Replace SecurityContext::InsecureRequestsPolicy with WebInsecureRequestPolicy.

Replace SecurityContext::InsecureRequestsPolicy with WebInsecureRequestPolicy.

Introduced in https://codereview.chromium.org/2046523005, WebInsecureRequestPolicy
aims to represent the complete policy set by a context for insecure
requests. This patch expands its usage from //core/frame/csp to encompass
all of blink, replacing 'SecurityContext::InsecureRequestsPolicy' and
the strict mixed content checking boolean in various bits of our loading
infrastructure.

The next step will be to replicate this bitfield to remote frames instead
of replicating the strict mixed content checking boolean.

[Step 1]: https://codereview.chromium.org/2046523005
[Step 2]: This patch.
[Step 3]: https://codereview.chromium.org/2046733003

BUG=617947
R=yoav@yoav.ws

Committed: https://crrev.com/12f4d38a6a405aa5c07b235048cab2d478b0b92c
Cr-Commit-Position: refs/heads/master@{#398879}

[Mike West, 2016-06-07 10:32:04]

mkwst@chromium.org changed reviewers:
+ yoav@yoav.ws

[Mike West, 2016-06-07 10:32:05]

This is patch #2 of (probably) #3. WDYT? :)

[Yoav Weiss, 2016-06-07 11:18:54]

https://codereview.chromium.org/2040133003/diff/1/third_party/WebKit/Source/w...
File third_party/WebKit/Source/web/WebRemoteFrameImpl.cpp (right):

https://codereview.chromium.org/2040133003/diff/1/third_party/WebKit/Source/w...
third_party/WebKit/Source/web/WebRemoteFrameImpl.cpp:665:
WebInsecureRequestPolicy newPolicy = shouldEnforce ? oldPolicy &
~kBlockAllMixedContent : oldPolicy | kBlockAllMixedContent;
Isn't that condition the inverse of what it should be?

Or maybe I'm reading it wrong...

[Mike West, 2016-06-07 12:14:14]

On 2016/06/07 at 11:18:54, yoav wrote:
>
https://codereview.chromium.org/2040133003/diff/1/third_party/WebKit/Source/w...
> File third_party/WebKit/Source/web/WebRemoteFrameImpl.cpp (right):
> 
>
https://codereview.chromium.org/2040133003/diff/1/third_party/WebKit/Source/w...
> third_party/WebKit/Source/web/WebRemoteFrameImpl.cpp:665:
WebInsecureRequestPolicy newPolicy = shouldEnforce ? oldPolicy &
~kBlockAllMixedContent : oldPolicy | kBlockAllMixedContent;
> Isn't that condition the inverse of what it should be?
> 
> Or maybe I'm reading it wrong...

*sigh* No. You're not. I'm an idiot. :)

The next patchset fixes that issue, as well as an issue with
`Document::enforceInsecureRequestPolicy` that broke some site isolation tests.

[Yoav Weiss, 2016-06-07 12:51:21]

On 2016/06/07 12:14:14, Mike West (OOO until 30th) wrote:
> On 2016/06/07 at 11:18:54, yoav wrote:
> >
>
https://codereview.chromium.org/2040133003/diff/1/third_party/WebKit/Source/w...
> > File third_party/WebKit/Source/web/WebRemoteFrameImpl.cpp (right):
> > 
> >
>
https://codereview.chromium.org/2040133003/diff/1/third_party/WebKit/Source/w...
> > third_party/WebKit/Source/web/WebRemoteFrameImpl.cpp:665:
> WebInsecureRequestPolicy newPolicy = shouldEnforce ? oldPolicy &
> ~kBlockAllMixedContent : oldPolicy | kBlockAllMixedContent;
> > Isn't that condition the inverse of what it should be?
> > 
> > Or maybe I'm reading it wrong...
> 
> *sigh* No. You're not. I'm an idiot. :)
> 
> The next patchset fixes that issue, as well as an issue with
> `Document::enforceInsecureRequestPolicy` that broke some site isolation tests.

cool. LGTM

[Mike West, 2016-06-07 13:46:09]

Description was changed from

==========
Replace SecurityContext::InsecureRequestsPolicy with WebInsecureRequestPolicy.

