PlzNavigate & CSP. Use the SourceLocation in violation reports.

content/browser/frame_host/ancestor_throttle.cc

Index: content/browser/frame_host/ancestor_throttle.cc
diff --git a/content/browser/frame_host/ancestor_throttle.cc b/content/browser/frame_host/ancestor_throttle.cc
index cba286784a2e914a9f35e79578900da220198d10..d1e685b21e018115181af96dbed6eda4d0b82214 100644
--- a/content/browser/frame_host/ancestor_throttle.cc
+++ b/content/browser/frame_host/ancestor_throttle.cc
@@ -189,10 +189,12 @@ AncestorThrottle::CheckContentSecurityPolicyFrameSrc(bool is_redirect) {
   RenderFrameHostImpl* parent = parent_ftn->current_frame_host();
   DCHECK(parent);
 
-  if (!parent->IsAllowedByCsp(CSPDirective::FrameSrc, url, is_redirect))
-    return NavigationThrottle::BLOCK_REQUEST;
+  if (parent->EnforceCsp(CSPDirective::FrameSrc, url, is_redirect,

[arthursonzogni, 2017/03/21 16:20:38]

While I added the SourceLocation argument to this function, I choose to change
the "IsAllowedByCsp" name, because it was not clear that this function produces
side-effects.
It is probably unrelated to this CL though, let me know what do you think.

[Mike West, 2017/03/22 08:57:38]

It seems odd to diverge from Blink's implementation. There we do something like
`policy->allowRequest(...)` and pass in an enum that governs whether or not
we're just checking the result or doing reporting. I'd suggest splitting this
change out into a separate patch so we have a chance to discuss the model in a
little more detail.

[arthursonzogni, 2017/03/22 09:38:35]

Okay, let's do this!

+                         handle->source_location())) {
+    return NavigationThrottle::PROCEED;
+  }
 
-  return NavigationThrottle::PROCEED;
+  return NavigationThrottle::BLOCK_REQUEST;
 }
 
 NavigationThrottle::ThrottleCheckResult AncestorThrottle::WillStartRequest() {