CSPViolationParams& violation_params) {
+  Send(new FrameMsg_ReportContentSecurityPolicyViolation(routing_id_,
+                                                         violation_params));
+}
+
 void RenderFrameHostImpl::SetUpMojoIfNeeded() {
   if (interface_registry_.get())
     return;
@@ -3430,7 +3440,9 @@ RenderFrameHostImpl::TakeNavigationHandleForCommit(
     return NavigationHandleImpl::Create(
         params.url, params.redirects, frame_tree_node_, is_renderer_initiated,
         params.was_within_same_page, base::TimeTicks::Now(),
-        pending_nav_entry_id, false);  // started_from_context_menu
+        pending_nav_entry_id,
+        false,   // started_from_context_menu
+        false);  // should_bypass_main_world_csp
   }
 
   // Determine if the current NavigationHandle can be used.
@@ -3482,7 +3494,9 @@ RenderFrameHostImpl::TakeNavigationHandleForCommit(
   return NavigationHandleImpl::Create(
       params.url, params.redirects, frame_tree_node_, is_renderer_initiated,
       params.was_within_same_page, base::TimeTicks::Now(),
-      entry_id_for_data_nav, false);  // started_from_context_menu
+      entry_id_for_data_nav,
+      false,   // started_from_context_menu
+      false);  // should_bypass_main_world_csp
 }
 
 }  // namespace content