Replicate feature policy container policies.

third_party/WebKit/Source/core/html/HTMLFrameOwnerElement.cpp

Index: third_party/WebKit/Source/core/html/HTMLFrameOwnerElement.cpp
diff --git a/third_party/WebKit/Source/core/html/HTMLFrameOwnerElement.cpp b/third_party/WebKit/Source/core/html/HTMLFrameOwnerElement.cpp
index 097190ad126078692b3ade36bd3d0efe4c140a42..db5b4a6addb8db04e009a7567fff4254275eb0c6 100644
--- a/third_party/WebKit/Source/core/html/HTMLFrameOwnerElement.cpp
+++ b/third_party/WebKit/Source/core/html/HTMLFrameOwnerElement.cpp
@@ -206,9 +206,10 @@ void HTMLFrameOwnerElement::setSandboxFlags(SandboxFlags flags) {
   m_sandboxFlags = flags;
   // Don't notify about updates if contentFrame() is null, for example when
   // the subframe hasn't been created yet.
-  if (contentFrame())
-    document().frame()->loader().client()->didChangeSandboxFlags(contentFrame(),
-                                                                 flags);
+  if (contentFrame()) {
+    document().frame()->loader().client()->didChangeFramePolicy(
+        contentFrame(), m_sandboxFlags, m_containerPolicy);
+  }
 }
 
 bool HTMLFrameOwnerElement::isKeyboardFocusable() const {
@@ -223,7 +224,19 @@ void HTMLFrameOwnerElement::disposeWidgetSoon(FrameViewBase* frameViewBase) {
   frameViewBase->dispose();
 }
 
+void HTMLFrameOwnerElement::updateContainerPolicy() {
+  m_containerPolicy = getContainerPolicyFromAllowedFeatures(
+      allowedFeatures(), SecurityOrigin::create(m_absoluteURL));

[alexmos, 2017/04/06 00:44:22]

Is creating an origin directly from the src URL really the right thing for
feature policy?  Would it work for cases like about:blank which inherits the
parent origin, iframe sandbox flags which would typically make the frame's real
origin unique, etc?

[iclelland, 2017/04/09 03:25:54]

The way we have defined it in the spec, specifying a frame policy like `<iframe
src="url" allow="feature">` should construct a policy that enables the feature
in the frame, just for the origin of the document specified by "url". If the
framed document subsequently navigates itself to a different domain, then the
feature will not be enabled in the navigated-to document. (There are other
mechanisms for specifying that all origins should be allowed, but the default is
to respect the src attribute as the intention of the parent document).

about:blank is an interesting case that I hadn't considered. Perhaps rather than
storing m_absoluteURL, I should factor that out into a method here, something
like 'getEffectiveFeaturePolicyOrigin' that would handle all of the edge cases
and return the origin that should be used.

+  // Don't notify about updates if contentFrame() is null, for example when
+  // the subframe hasn't been created yet.
+  if (contentFrame()) {
+    document().frame()->loader().client()->didChangeFramePolicy(
+        contentFrame(), m_sandboxFlags, m_containerPolicy);
+  }
+}
+
 void HTMLFrameOwnerElement::frameOwnerPropertiesChanged() {
+  updateContainerPolicy();

[lunalu1, 2017/04/05 22:30:03]

I don't think we need to update it here?

[iclelland, 2017/04/09 03:25:54]

Thanks; that was older code from a previous iteration I should have removed.
Done.

   // Don't notify about updates if contentFrame() is null, for example when
   // the subframe hasn't been created yet.
   if (contentFrame())
@@ -240,6 +253,10 @@ HTMLFrameOwnerElement::allowedFeatures() const {
   return features;
 }
 
+const WebParsedFeaturePolicy& HTMLFrameOwnerElement::containerPolicy() const {
+  return m_containerPolicy;
+}
+
 Document* HTMLFrameOwnerElement::getSVGDocument(
     ExceptionState& exceptionState) const {
   Document* doc = contentDocument();
@@ -308,6 +325,9 @@ bool HTMLFrameOwnerElement::loadOrRedirectSubframe(
     const KURL& url,
     const AtomicString& frameName,
     bool replaceCurrentItem) {
+  m_absoluteURL = url;

[lunalu1, 2017/04/05 22:30:03]

it seems like this is the only place this url is used. Why can't we just pass
this url to updateContainerPolicy() so that we don't need to store it as a class
member?

[iclelland, 2017/04/09 03:25:54]

Thanks for catching that -- we don't need to anymore, so I've removed it.

+  updateContainerPolicy();
+
   LocalFrame* parentFrame = document().frame();
   if (contentFrame()) {
     contentFrame()->navigate(document(), url, replaceCurrentItem,