Don't autofill credit cards on non-secure pages

chrome/browser/ui/autofill/chrome_autofill_client.cc

Index: chrome/browser/ui/autofill/chrome_autofill_client.cc
diff --git a/chrome/browser/ui/autofill/chrome_autofill_client.cc b/chrome/browser/ui/autofill/chrome_autofill_client.cc
index ea7ff06fa8e265aee04091223e91ee6a3d63d7fb..2a1385171d7b6621fe64676980664eae1aa3ac6b 100644
--- a/chrome/browser/ui/autofill/chrome_autofill_client.cc
+++ b/chrome/browser/ui/autofill/chrome_autofill_client.cc
@@ -34,6 +34,7 @@
 #include "components/autofill/core/common/autofill_pref_names.h"
 #include "components/password_manager/content/browser/content_password_manager_driver.h"
 #include "components/user_prefs/user_prefs.h"
+#include "content/public/browser/navigation_entry.h"
 #include "content/public/browser/render_frame_host.h"
 #include "ui/gfx/geometry/rect.h"
 
@@ -307,4 +308,18 @@ void ChromeAutofillClient::LinkClicked(const GURL& url,
       url, content::Referrer(), disposition, ui::PAGE_TRANSITION_LINK, false));
 }
 
+bool ChromeAutofillClient::IsContextSecure(const GURL& form_origin) {
+  content::SSLStatus ssl_status;
+  content::NavigationEntry* navigation_entry =
+      web_contents()->GetController().GetLastCommittedEntry();
+  DCHECK(navigation_entry);
+  if (!navigation_entry)

[bondd, 2015/07/01 22:16:50]

AFAIK checking for DCHECK() failure like this is against the style guide.
See near the bottom of this page:
https://www.chromium.org/developers/coding-style
Search for "you should not handle DCHECK() failures"

[jww, 2015/07/01 22:25:45]

More specifically, this should not be a DCHECK() as the GetLastCommittedEntry()
contract states that it may return NULL, and DCHECK should not be used to handle
exceptional cases.

+     return false;
+
+  ssl_status = navigation_entry->GetSSL();
+  return ssl_status.security_style ==
+      content::SECURITY_STYLE_AUTHENTICATED &&
+      ssl_status.content_status == content::SSLStatus::NORMAL_CONTENT;
+}
+
 }  // namespace autofill