Add deprecation message for AppCache in insecure contexts

third_party/WebKit/Source/core/loader/appcache/ApplicationCacheHost.cpp

Index: third_party/WebKit/Source/core/loader/appcache/ApplicationCacheHost.cpp
diff --git a/third_party/WebKit/Source/core/loader/appcache/ApplicationCacheHost.cpp b/third_party/WebKit/Source/core/loader/appcache/ApplicationCacheHost.cpp
index ad70de0bbead8f9141f15fc29372b275707c65d7..bf1597c4b59d328a15dc0994f3351f79453f3d77 100644
--- a/third_party/WebKit/Source/core/loader/appcache/ApplicationCacheHost.cpp
+++ b/third_party/WebKit/Source/core/loader/appcache/ApplicationCacheHost.cpp
@@ -33,8 +33,11 @@
 #include "bindings/core/v8/ExceptionStatePlaceholder.h"
 #include "core/events/ApplicationCacheErrorEvent.h"
 #include "core/events/ProgressEvent.h"
+#include "core/frame/Deprecation.h"
 #include "core/frame/LocalFrame.h"
+#include "core/frame/OriginsUsingFeatures.h"
 #include "core/frame/Settings.h"
+#include "core/frame/UseCounter.h"
 #include "core/inspector/InspectorApplicationCacheAgent.h"
 #include "core/inspector/InspectorInstrumentation.h"
 #include "core/loader/DocumentLoader.h"
@@ -115,14 +118,27 @@ void ApplicationCacheHost::selectCacheWithoutManifest()
 
 void ApplicationCacheHost::selectCacheWithManifest(const KURL& manifestURL)

[michaeln, 2016/02/23 22:26:34]

fyi: This will miss counting/warning for documents that are loaded from an
appcache but don't have an explicit <html manifest=xxx>  attribute.

[jww, 2016/02/23 23:51:42]

Great point. I'm not sure what the correct thing to do is. I'm tempted to leave
it as-is. When we do the actual removal, we'll probably want to explicitly clear
the AppCache on insecure origins, but I feel like the warning only really makes
sense in the context of actual API use.

 {
+    DCHECK(m_documentLoader);
+
+    LocalFrame* frame = m_documentLoader->frame();
+    Document* document = frame->document();
+    // This is required by isSecureContext() but isn't actually used.
+    String insecureOriginMessage;
+    if (document->isSecureContext(insecureOriginMessage)) {

[Yoav Weiss, 2016/02/23 22:09:54]

Can't we use this variant of isSecureContext
https://code.google.com/p/chromium/codesearch#chromium/src/third_party/WebKit...
and avoid the useless String?

[jww, 2016/02/23 23:51:42]

I didn't know about that variant; done.

+        UseCounter::count(document, UseCounter::ApplicationCacheManifestSelectSecureOrigin);
+        UseCounter::countCrossOriginIframe(*document, UseCounter::ApplicationCacheManifestSelectSecureOrigin);
+    } else {
+        Deprecation::countDeprecation(document, UseCounter::ApplicationCacheManifestSelectInsecureOrigin);
+        UseCounter::countCrossOriginIframe(*document, UseCounter::ApplicationCacheManifestSelectInsecureOrigin);
+        OriginsUsingFeatures::countAnyWorld(*document, OriginsUsingFeatures::Feature::ApplicationCacheManifestSelectInsecureOrigin);
+    }
     if (m_host && !m_host->selectCacheWithManifest(manifestURL)) {
         // It's a foreign entry, restart the current navigation from the top
         // of the navigation algorithm. The navigation will not result in the
         // same resource being loaded, because "foreign" entries are never picked
         // during navigation.
         // see ApplicationCacheGroup::selectCache()
-        LocalFrame* frame = m_documentLoader->frame();
-        frame->navigate(*frame->document(), frame->document()->url(), true, UserGestureStatus::None);
+        frame->navigate(*document, document->url(), true, UserGestureStatus::None);
     }
 }