Move PlzNavigate frame-src CSP check to NavigationRequest

content/browser/frame_host/navigation_request.cc

 // Copyright 2014 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "content/browser/frame_host/navigation_request.h"
 
 #include <utility>
 
 #include "base/memory/ptr_util.h"
 #include "content/browser/appcache/appcache_navigation_handle.h"
@@ skipping 365 matching lines @@
 
 NavigationRequest::~NavigationRequest() {
   TRACE_EVENT_ASYNC_END0("navigation", "NavigationRequest", this);
 }
 
 void NavigationRequest::BeginNavigation() {
   DCHECK(!loader_);
   DCHECK(state_ == NOT_STARTED || state_ == WAITING_FOR_RENDERER_RESPONSE);
   TRACE_EVENT_ASYNC_STEP_INTO0("navigation", "NavigationRequest", this,
                                "BeginNavigation");
+
   state_ = STARTED;
+
+  // Check Content Security Policy before the NavigationThrottles run. This
+  // gives CSP a chance to modify requests that NavigationThrottles would
+  // otherwise block. Similarly, the NavigationHandle is created afterwards, so
+  // that it gets the request URL after potentially being modified by CSP.
+  if (CheckContentSecurityPolicyFrameSrc(false /* is redirect */) ==
+      CONTENT_SECURITY_POLICY_CHECK_FAILED) {
+    // Create a navigation handle so that the correct error code can be set on
+    // it by OnRequestFailed().
+    CreateNavigationHandle();
+    OnRequestFailed(false, net::ERR_BLOCKED_BY_CLIENT);
+
+    // DO NOT ADD CODE after this. The previous call to OnRequestFailed has
+    // destroyed the NavigationRequest.
+    return;
+  }
+
   CreateNavigationHandle();
 
   RenderFrameDevToolsAgentHost::OnBeforeNavigation(navigation_handle_.get());
 
   if (ShouldMakeNetworkRequestForURL(common_params_.url) &&
       !navigation_handle_->IsSameDocument()) {
     // It's safe to use base::Unretained because this NavigationRequest owns
     // the NavigationHandle where the callback will be stored.
     // TODO(clamy): pass the method to the NavigationHandle instead of a
     // boolean.
@@ skipping 104 matching lines @@
   request_params_.redirect_response.push_back(response->head);
   request_params_.redirect_infos.push_back(redirect_info);
 
   request_params_.redirects.push_back(common_params_.url);
   common_params_.url = redirect_info.new_url;
   common_params_.method = redirect_info.new_method;
   common_params_.referrer.url = GURL(redirect_info.new_referrer);
   common_params_.referrer =
       Referrer::SanitizeForRequest(common_params_.url, common_params_.referrer);
 
+  // Check Content Security Policy before the NavigationThrottles run. This
+  // gives CSP a chance to modify requests that NavigationThrottles would
+  // otherwise block.
+  if (CheckContentSecurityPolicyFrameSrc(true /* is redirect */) ==
+      CONTENT_SECURITY_POLICY_CHECK_FAILED) {
+    OnRequestFailed(false, net::ERR_BLOCKED_BY_CLIENT);
+
+    // DO NOT ADD CODE after this. The previous call to OnRequestFailed has
+    // destroyed the NavigationRequest.
+    return;
+  }
+
   // For non browser initiated navigations we need to check if the source has
   // access to the URL. We always allow browser initiated requests.
   // TODO(clamy): Kill the renderer if FilterURL fails?
   GURL url = common_params_.url;
   if (!browser_initiated_ && source_site_instance()) {
     source_site_instance()->GetProcess()->FilterURL(false, &url);
     // FilterURL sets the URL to about:blank if the CSP checks prevent the
     // renderer from accessing it.
     if ((url == url::kAboutBlankURL) && (url != common_params_.url)) {
       navigation_handle_->set_net_error_code(net::ERR_ABORTED);
@@ skipping 366 matching lines @@
 
   DCHECK_EQ(request_params_.has_user_gesture, begin_params_.has_user_gesture);
 
   render_frame_host->CommitNavigation(response_.get(), std::move(body_),
                                       std::move(handle_), common_params_,
                                       request_params_, is_view_source_);
 
   frame_tree_node_->ResetNavigationRequest(true, true);
 }
 
+NavigationRequest::ContentSecurityPolicyCheckResult
+NavigationRequest::CheckContentSecurityPolicyFrameSrc(bool is_redirect) {
+  if (common_params_.url.SchemeIs(url::kAboutScheme))
+    return CONTENT_SECURITY_POLICY_CHECK_PASSED;
+
+  if (common_params_.should_check_main_world_csp ==
+      CSPDisposition::DO_NOT_CHECK) {
+    return CONTENT_SECURITY_POLICY_CHECK_PASSED;
+  }
+
+  // The CSP frame-src directive only applies to subframes.
+  if (frame_tree_node()->IsMainFrame())
+    return CONTENT_SECURITY_POLICY_CHECK_PASSED;
+
+  FrameTreeNode* parent_ftn = frame_tree_node()->parent();
+  DCHECK(parent_ftn);
+  RenderFrameHostImpl* parent = parent_ftn->current_frame_host();
+  DCHECK(parent);
+
+  if (parent->IsAllowedByCsp(
+          CSPDirective::FrameSrc, common_params_.url, is_redirect,
+          common_params_.source_location.value_or(SourceLocation()))) {
+    return CONTENT_SECURITY_POLICY_CHECK_PASSED;
+  }
+
+  return CONTENT_SECURITY_POLICY_CHECK_FAILED;
+}
+
 }  // namespace content