PlzNavigate: Do not disclose urls between cross-origin renderers.

content/common/content_security_policy/csp_context.h

 // Copyright 2017 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #ifndef CONTENT_COMMON_CONTENT_SECURITY_POLICY_CSP_CONTEXT_H_
 #define CONTENT_COMMON_CONTENT_SECURITY_POLICY_CSP_CONTEXT_H_
 
 #include <vector>
 
 #include "content/common/content_export.h"
@@ skipping 37 matching lines @@
 
   bool SelfSchemeShouldBypassCsp();
 
   void ResetContentSecurityPolicies() { policies_.clear(); }
   void AddContentSecurityPolicy(const ContentSecurityPolicy& policy) {
     policies_.push_back(policy);
   }
 
   virtual bool SchemeShouldBypassCSP(const base::StringPiece& scheme);
 
+  // For security reasons, some urls must not be disclosed cross-origin in
+  // violation reports. This includes the blocked url and the url of the
+  // initiator of the navigation. This information is potentially transmitted
+  // between different renderer processes.
+  // TODO(arthursonzogni): Stop hiding sensitive parts of URLs in console error
+  // messages as soon as there is a way to send them to the devtools process
+  // without the round trip in the renderer process.
+  // See https://crbug.com/721329
+  virtual void SanitizeDataForUseInCspViolation(
+      bool is_redirect,
+      CSPDirective::Name directive,
+      GURL* blocked_url,
+      SourceLocation* source_location) const;
+
  private:
   bool has_self_ = false;
   std::string self_scheme_;
   CSPSource self_source_;
 
   std::vector<ContentSecurityPolicy> policies_;
 
   DISALLOW_COPY_AND_ASSIGN(CSPContext);
 };
 
@@ skipping 38 matching lines @@
 
   // Whether or not the violation happens after a redirect.
   bool after_redirect;
 
   // The source code location that triggered the blocked navigation.
   SourceLocation source_location;
 };
 
 }  // namespace content
 #endif  // CONTENT_COMMON_CONTENT_SECURITY_POLICY_CSP_CONTEXT_H_