Don't autofill credit cards on non-secure pages

android_webview/native/aw_autofill_client.cc

Index: android_webview/native/aw_autofill_client.cc
diff --git a/android_webview/native/aw_autofill_client.cc b/android_webview/native/aw_autofill_client.cc
index 613d22ba8804f7b711196be4fffb220515b86b78..1735344a7073e99fff3c7454cb03590895b1e842 100644
--- a/android_webview/native/aw_autofill_client.cc
+++ b/android_webview/native/aw_autofill_client.cc
@@ -180,6 +180,12 @@ void AwAutofillClient::LinkClicked(const GURL& url,
   NOTIMPLEMENTED();
 }
 
+bool AwAutofillClient::IsContextSecure(const GURL& form_origin) {
+  // TODO (sigbjorn): Return if the context is secure, not just

[boliu, 2015/06/30 16:20:06]

Android webview can use the same implementation as chrome I think?

If ios can do the same thing, then a better api would be to have the client
return SSLStatus. Then most of the implementation can be shared in the autofill
component.

[sigbjorn, 2015/07/01 07:28:14]

Good point. Perhaps bondd can answer this question? Can iOS in
AutofillClientIOS::IsContextSecure access the SSLStatus of the form's page? (If
so, could you assist with code to do so?)

+  // the form_origin. See crbug.com/505390
+  return form_origin.SchemeIsCryptographic();
+}
+
 void AwAutofillClient::SuggestionSelected(JNIEnv* env,
                                           jobject object,
                                           jint position) {