Block redirects to renderer-debug urls.

content/browser/child_process_security_policy_impl.h

Index: content/browser/child_process_security_policy_impl.h
diff --git a/content/browser/child_process_security_policy_impl.h b/content/browser/child_process_security_policy_impl.h
index 5a5e7407064fe1a0ba9dcb3c8ae2985d74e4051f..60dc521045f282335bac7c5e37c906f0917845a8 100644
--- a/content/browser/child_process_security_policy_impl.h
+++ b/content/browser/child_process_security_policy_impl.h
@@ -270,6 +270,13 @@ class CONTENT_EXPORT ChildProcessSecurityPolicyImpl
   // as ensuring that there are no active SiteInstances in that origin.
   void RemoveIsolatedOriginForTesting(const url::Origin& origin);
 
+  // Returns false for redirects that must be blocked no matter which renderer
+  // process initiated the request (if any).
+  // Note: Checking CanRedirectToURL is not enough. CanRequestURL(child_id, url)
+  //       represents a stricter subset. It must also be used for
+  //       renderer-initiated navigations.
+  bool CanRedirectToURL(const GURL& url);
+
  private:
   friend class ChildProcessSecurityPolicyInProcessBrowserTest;
   friend class ChildProcessSecurityPolicyTest;