From fe50e76fa445ff8e6fc3d18bb4b8d3a6b1408730 Mon Sep 17 00:00:00 2001 From: lgarron Date: Mon, 11 May 2015 16:14:28 -0700 Subject: [PATCH] Switch Fizzy //components to use SchemeIsCryptographic() instead of SchemeIsSecure(). We recently introduced SchemeIsCryptographic() and IsOriginSecure(), which are meant to replace SchemeIsSecure(). IsOriginSecure() roughly means "do we trust this content not to be tampered with before it reaches the user?" [1] This is a higher-level definition that corresponds to the new "privileged contexts" spec. [2] SchemeIsCryptographic() [3] is close to the old definition of SchemeIsSecure(), and literally just checks if the scheme is a cryptographic scheme (HTTPS or WSS as of right now). The difference is that SchemeIsCryptographic() will not consider filesystem URLs secure. [1] https://code.google.com/p/chromium/codesearch#chromium/src/content/public/common/origin_util.h&sq=package:chromium&type=cs&l=19&rcl=143099866 [2] https://www.chromium.org/Home/chromium-security/prefer-secure-origins-for-powerful-new-features and https://w3c.github.io/webappsec/specs/powerfulfeatures/ [3] https://code.google.com/p/chromium/codesearch#chromium/src/url/gurl.h&sq=package:chromium&type=cs&l=250&rcl=1430998666 BUG=362214 Review URL: https://codereview.chromium.org/1128363006 Cr-Commit-Position: refs/heads/master@{#329269} --- .../autofill/content/browser/wallet/wallet_service_url_unittest.cc | 2 +- components/content_settings/core/browser/host_content_settings_map.cc | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/components/autofill/content/browser/wallet/wallet_service_url_unittest.cc b/components/autofill/content/browser/wallet/wallet_service_url_unittest.cc index de289e668e69..9bab781ef58e 100644 --- a/components/autofill/content/browser/wallet/wallet_service_url_unittest.cc +++ b/components/autofill/content/browser/wallet/wallet_service_url_unittest.cc @@ -115,7 +115,7 @@ TEST(WalletServiceUrl, IsUsingProd) { } TEST(WalletServiceUrl, IsSignInContinueUrl) { - EXPECT_TRUE(GetSignInContinueUrl().SchemeIsSecure()); + EXPECT_TRUE(GetSignInContinueUrl().SchemeIsCryptographic()); base::CommandLine* command_line = base::CommandLine::ForCurrentProcess(); command_line->AppendSwitchASCII(switches::kWalletServiceUseSandbox, "1"); diff --git a/components/content_settings/core/browser/host_content_settings_map.cc b/components/content_settings/core/browser/host_content_settings_map.cc index 73dd8092522d..0294e3ab7f96 100644 --- a/components/content_settings/core/browser/host_content_settings_map.cc +++ b/components/content_settings/core/browser/host_content_settings_map.cc @@ -659,7 +659,7 @@ bool HostContentSettingsMap::ShouldAllowAllContent( #endif if (secondary_url.SchemeIs(kChromeUIScheme) && content_type == CONTENT_SETTINGS_TYPE_COOKIES && - primary_url.SchemeIsSecure()) { + primary_url.SchemeIsCryptographic()) { return true; } #if defined(ENABLE_EXTENSIONS) -- 2.11.4.GIT