Forgot to mention, need to run wpt server

Thanks for the report!  Can you clarify what you mean by "replicated state isn't replicated correctly either?"  A null origin might be expected in some cases, such as data URLs, so I'm not sure if there's a more general bug here.

For reference, I think this is the patch you're referring to, correct?
https://chromium-review.googlesource.com/c/chromium/src/+/887324/4/content/renderer/render_frame_proxy.cc

Re creis@, yes, that is what I am referring to. Sorry for the confusion. 

Thanks.  dcheng@, can you help triage this?  Sounds like you were chatting with loonybear@ about it.

loonybear@: Can you elaborate what the bug is here?  I just tested geolocation in an OOPIF (by injecting https://csreis.github.io/tests/geolocation.html into an iframe in https://www.chromium.org with an allow="geolocation" attribute) and it worked.

Context:
https://sites.google.com/a/chromium.org/dev/Home/chromium-security/deprecating-permissions-in-cross-origin-iframes

Sorry, I should have been more clear.

Yes it will work properly a document with a OOPIF iframe.

It is the nested case that it is not working:

Top-level: a.com (http header "Feature-Policy: fullscreen *")
    <iframe src="b.com"> (http header "Feature-Policy: fullscreen *")
        <iframe src="c.com"> fullscreen should be allowed here through inheritance but the header policies are not replicated properly here
        </iframe>
    </iframe>

I've been trying to track this down today as well. It may be a matter of the feature policy header (not the allow attribute) not being replicated properly on navigation commit, but that's speculation at this point.

You can also replicate this with the external/wpt/feature-policy/feature-policy-nested-header-policy-allowed-for-all.https.sub.html layout test, if you enable site isolation, and --isolate-origins all of the WPT origins.

That test fails on one test case (with five successes):
PASS Test nested header policy with local iframe on policy "fullscreen *"
PASS Test nested header policy with local iframe on policy "fullscreen 'self'"
PASS Test nested header policy with local iframe on policy "fullscreen 'none'"
FAIL Test nested header policy with remote iframe on policy "fullscreen *" assert_true: remote_all: expected true got false
PASS Test nested header policy with remote iframe on policy "fullscreen 'self'"
PASS Test nested header policy with remote iframe on policy "fullscreen 'none'"

However, it is sensitive to the ordering of the tests: it doesn't fail if you try to isolate just that one case. If it runs after any of the other tests, it will fail. In fact, either of the "fullscreen *" tests will fail if they are not the first test case.

I think I've tracked this down to this scenario, which is apparently not covered by browser tests:

If an existing frame (with an existing proxy in another process) is navigated to a page with a feature policy header, that header is sent to the browser, and stored in the FTN's frame_replication_state, but is *not* replicated to the proxy. Then, if another frame in the remote site is created within that one, it constructs the feature policy based on incorrect information about its parent.

I have a fix for this that needs some cleanup; I'm going do that, and add a browser test to verify it.

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/edb8c5dd6699e8c461f6ed24c863d31b44242f9c

commit edb8c5dd6699e8c461f6ed24c863d31b44242f9c
Author: Ian Clelland <iclelland@chromium.org>
Date: Thu Mar 01 17:01:37 2018

Update feature policy header in proxies on nav

The Feature-Policy HTTP header was not being properly replicated when
set in a frame for which proxies already exist. This change fixes the
problem by ensuring that the header is sent to RenderFrameProxy objects
and properly updated there after a nagivation commits.

Bug:  814887 
Change-Id: I8dc5bcd3b0af28c36183d467ff5b886062dc41a3
Reviewed-on: https://chromium-review.googlesource.com/940422
Commit-Queue: Ian Clelland <iclelland@chromium.org>
Reviewed-by: Daniel Cheng <dcheng@chromium.org>
Reviewed-by: Alex Moshchuk <alexmos@chromium.org>
Cr-Commit-Position: refs/heads/master@{#540189}
[modify] https://crrev.com/edb8c5dd6699e8c461f6ed24c863d31b44242f9c/content/browser/frame_host/frame_tree_node.cc
[modify] https://crrev.com/edb8c5dd6699e8c461f6ed24c863d31b44242f9c/content/browser/frame_host/frame_tree_node.h
[modify] https://crrev.com/edb8c5dd6699e8c461f6ed24c863d31b44242f9c/content/browser/frame_host/render_frame_host_impl.cc
[modify] https://crrev.com/edb8c5dd6699e8c461f6ed24c863d31b44242f9c/content/browser/frame_host/render_frame_host_manager.cc
[modify] https://crrev.com/edb8c5dd6699e8c461f6ed24c863d31b44242f9c/content/browser/frame_host/render_frame_host_manager.h
[modify] https://crrev.com/edb8c5dd6699e8c461f6ed24c863d31b44242f9c/content/browser/site_per_process_browsertest.cc
[modify] https://crrev.com/edb8c5dd6699e8c461f6ed24c863d31b44242f9c/content/common/frame_messages.h
[modify] https://crrev.com/edb8c5dd6699e8c461f6ed24c863d31b44242f9c/content/renderer/render_frame_proxy.cc
[modify] https://crrev.com/edb8c5dd6699e8c461f6ed24c863d31b44242f9c/content/renderer/render_frame_proxy.h
[add] https://crrev.com/edb8c5dd6699e8c461f6ed24c863d31b44242f9c/content/test/data/feature-policy3.html
[add] https://crrev.com/edb8c5dd6699e8c461f6ed24c863d31b44242f9c/content/test/data/feature-policy3.html.mock-http-headers
[add] https://crrev.com/edb8c5dd6699e8c461f6ed24c863d31b44242f9c/content/test/data/feature-policy4.html
[modify] https://crrev.com/edb8c5dd6699e8c461f6ed24c863d31b44242f9c/third_party/WebKit/LayoutTests/FlagExpectations/site-per-process