PlzNavigate: Enforce 'form-action' CSP on the browser-side.

content/browser/frame_host/navigation_handle_impl.cc

Index: content/browser/frame_host/navigation_handle_impl.cc
diff --git a/content/browser/frame_host/navigation_handle_impl.cc b/content/browser/frame_host/navigation_handle_impl.cc
index b1b8887dcf7ffab33730e28b9117c9ae4a336636..42f0cf3cb8169c08276528e79484f5b102d03e55 100644
--- a/content/browser/frame_host/navigation_handle_impl.cc
+++ b/content/browser/frame_host/navigation_handle_impl.cc
@@ -14,6 +14,7 @@
 #include "content/browser/devtools/render_frame_devtools_agent_host.h"
 #include "content/browser/frame_host/ancestor_throttle.h"
 #include "content/browser/frame_host/debug_urls.h"
+#include "content/browser/frame_host/form_submission_throttle.h"
 #include "content/browser/frame_host/frame_tree_node.h"
 #include "content/browser/frame_host/mixed_content_navigation_throttle.h"
 #include "content/browser/frame_host/navigation_controller_impl.h"
@@ -65,11 +66,12 @@ std::unique_ptr<NavigationHandleImpl> NavigationHandleImpl::Create(
     const base::TimeTicks& navigation_start,
     int pending_nav_entry_id,
     bool started_from_context_menu,
-    bool should_bypass_main_world_csp) {
+    bool should_bypass_main_world_csp,
+    bool is_form_submission) {
   return std::unique_ptr<NavigationHandleImpl>(new NavigationHandleImpl(
       url, redirect_chain, frame_tree_node, is_renderer_initiated, is_same_page,
       navigation_start, pending_nav_entry_id, started_from_context_menu,
-      should_bypass_main_world_csp));
+      should_bypass_main_world_csp, is_form_submission));
 }
 
 NavigationHandleImpl::NavigationHandleImpl(
@@ -81,7 +83,8 @@ NavigationHandleImpl::NavigationHandleImpl(
     const base::TimeTicks& navigation_start,
     int pending_nav_entry_id,
     bool started_from_context_menu,
-    bool should_bypass_main_world_csp)
+    bool should_bypass_main_world_csp,
+    bool is_form_submission)
     : url_(url),
       has_user_gesture_(false),
       transition_(ui::PAGE_TRANSITION_LINK),
@@ -112,6 +115,7 @@ NavigationHandleImpl::NavigationHandleImpl(
       restore_type_(RestoreType::NONE),
       navigation_type_(NAVIGATION_TYPE_UNKNOWN),
       should_bypass_main_world_csp_(should_bypass_main_world_csp),
+      is_form_submission_(is_form_submission),
       weak_factory_(this) {
   DCHECK(!navigation_start.is_null());
   if (redirect_chain_.empty())
@@ -906,6 +910,20 @@ void NavigationHandleImpl::RegisterNavigationThrottles() {
   std::vector<std::unique_ptr<NavigationThrottle>> throttles_to_register =
       GetDelegate()->CreateThrottlesForNavigation(this);
 
+  std::unique_ptr<content::NavigationThrottle> ancestor_throttle =
+      content::AncestorThrottle::MaybeCreateThrottleFor(this);
+  if (ancestor_throttle)
+    throttles_.push_back(std::move(ancestor_throttle));
+
+  std::unique_ptr<content::NavigationThrottle> form_submission_throttle =
+      content::FormSubmissionThrottle::MaybeCreateThrottleFor(this);
+  if (form_submission_throttle)
+    throttles_.push_back(std::move(form_submission_throttle));
+
+  // Check for mixed content. We do this after the AncestorThrottle and the

[nasko, 2017/03/16 21:49:47]

nit: s/We do this/This is done/

[arthursonzogni, 2017/03/17 14:58:25]

Done.

+  // FormSubmissionThrottle so that when folks block mixed content with a CSP
+  // policy, they don't get a warning. They'll still get a warning in the
+  // console about CSP blocking the load.
   std::unique_ptr<NavigationThrottle> mixed_content_throttle =
       MixedContentNavigationThrottle::CreateThrottleForNavigation(this);
   if (mixed_content_throttle)
@@ -921,11 +939,6 @@ void NavigationHandleImpl::RegisterNavigationThrottles() {
   if (clear_site_data_throttle)
     throttles_to_register.push_back(std::move(clear_site_data_throttle));
 
-  std::unique_ptr<content::NavigationThrottle> ancestor_throttle =
-      content::AncestorThrottle::MaybeCreateThrottleFor(this);
-  if (ancestor_throttle)
-    throttles_.push_back(std::move(ancestor_throttle));
-
   throttles_.insert(throttles_.begin(),
                     std::make_move_iterator(throttles_to_register.begin()),
                     std::make_move_iterator(throttles_to_register.end()));