CSP: Use a specified frame for reporting 'frame-ancestors' violations.

Source/core/frame/csp/ContentSecurityPolicy.h

 /*
  * Copyright (C) 2011 Google, Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
  * 1. Redistributions of source code must retain the above copyright
  *    notice, this list of conditions and the following disclaimer.
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in the
@@ skipping 107 matching lines @@
     bool allowScriptFromSource(const KURL&, ReportingStatus = SendReport) const;
     bool allowObjectFromSource(const KURL&, ReportingStatus = SendReport) const;
     bool allowChildFrameFromSource(const KURL&, ReportingStatus = SendReport) const;
     bool allowImageFromSource(const KURL&, ReportingStatus = SendReport) const;
     bool allowStyleFromSource(const KURL&, ReportingStatus = SendReport) const;
     bool allowFontFromSource(const KURL&, ReportingStatus = SendReport) const;
     bool allowMediaFromSource(const KURL&, ReportingStatus = SendReport) const;
     bool allowConnectToSource(const KURL&, ReportingStatus = SendReport) const;
     bool allowFormAction(const KURL&, ReportingStatus = SendReport) const;
     bool allowBaseURI(const KURL&, ReportingStatus = SendReport) const;
-    bool allowAncestors(LocalFrame*, ReportingStatus = SendReport) const;
+    bool allowAncestors(LocalFrame*, const KURL&, ReportingStatus = SendReport) const;
     bool allowChildContextFromSource(const KURL&, ReportingStatus = SendReport) const;
     bool allowWorkerContextFromSource(const KURL&, ReportingStatus = SendReport) const;
 
     // The nonce and hash allow functions are guaranteed to not have any side
     // effects, including reporting.
     // Nonce/Hash functions check all policies relating to use of a script/style
     // with the given nonce/hash and return true all CSP policies allow it.
     // If these return true, callers can then process the content or
     // issue a load and be safe disabling any further CSP checks.
     bool allowScriptWithNonce(const String& nonce) const;
     bool allowStyleWithNonce(const String& nonce) const;
     bool allowScriptWithHash(const String& source) const;
     bool allowStyleWithHash(const String& source) const;
 
     void usesScriptHashAlgorithms(uint8_t ContentSecurityPolicyHashAlgorithm);
     void usesStyleHashAlgorithms(uint8_t ContentSecurityPolicyHashAlgorithm);
 
     ReflectedXSSDisposition reflectedXSSDisposition() const;
 
     ReferrerPolicy referrerPolicy() const;
     bool didSetReferrerPolicy() const;
 
     void setOverrideAllowInlineStyle(bool);
     void setOverrideURLForSelf(const KURL&);
 
     bool isActive() const;
 
-    void logToConsole(PassRefPtr<ConsoleMessage>);
+    // If a frame is passed in, the message will be logged to its active document's console.
+    // Otherwise, the message will be logged to this object's |m_executionContext|.
+    void logToConsole(PassRefPtr<ConsoleMessage>, LocalFrame* = 0);
 
     void reportDirectiveAsSourceExpression(const String& directiveName, const String& sourceExpression);
     void reportDuplicateDirective(const String&);
     void reportInvalidDirectiveValueCharacter(const String& directiveName, const String& value);
     void reportInvalidPathCharacter(const String& directiveName, const String& value, const char);
     void reportInvalidPluginTypes(const String&);
     void reportInvalidSandboxFlags(const String&);
     void reportInvalidSourceExpression(const String& directiveName, const String& source);
     void reportInvalidReflectedXSS(const String&);
     void reportMissingReportURI(const String&);
     void reportUnsupportedDirective(const String&);
     void reportInvalidInReportOnly(const String&);
     void reportInvalidReferrer(const String&);
     void reportReportOnlyInMeta(const String&);
     void reportMetaOutsideHead(const String&);
-    void reportViolation(const String& directiveText, const String& effectiveDirective, const String& consoleMessage, const KURL& blockedURL, const Vector<String>& reportEndpoints, const String& header);
+
+    // If a frame is passed in, the report will be sent using it as a context. If no frame is
+    // passed in, the report will be sent via this object's |m_executionContext| (or dropped
+    // on the floor if no such context is available).
+    void reportViolation(const String& directiveText, const String& effectiveDirective, const String& consoleMessage, const KURL& blockedURL, const Vector<String>& reportEndpoints, const String& header, LocalFrame* = 0);
 
     void reportBlockedScriptExecutionToInspector(const String& directiveText) const;
 
     const KURL url() const;
     void enforceSandboxFlags(SandboxFlags);
     String evalDisabledErrorMessage() const;
 
     bool urlMatchesSelf(const KURL&) const;
     bool protocolMatchesSelf(const KURL&) const;
 
@@ skipping 35 matching lines @@
     SandboxFlags m_sandboxMask;
     ReferrerPolicy m_referrerPolicy;
     String m_disableEvalErrorMessage;
 
     OwnPtr<CSPSource> m_selfSource;
 };
 
 }
 
 #endif