Index: content/browser/ssl/ssl_policy.cc |
diff --git a/content/browser/ssl/ssl_policy.cc b/content/browser/ssl/ssl_policy.cc |
index 1d7c981b6e62b5fc49b4d739a8366973be5b51df..b66b47c7ba1a719870206c406a0e97ff56470930 100644 |
--- a/content/browser/ssl/ssl_policy.cc |
+++ b/content/browser/ssl/ssl_policy.cc |
@@ -195,6 +195,11 @@ void SSLPolicy::OnCertErrorInternal(SSLCertErrorHandler* handler, |
return; |
} |
+ // For HSTS hosts all certificate errors are fatal (the user cannot bypass). |
+ // This is indicated by the |must_be_fatal()| flag. |
+ if (handler->must_be_fatal()) |
+ overridable = false; |
wtc
2011/09/23 00:04:51
I think it is better to move this code to the
SSLP
|
+ |
Callback2<SSLCertErrorHandler*, bool>::Type* callback = |
NewCallback(this, &SSLPolicy::OnAllowCertificate); |
content::GetContentClient()->browser()->AllowCertificateError( |