Don't autofill credit cards on non-secure pages

android_webview/native/aw_autofill_client.cc

Index: android_webview/native/aw_autofill_client.cc
diff --git a/android_webview/native/aw_autofill_client.cc b/android_webview/native/aw_autofill_client.cc
index 613d22ba8804f7b711196be4fffb220515b86b78..b15f2f653ed087921cc409a2cf97f2cf89300a46 100644
--- a/android_webview/native/aw_autofill_client.cc
+++ b/android_webview/native/aw_autofill_client.cc
@@ -21,7 +21,9 @@
 #include "components/autofill/core/browser/webdata/autofill_webdata_service.h"
 #include "components/autofill/core/common/autofill_pref_names.h"
 #include "components/user_prefs/user_prefs.h"
+#include "content/public/browser/navigation_entry.h"
 #include "content/public/browser/web_contents.h"
+#include "content/public/common/ssl_status.h"
 #include "jni/AwAutofillClient_jni.h"
 
 using base::android::AttachCurrentThread;
@@ -180,6 +182,22 @@ void AwAutofillClient::LinkClicked(const GURL& url,
   NOTIMPLEMENTED();
 }
 
+bool AwAutofillClient::IsContextSecure(const GURL& form_origin) {
+  content::SSLStatus ssl_status;
+  content::NavigationEntry* navigation_entry =
+      web_contents_->GetController().GetLastCommittedEntry();
+  if (!navigation_entry)
+     return false;
+
+  ssl_status = navigation_entry->GetSSL();
+  // Note: The implementation below is a copy of the one in
+  // ChromeAutofillClient::IsContextSecure, and should be kept in sync
+  // until crbug.com/505388 gets implemented.
+  return ssl_status.security_style ==
+      content::SECURITY_STYLE_AUTHENTICATED &&
+      ssl_status.content_status == content::SSLStatus::NORMAL_CONTENT;
+}
+
 void AwAutofillClient::SuggestionSelected(JNIEnv* env,
                                           jobject object,
                                           jint position) {