Initialize a default feature policy for all documents

third_party/WebKit/Source/core/dom/Document.cpp

Index: third_party/WebKit/Source/core/dom/Document.cpp
diff --git a/third_party/WebKit/Source/core/dom/Document.cpp b/third_party/WebKit/Source/core/dom/Document.cpp
index 40508c11896ec1f91f886ba887cdda5c61bd8846..ab609189a293f91cf8fd33101547fc280a94cf9b 100644
--- a/third_party/WebKit/Source/core/dom/Document.cpp
+++ b/third_party/WebKit/Source/core/dom/Document.cpp
@@ -5643,6 +5643,48 @@ HTMLLinkElement* Document::LinkManifest() const {
   return 0;
 }
 
+void Document::SetFeaturePolicy(const String& feature_policy_header) {
+  if (!RuntimeEnabledFeatures::featurePolicyEnabled())
+    return;
+
+  WebFeaturePolicy* parent_feature_policy = nullptr;
+  WebParsedFeaturePolicy container_policy;
+  Vector<String> messages;
+  const WebParsedFeaturePolicy& parsed_header =
+      ParseFeaturePolicy(feature_policy_header, GetSecurityOrigin(), &messages);
+
+  // If this frame is not the main frame, then get the appropriate parent policy
+  // and container policy to construct the policy for this frame.
+  if (frame_) {
+    if (!frame_->IsMainFrame()) {
+      parent_feature_policy =
+          frame_->Tree().Parent()->GetSecurityContext()->GetFeaturePolicy();
+    }
+    if (frame_->Owner())
+      container_policy = frame_->Owner()->ContainerPolicy();
+  }
+
+  // Check that if there is a parent frame, that its feature policy is
+  // correctly initialized. Crash if that is not the case. (Temporary crash for
+  // isolating the cause of https://crbug.com/722333)
+  // Note that even with this check removed, the process will stil crash in
+  // feature_policy.cc when it attempts to dereference parent_feature_policy.
+  // This check is to distinguish between two possible causes.
+  if (!container_policy.empty())
+    CHECK(frame_ && (frame_->IsMainFrame() || parent_feature_policy));
+
+  InitializeFeaturePolicy(parsed_header, container_policy,
+                          parent_feature_policy);
+
+  for (auto& message : messages) {

[jbroman, 2017/05/26 18:33:16]

nit: prefer "const auto&" where possible

[iclelland, 2017/05/26 19:14:25]

Done.

+    AddConsoleMessage(
+        ConsoleMessage::Create(kOtherMessageSource, kErrorMessageLevel,
+                               "Error with Feature-Policy header: " + message));
+  }
+  if (frame_ && !parsed_header.empty())
+    frame_->Client()->DidSetFeaturePolicyHeader(parsed_header);
+}
+
 void Document::InitSecurityContext(const DocumentInit& initializer) {
   DCHECK(!GetSecurityOrigin());
 
@@ -5652,6 +5694,7 @@ void Document::InitSecurityContext(const DocumentInit& initializer) {
     cookie_url_ = KURL(kParsedURLString, g_empty_string);
     SetSecurityOrigin(SecurityOrigin::CreateUnique());
     InitContentSecurityPolicy();
+    SetFeaturePolicy("");

[jbroman, 2017/05/26 18:33:16]

super-nit: g_empty_string is slightly more efficient than "", here and below

[iclelland, 2017/05/26 19:14:26]

Done (both instances).

     // Unique security origins cannot have a suborigin
     return;
   }
@@ -5752,6 +5795,8 @@ void Document::InitSecurityContext(const DocumentInit& initializer) {
 
   if (GetSecurityOrigin()->HasSuborigin())
     EnforceSuborigin(*GetSecurityOrigin()->GetSuborigin());
+
+  SetFeaturePolicy("");
 }
 
 void Document::InitContentSecurityPolicy(ContentSecurityPolicy* csp) {