Set insecure content status also when there are other security issues.

content/browser/ssl/ssl_policy.cc

Index: content/browser/ssl/ssl_policy.cc
diff --git a/content/browser/ssl/ssl_policy.cc b/content/browser/ssl/ssl_policy.cc
index 1127f8da7398ec0dba5687a9e144f9b997e194f7..731645505b424d219ea6a54eec4203b56228d37c 100644
--- a/content/browser/ssl/ssl_policy.cc
+++ b/content/browser/ssl/ssl_policy.cc
@@ -110,6 +110,9 @@ void SSLPolicy::UpdateEntry(NavigationEntryImpl* entry,
   if (!entry->GetURL().SchemeIsSecure())
     return;
 
+  if (!web_contents->DisplayedInsecureContent())
+    entry->GetSSL().content_status &= ~SSLStatus::DISPLAYED_INSECURE_CONTENT;
+
   // An HTTPS response may not have a certificate for some reason.  When that
   // happens, use the unauthenticated (HTTP) rather than the authentication
   // broken security style so that we can detect this error condition.
@@ -118,6 +121,9 @@ void SSLPolicy::UpdateEntry(NavigationEntryImpl* entry,
     return;
   }
 
+  if (web_contents->DisplayedInsecureContent())
+    entry->GetSSL().content_status |= SSLStatus::DISPLAYED_INSECURE_CONTENT;

[Ryan Sleevi, 2014/03/11 01:46:55]

I'm not sure I understand why you set this here, rather than 115. What's the
reasoning?

Because UNAUTHENTICATED shouldn't be combined with insecure content?

+
   if (net::IsCertStatusError(entry->GetSSL().cert_status)) {
     // Minor errors don't lower the security style to
     // SECURITY_STYLE_AUTHENTICATION_BROKEN.
@@ -140,11 +146,6 @@ void SSLPolicy::UpdateEntry(NavigationEntryImpl* entry,
     entry->GetSSL().content_status |= SSLStatus::RAN_INSECURE_CONTENT;
     return;
   }
-
-  if (web_contents->DisplayedInsecureContent())
-    entry->GetSSL().content_status |= SSLStatus::DISPLAYED_INSECURE_CONTENT;
-  else
-    entry->GetSSL().content_status &= ~SSLStatus::DISPLAYED_INSECURE_CONTENT;
 }
 
 void SSLPolicy::OnAllowCertificate(scoped_refptr<SSLCertErrorHandler> handler,