PlzNavigate: Do not disclose urls between cross-origin renderers.

content/common/content_security_policy/csp_context.h

Index: content/common/content_security_policy/csp_context.h
diff --git a/content/common/content_security_policy/csp_context.h b/content/common/content_security_policy/csp_context.h
index cc5f3b50873a7a62ce363cf3cf9f14f74ce28827..54cd947c3de0e28367b3e8ec4ffb64a888e261d9 100644
--- a/content/common/content_security_policy/csp_context.h
+++ b/content/common/content_security_policy/csp_context.h
@@ -55,6 +55,11 @@ class CONTENT_EXPORT CSPContext {
 
   virtual bool SchemeShouldBypassCSP(const base::StringPiece& scheme);
 
+  // For security reasons, some urls must not be disclosed in console error
+  // messages, source location and reports. When this function returns false,

[alexmos, 2017/05/10 22:33:08]

Note: using those URLs in console error messages is fine/fixable, as long as
only the devtools process knows them, and we don't pass them through the
renderer process (see by comment on the disabled tests below).

[arthursonzogni, 2017/05/11 13:06:23]

Yes, using those URLs will be fine as soon as we will be able to send console
error message directly to the devtool process without using the renderer process
in between. I don't know how hard it is.

+  // only the url's origin is displayed instead.

[alexmos, 2017/05/10 22:33:08]

This latter part doesn't apply to SourceLocation, which you clear out entirely,
so perhaps the wording can account for that?  (I.e., it can clarify that it's
the blocked_url in violation events that is converted to origins.)

[arthursonzogni, 2017/05/11 13:06:23]

source_location is used in console message and in reports.
I need to fix this comment. It looks weird.

+  virtual bool IsOriginSafeToUseInCspViolation(const url::Origin& origin) const;
+
  private:
   bool has_self_ = false;
   std::string self_scheme_;