Make HSTS headers not clobber preloaded pins.

net/http/transport_security_state.cc

Index: net/http/transport_security_state.cc
diff --git a/net/http/transport_security_state.cc b/net/http/transport_security_state.cc
index 2515a4bec53b5f055e8e32bd1b5179cbcb2b6649..7836ae802fc7ac5619eb6d42122a68589802b0b7 100644
--- a/net/http/transport_security_state.cc
+++ b/net/http/transport_security_state.cc
@@ -607,7 +607,7 @@ bool TransportSecurityState::AddHSTSHeader(const std::string& host,
   base::Time now = base::Time::Now();
   base::TimeDelta max_age;
   TransportSecurityState::DomainState domain_state;
-  GetDynamicDomainState(host, &domain_state);
+  GetDomainState(host, true, &domain_state);

[agl, 2013/12/18 15:49:19]

GetDomainState(host, true /* SNI enabled */, &domain_state);

(And below.)

[palmer, 2013/12/18 21:04:40]

Done.

   if (ParseHSTSHeader(value, &max_age, &domain_state.sts_include_subdomains)) {
     // Handle max-age == 0
     if (max_age.InSeconds() == 0)
@@ -630,7 +630,7 @@ bool TransportSecurityState::AddHPKPHeader(const std::string& host,
   base::Time now = base::Time::Now();
   base::TimeDelta max_age;
   TransportSecurityState::DomainState domain_state;
-  GetDynamicDomainState(host, &domain_state);
+  GetDomainState(host, true, &domain_state);
   if (ParseHPKPHeader(value, ssl_info.public_key_hashes,
                       &max_age, &domain_state.pkp_include_subdomains,
                       &domain_state.dynamic_spki_hashes)) {