Switch web API/permission code to use IsOriginSecure() instead of SchemeIsSecure().

content/browser/appcache/appcache_update_job.cc

Index: content/browser/appcache/appcache_update_job.cc
diff --git a/content/browser/appcache/appcache_update_job.cc b/content/browser/appcache/appcache_update_job.cc
index 4b212861222e0f15a560f871888c4f64860f7ed2..881e23b4f4b63cfd5dd219855c0e7605ac3e83c5 100644
--- a/content/browser/appcache/appcache_update_job.cc
+++ b/content/browser/appcache/appcache_update_job.cc
@@ -10,6 +10,7 @@
 #include "base/strings/string_util.h"
 #include "base/strings/stringprintf.h"
 #include "base/thread_task_runner_handle.h"
+#include "chrome/common/origin_util.h"

[jww, 2015/04/23 18:24:02]

Given what's used below, you're not using this header, so it should be removed.

[lgarron, 2015/04/23 23:05:51]

Done.

 #include "content/browser/appcache/appcache_group.h"
 #include "content/browser/appcache/appcache_histograms.h"
 #include "content/public/browser/browser_thread.h"
@@ -169,7 +170,7 @@ void AppCacheUpdateJob::URLFetcher::OnResponseStarted(
     return;
   }
 
-  if (url_.SchemeIsSecure()) {
+  if (url_.SchemeIsCryptographic()) {

[jww, 2015/04/23 18:24:02]

Why this check? Why not OriginIsSecure()?

[lgarron, 2015/04/23 23:05:51]

There's a comment in the first patch. The code below makes sure that resources
with cert errors are not appcached. Presumably, that only makes sense if the
scheme is actually cryptographic.

     // Do not cache content with cert errors.
     // Also, we willfully violate the HTML5 spec at this point in order
     // to support the appcaching of cross-origin HTTPS resources.