Block redirects to renderer-debug urls.

content/public/browser/child_process_security_policy.h

Index: content/public/browser/child_process_security_policy.h
diff --git a/content/public/browser/child_process_security_policy.h b/content/public/browser/child_process_security_policy.h
index 1bbe218dc6009e3b36b09fde7c7cd9113e8506c7..396777370d11c4f050842f45044d76df644a3d56 100644
--- a/content/public/browser/child_process_security_policy.h
+++ b/content/public/browser/child_process_security_policy.h
@@ -87,6 +87,9 @@ class ChildProcessSecurityPolicy {
   // calls this method to determine whether it is safe.
   virtual bool CanRequestURL(int child_id, const GURL& url) = 0;
 
+  // Determine whether a redirect is allowed to proceed.

[Charlie Reis, 2017/07/07 17:13:00]

Please clarify why this needs to be different than CanRequestURL.  It's not
obvious at first glance how they would differ.

[arthursonzogni, 2017/07/10 16:07:04]

Done.

+  virtual bool CanRedirectToURL(const GURL& url) = 0;

[Charlie Reis, 2017/07/07 17:13:00]

This doesn't appear to be used outside content/, so it shouldn't be in the
public interface.  Can you make it be a public method on
ChildProcessSecurityPolicyImpl instead?

[arthursonzogni, 2017/07/10 16:07:04]

Done.

+
   // Whether the process is allowed to commit a document from the given URL.
   // This is more restrictive than CanRequestURL, since CanRequestURL allows
   // requests that might lead to cross-process navigations or external protocol