Removed static factories for data, ftp, file, and about jobs.

net/url_request/url_request_http_job.cc

Index: net/url_request/url_request_http_job.cc
diff --git a/net/url_request/url_request_http_job.cc b/net/url_request/url_request_http_job.cc
index fe5f3257695ac3a545e5e3646f1df4ec15282a4f..9fec178a9a7809a0b4d32c06dac0186a7cb6744f 100644
--- a/net/url_request/url_request_http_job.cc
+++ b/net/url_request/url_request_http_job.cc
@@ -43,6 +43,7 @@
 #include "net/url_request/url_request.h"
 #include "net/url_request/url_request_context.h"
 #include "net/url_request/url_request_error_job.h"
+#include "net/url_request/url_request_job_factory.h"
 #include "net/url_request/url_request_redirect_job.h"
 #include "net/url_request/url_request_throttler_header_adapter.h"
 #include "net/url_request/url_request_throttler_manager.h"
@@ -1017,8 +1018,10 @@ bool URLRequestHttpJob::IsSafeRedirect(const GURL& location) {
   // restrict redirects to externally handled protocols.  Our consumer would
   // need to take care of those.
 
-  if (!URLRequest::IsHandledURL(location))
+  if (!URLRequest::IsHandledURL(location) &&
+      !request_->context()->job_factory()->IsHandledURL(location)) {

[mmenke, 2013/01/22 16:50:37]

I believe this may change behavior.  In particular, I believe we allow redirects
to chrome-app:// URLs (Or something like that.  Can't remember the exact
scheme).  If we have ProtocolHandlers for them, we'll now return false here.

[pauljensen, 2013/01/23 21:43:33]

What makes a redirect "unsafe"?  The only description I see is at the definition
of ERR_UNSAFE_REDIRECT where we mention file:// being unsafe.

The comment 2 lines above this says we should allow redirects to "externally
handled protocols".  Does this mean things registered with
navigator.registerProtocolHandler()?  In which case I think my change would also
change/break this behavior.

The chrome-app:// CL never landed: http://crrev.com/11519027
chrome-app:// was added to
ChildProcessSecurityPolicyImpl::ChildProcessSecurityPolicyImpl()'s list of
explicitly safe schemes, so maybe it should be added here to kSafeSchemes as
part of http://crrev.com/11519027

[mmenke, 2013/01/23 22:09:17]

I believe it encompasses everything we don't want websites to be able to
redirect to that's also handled by the network stack.  Other protocols are
supposed to be handled elsewhere.

One option would be to add an IsSafeRedirect function to ProtocolHandlers, and
call the function of the protocol handler, if there is one.  If there isn't,
return true.

Default for a ProtocolHandler would be to return true (Again, with the
assumption that things outside of net are handled by logic elsewhere).  Long
term, think it would be better for them return false by default.

Not sure that this is ideal behavior, just a way to maintain current behavior,
which seems to be kind of a mess.  I suspect it's primarily intended for non-RDH
requests and external consumers of our network stack, but I'm honestly not sure.


Adding chrome-app as a safe scheme here would be a laying violation.

[pauljensen, 2013/01/28 19:51:49]

Why wouldn't we want websites to redirect to something?

     return true;
+  }
 
   static const char* kSafeSchemes[] = {
     "http",