| commit | fe50e76fa445ff8e6fc3d18bb4b8d3a6b1408730 | |
| author | lgarron <lgarron@chromium.org> | |
| Mon, 11 May 2015 23:14:28 +0000 (11 16:14 -0700) | ||
| committer | Commit bot <commit-bot@chromium.org> | |
| Mon, 11 May 2015 23:14:48 +0000 (11 23:14 +0000) | ||
| tree | 78638cb9b9034c8d88c7658a84a0a06c295b19e5 | treesnapshot (tar.gz zip) |
| parent | 988c697aff35b3fd347dec35f2f2ac159c8328a9 | commitdiff |
Switch Fizzy //components to use SchemeIsCryptographic() instead of SchemeIsSecure().
We recently introduced SchemeIsCryptographic() and IsOriginSecure(),
which are meant to replace SchemeIsSecure().
IsOriginSecure() roughly means "do we trust this content not to be
tampered with before it reaches the user?" [1] This is a higher-level
definition that corresponds to the new "privileged contexts" spec. [2]
SchemeIsCryptographic() [3] is close to the old definition of
SchemeIsSecure(), and literally just checks if the scheme is a
cryptographic scheme (HTTPS or WSS as of right now). The difference is
that SchemeIsCryptographic() will not consider filesystem URLs secure.
[1] https://code.google.com/p/chromium/codesearch#chromium/src/content/public/common/origin_util.h&sq=package:chromium&type=cs&l=19&rcl=143099866
[2] https://www.chromium.org/Home/chromium-security/prefer-secure-origins-for-powerful-new-features and https://w3c.github.io/webappsec/specs/powerfulfeatures/
[3] https://code.google.com/p/chromium/codesearch#chromium/src/url/gurl.h&sq=package:chromium&type=cs&l=250&rcl=1430998666
BUG=362214
Review URL: https://codereview.chromium.org/1128363006
Cr-Commit-Position: refs/heads/master@{#329269}
We recently introduced SchemeIsCryptographic() and IsOriginSecure(),
which are meant to replace SchemeIsSecure().
IsOriginSecure() roughly means "do we trust this content not to be
tampered with before it reaches the user?" [1] This is a higher-level
definition that corresponds to the new "privileged contexts" spec. [2]
SchemeIsCryptographic() [3] is close to the old definition of
SchemeIsSecure(), and literally just checks if the scheme is a
cryptographic scheme (HTTPS or WSS as of right now). The difference is
that SchemeIsCryptographic() will not consider filesystem URLs secure.
[1] https://code.google.com/p/chromium/codesearch#chromium/src/content/public/common/origin_util.h&sq=package:chromium&type=cs&l=19&rcl=143099866
[2] https://www.chromium.org/Home/chromium-security/prefer-secure-origins-for-powerful-new-features and https://w3c.github.io/webappsec/specs/powerfulfeatures/
[3] https://code.google.com/p/chromium/codesearch#chromium/src/url/gurl.h&sq=package:chromium&type=cs&l=250&rcl=1430998666
BUG=362214
Review URL: https://codereview.chromium.org/1128363006
Cr-Commit-Position: refs/heads/master@{#329269}
| components/autofill/content/browser/wallet/wallet_service_url_unittest.cc | diffblobblamehistory | |
| components/content_settings/core/browser/host_content_settings_map.cc | diffblobblamehistory |