PlzNavigate: Enforce 'form-action' CSP on the browser-side.

third_party/WebKit/Source/core/loader/FrameLoader.cpp

Index: third_party/WebKit/Source/core/loader/FrameLoader.cpp
diff --git a/third_party/WebKit/Source/core/loader/FrameLoader.cpp b/third_party/WebKit/Source/core/loader/FrameLoader.cpp
index b0958995412bd27ebf3da25668dc1bb662229fd1..a1d16e05a52b6aa835d3581b357d686f89e52da4 100644
--- a/third_party/WebKit/Source/core/loader/FrameLoader.cpp
+++ b/third_party/WebKit/Source/core/loader/FrameLoader.cpp
@@ -1662,6 +1662,13 @@ NavigationPolicy FrameLoader::shouldContinueForNavigationPolicy(
   bool isFormSubmission = type == NavigationTypeFormSubmitted ||
                           type == NavigationTypeFormResubmitted;
   if (isFormSubmission &&
+      // 'form-action' check in the frame that is navigating is disabled on the
+      // renderer side when PlzNavigate is enabled, but is enforced on the
+      // browser side instead.
+      // N.B. check in the frame that initiate the navigation stills occurs in
+      // blink and is not enforced on the browser-side.
+      // See https://crbug.com/700964
+      !browserSideNavigationEnabled &&

[Mike West, 2017/03/14 15:45:39]

I'm fine with leaving this in, as long as we figure out a solution for the small
regression. I'm also fine if you'd prefer to drop it and rely on the existing
renderer-side behavior so that PlzNavigate can ship more quickly. Either way,
please leave the TODO and link to the bug. :)

[arthursonzogni, 2017/03/15 13:15:09]

Done. BUG and TODO added.

       !m_frame->document()->contentSecurityPolicy()->allowFormAction(
           request.url()))
     return NavigationPolicyIgnore;