PlzNavigate: Do not disclose urls between cross-origin renderers.

content/common/content_security_policy/csp_context.h

Index: content/common/content_security_policy/csp_context.h
diff --git a/content/common/content_security_policy/csp_context.h b/content/common/content_security_policy/csp_context.h
index cc5f3b50873a7a62ce363cf3cf9f14f74ce28827..4cf89b92001ff51ed3ec4abfb00a510eefb0e662 100644
--- a/content/common/content_security_policy/csp_context.h
+++ b/content/common/content_security_policy/csp_context.h
@@ -55,6 +55,20 @@ class CONTENT_EXPORT CSPContext {
 
   virtual bool SchemeShouldBypassCSP(const base::StringPiece& scheme);
 
+  // For security reasons, some urls must not be disclosed cross-origin in
+  // violation reports. This includes the blocked url and the url of the
+  // initiator of the navigation. This information is potentially transmitted
+  // between different renderer processes.
+  // TODO(arthursonzogni): Stop hiding sensitive parts of URLs in console error
+  // messages as soon as there is a way to send them to the devtools process
+  // without the round trip in the renderer process.
+  // See https://crbug.com/721329
+  virtual void SanitizeDataForUseInCspViolation(
+      bool is_redirect,
+      CSPDirective::Name directive,
+      GURL* blocked_url,
+      SourceLocation* source_location) const;
+
  private:
   bool has_self_ = false;
   std::string self_scheme_;