PlzNavigate: Enforce 'frame-src' CSP on the browser.

third_party/WebKit/Source/core/loader/FrameLoaderClient.h

Index: third_party/WebKit/Source/core/loader/FrameLoaderClient.h
diff --git a/third_party/WebKit/Source/core/loader/FrameLoaderClient.h b/third_party/WebKit/Source/core/loader/FrameLoaderClient.h
index 613354db7b3126a3c6df7672e454fd0fcbd75a73..65f5fd2095218944b4c4eae38ff6006fa2d86632 100644
--- a/third_party/WebKit/Source/core/loader/FrameLoaderClient.h
+++ b/third_party/WebKit/Source/core/loader/FrameLoaderClient.h
@@ -121,7 +121,8 @@ class CORE_EXPORT FrameLoaderClient : public FrameClient {
       NavigationPolicy,
       bool shouldReplaceCurrentEntry,
       bool isClientRedirect,
-      HTMLFormElement*) = 0;
+      HTMLFormElement*,
+      ContentSecurityPolicyDisposition shouldBypassMainWorldCSP) = 0;

[alexmos, 2017/02/24 06:40:28]

This arg is named as if it's a bool, but it's not, and it sounds completely
different from the enum's name. :)  Perhaps just policyDisposition?  It's clear
enough what it is for when you check it against the enum value.  (or you could
actually pass this as a bool)

[arthursonzogni, 2017/02/24 16:13:30]

I agree. I will use shouldCheckMainWorldContentSecurityPolicy.

 
   virtual void dispatchWillSendSubmitEvent(HTMLFormElement*) = 0;
   virtual void dispatchWillSubmitForm(HTMLFormElement*) = 0;