Don't process HSTS/HPKP headers when host is an IP address

net/test/spawned_test_server/base_test_server.h

 // Copyright 2013 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #ifndef NET_TEST_SPAWNED_TEST_SERVER_BASE_TEST_SERVER_H_
 #define NET_TEST_SPAWNED_TEST_SERVER_BASE_TEST_SERVER_H_
 
 #include <string>
 #include <utility>
 #include <vector>
@@ skipping 43 matching lines @@
       // by "Testing CA" (see net/data/ssl/certificates/ocsp-test-root.pem).
       CERT_AUTO,
 
       CERT_MISMATCHED_NAME,
       CERT_EXPIRED,
       // Cross-signed certificate to test PKIX path building. Contains an
       // intermediate cross-signed by an unknown root, while the client (via
       // TestRootStore) is expected to have a self-signed version of the
       // intermediate.
       CERT_CHAIN_WRONG_ROOT,
+
+      // Causes the testserver to use a hostname that is a domain
+      // instead of an IP.
+      CERT_COMMON_NAME_IS_DOMAIN,

[Ryan Sleevi, 2015/04/04 00:35:24]

So unlike 57-63, this isn't an error case.

How about moving this block to line 52, and renaming it something like

CERT_OK_FOR_LOCALHOST


To indicate it's a valid cert and such.

[estark, 2015/04/06 16:41:13]

Done.

     };
 
     // OCSPStatus enumerates the types of OCSP response that the testserver
     // can produce.
     enum OCSPStatus {
       OCSP_OK,
       OCSP_REVOKED,
       OCSP_INVALID,
       OCSP_UNAUTHORIZED,
       OCSP_UNKNOWN,
@@ skipping 253 matching lines @@
   bool ws_basic_auth_;
 
   scoped_ptr<ScopedPortException> allowed_port_;
 
   DISALLOW_COPY_AND_ASSIGN(BaseTestServer);
 };
 
 }  // namespace net
 
 #endif  // NET_TEST_SPAWNED_TEST_SERVER_BASE_TEST_SERVER_H_