Don't persist HPKP if PrivacyMode is enabled.

net/socket_stream/socket_stream_job.cc

Index: net/socket_stream/socket_stream_job.cc
diff --git a/net/socket_stream/socket_stream_job.cc b/net/socket_stream/socket_stream_job.cc
index 9c13a8f3a6661ece0b456762a497124fe3e6867b..39862982e048b6ef478f2fdc836ad33d54c081ef 100644
--- a/net/socket_stream/socket_stream_job.cc
+++ b/net/socket_stream/socket_stream_job.cc
@@ -27,8 +27,11 @@ SocketStreamJob* SocketStreamJob::CreateSocketStreamJob(
     SSLConfigService* ssl) {
   GURL socket_url(url);
   TransportSecurityState::DomainState domain_state;
-  if (url.scheme() == "ws" && sts && sts->GetDomainState(
-          url.host(), SSLConfigService::IsSNIAvailable(ssl), &domain_state) &&
+  if (url.scheme() == "ws" && sts &&
+      sts->GetDomainState(url.host(),
+                          SSLConfigService::IsSNIAvailable(ssl),
+                          delegate->CanGetCookies(NULL, url),

[Ryan Sleevi, 2013/08/06 22:32:11]

See remark about url needing to be scheme-fixed.

(It's also a really sucky layering here that StreamSocketJob has to know about
WebSockets, which sit atop net/socket_stream)

[mef, 2013/08/09 17:04:05]

Sorry, could you elaborate a little? I'm sure you are right, I'm just not sure
what needs to be done. :-)

[Ryan Sleevi, 2013/09/13 22:14:48]

Well, rather than having StreamSocket::CreateSocketStreamJob handle ws -> wss
fixup, the higher layer could do it.

Likewise, rather than having SocketStream fixup ws->http(s), have the delegate
do so.

[mef, 2013/09/16 15:00:08]

Hmm, higher level from here is SocketStreamHost and I'm not sure why moving
ws->wss fix up there would make it less confusing. It doesn't seem to care about
url details at this moment.
AFAIU delegate can have multiple different implementations now and in the future
and I'm not sure that expecting it to handle ws(s) vs http(s) correctly is a
good idea. 

[Ryan Sleevi, 2013/09/17 18:53:03]

Well, the only implementation that would/should have to worry about ws(s) vs
http(s) would be ones that supported WebSockets - which would be the right
abstraction to keeping the websocket knowledge 'out' of this.

However, it's clear that this class is *only* used in context of WebSockets (yay
confusing/weird designs), so I'm OK with this - and looking forward to the point
where WebSockets are better integrated.

+                          &domain_state) &&
       domain_state.ShouldUpgradeToSSL()) {
     url_canon::Replacements<char> replacements;
     static const char kNewScheme[] = "wss";