With PlzNavigate, the 'frame-src'/'child-src' and 'form-action' CSP are checked on the renderer, it works in the main case, but it fails when there is a redirect since the navigation is no more handled by the renderer at this moment.
This two CSP should be enforced on the browser-side.
Putting it back. I mistook the directives mentioned here for the 'frame-ancestor' directive. 'frame-ancestor' we don't need to execute on redirects, but these ones should be executed on redirects.
Comment 1 by clamy@chromium.org
, Jan 25 2017