CSP: group policies in didAddContentSecurityPolicy.

content/browser/frame_host/render_frame_host_impl.cc

Index: content/browser/frame_host/render_frame_host_impl.cc
diff --git a/content/browser/frame_host/render_frame_host_impl.cc b/content/browser/frame_host/render_frame_host_impl.cc
index 9dc86b4f96263aa8249ac51ddd7ca8cb3f81fe1c..aa4bbbb5ceb1e79cae7dcdc8e2e6afa1ef846b27 100644
--- a/content/browser/frame_host/render_frame_host_impl.cc
+++ b/content/browser/frame_host/render_frame_host_impl.cc
@@ -769,8 +769,8 @@ bool RenderFrameHostImpl::OnMessageReceived(const IPC::Message &msg) {
     IPC_MESSAGE_HANDLER(FrameHostMsg_DidChangeName, OnDidChangeName)
     IPC_MESSAGE_HANDLER(FrameHostMsg_DidSetFeaturePolicyHeader,
                         OnDidSetFeaturePolicyHeader)
-    IPC_MESSAGE_HANDLER(FrameHostMsg_DidAddContentSecurityPolicy,
-                        OnDidAddContentSecurityPolicy)
+    IPC_MESSAGE_HANDLER(FrameHostMsg_DidAddContentSecurityPolicies,
+                        OnDidAddContentSecurityPolicies)
     IPC_MESSAGE_HANDLER(FrameHostMsg_EnforceInsecureRequestPolicy,
                         OnEnforceInsecureRequestPolicy)
     IPC_MESSAGE_HANDLER(FrameHostMsg_UpdateToUniqueOrigin,
@@ -1927,12 +1927,14 @@ void RenderFrameHostImpl::OnDidSetFeaturePolicyHeader(
   feature_policy_->SetHeaderPolicy(parsed_header);
 }
 
-void RenderFrameHostImpl::OnDidAddContentSecurityPolicy(
-    const ContentSecurityPolicyHeader& header,
+void RenderFrameHostImpl::OnDidAddContentSecurityPolicies(
     const std::vector<ContentSecurityPolicy>& policies) {
-  frame_tree_node()->AddContentSecurityPolicy(header);
-  for (const ContentSecurityPolicy& policy : policies)
+  std::vector<ContentSecurityPolicyHeader> headers;
+  for (const ContentSecurityPolicy& policy : policies) {
     AddContentSecurityPolicy(policy);
+    headers.push_back(policy.header);

[alexmos, 2017/03/25 01:46:27]

Sanity check: your old comment on RFHI::OnDidAddContentSecurityPolicy mentioned
that it was possible for one header to correspond to multiple policies (the
RFC2616 Sec 4.2 case).  Could this now result in duplicate headers being added
if multiple policies corresponded to the same comma-separated header line?  Or
does policy.header correspond to just one header in the case of comma-separated
headers?

[arthursonzogni, 2017/03/27 12:03:52]

The headers that contains multiple policies are split in
third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.cpp.
The ContentSecurityPolicy object contains exactly one header.

Before this patch, multiple IPC were sent, one per header and one header could
contain multiples policies. After this patch, one IPC is sent, it contains
multiples policies and a policy contains exactly header.

[alexmos, 2017/03/27 18:27:22]

Acknowledged.

+  }
+  frame_tree_node()->AddContentSecurityPolicies(headers);
 }
 
 void RenderFrameHostImpl::OnEnforceInsecureRequestPolicy(