PlzNavigate: Enforce 'frame-src' CSP on the browser.

content/common/navigation_params.h

Index: content/common/navigation_params.h
diff --git a/content/common/navigation_params.h b/content/common/navigation_params.h
index 105130740e309c150cf97dfef2ef918ad4a14e2d..30fd9e7b47b69b67de600951da199cd1305285d7 100644
--- a/content/common/navigation_params.h
+++ b/content/common/navigation_params.h
@@ -59,7 +59,8 @@ struct CONTENT_EXPORT CommonNavigationParams {
       PreviewsState previews_state,
       const base::TimeTicks& navigation_start,
       std::string method,
-      const scoped_refptr<ResourceRequestBodyImpl>& post_data);
+      const scoped_refptr<ResourceRequestBodyImpl>& post_data,
+      bool should_bypass_main_world_csp);
   CommonNavigationParams(const CommonNavigationParams& other);
   ~CommonNavigationParams();
 
@@ -120,6 +121,12 @@ struct CONTENT_EXPORT CommonNavigationParams {
 
   // Body of HTTP POST request.
   scoped_refptr<ResourceRequestBodyImpl> post_data;
+
+  // Returns true if the navigation was initiated from an isolated world. An
+  // isolated world has its own Content Security Policy. In this case, the
+  // policy of the main world should be ignored when evaluating resources
+  // injected into the DOM.
+  bool should_bypass_main_world_csp;
 };
 
 // Provided by the renderer ----------------------------------------------------