Introduced in https://codereview.chromium.org/2046523005,
WebInsecureRequestPolicy
aims to represent the complete policy set by a context for insecure
requests. This patch expands its usage from //core/frame/csp to encompass
all of blink, replacing 'SecurityContext::InsecureRequestsPolicy' and
the strict mixed content checking boolean in various bits of our loading
infrastructure.

The next step will be to replicate this bitfield to remote frames instead
of replicating the strict mixed content checking boolean.

BUG=617584
==========

to

==========
Replace SecurityContext::InsecureRequestsPolicy with WebInsecureRequestPolicy.

Introduced in https://codereview.chromium.org/2046523005,
WebInsecureRequestPolicy
aims to represent the complete policy set by a context for insecure
requests. This patch expands its usage from //core/frame/csp to encompass
all of blink, replacing 'SecurityContext::InsecureRequestsPolicy' and
the strict mixed content checking boolean in various bits of our loading
infrastructure.

The next step will be to replicate this bitfield to remote frames instead
of replicating the strict mixed content checking boolean.

BUG=617947
R=yoav@yoav.ws
==========

[Mike West, 2016-06-07 13:53:15]

Description was changed from

==========
Replace SecurityContext::InsecureRequestsPolicy with WebInsecureRequestPolicy.

Introduced in https://codereview.chromium.org/2046523005,
WebInsecureRequestPolicy
aims to represent the complete policy set by a context for insecure
requests. This patch expands its usage from //core/frame/csp to encompass
all of blink, replacing 'SecurityContext::InsecureRequestsPolicy' and
the strict mixed content checking boolean in various bits of our loading
infrastructure.

The next step will be to replicate this bitfield to remote frames instead
of replicating the strict mixed content checking boolean.

BUG=617947
R=yoav@yoav.ws
==========

to

==========
Replace SecurityContext::InsecureRequestsPolicy with WebInsecureRequestPolicy.

Introduced in https://codereview.chromium.org/2046523005,
WebInsecureRequestPolicy
aims to represent the complete policy set by a context for insecure
requests. This patch expands its usage from //core/frame/csp to encompass
all of blink, replacing 'SecurityContext::InsecureRequestsPolicy' and
the strict mixed content checking boolean in various bits of our loading
infrastructure.

The next step will be to replicate this bitfield to remote frames instead
of replicating the strict mixed content checking boolean.

[Step 1]: https://codereview.chromium.org/2046523005
[Step 2]: This patch.
[Step 3]: https://codereview.chromium.org/2046523005

BUG=617947
R=yoav@yoav.ws
==========

[Mike West, 2016-06-08 07:20:08]

The CQ bit was checked by mkwst@chromium.org

[commit-bot: I haz the power, 2016-06-08 07:20:15]

CQ is trying da patch. Follow status at
 https://chromium-cq-status.appspot.com/patch-status/2040133003/20001

[Mike West, 2016-06-08 07:20:39]

Description was changed from

==========
Replace SecurityContext::InsecureRequestsPolicy with WebInsecureRequestPolicy.

Introduced in https://codereview.chromium.org/2046523005,
WebInsecureRequestPolicy
aims to represent the complete policy set by a context for insecure
requests. This patch expands its usage from //core/frame/csp to encompass
all of blink, replacing 'SecurityContext::InsecureRequestsPolicy' and
the strict mixed content checking boolean in various bits of our loading
infrastructure.

The next step will be to replicate this bitfield to remote frames instead
of replicating the strict mixed content checking boolean.

[Step 1]: https://codereview.chromium.org/2046523005
[Step 2]: This patch.
[Step 3]: https://codereview.chromium.org/2046523005

BUG=617947
R=yoav@yoav.ws
==========

to

==========
Replace SecurityContext::InsecureRequestsPolicy with WebInsecureRequestPolicy.

Introduced in https://codereview.chromium.org/2046523005,
WebInsecureRequestPolicy
aims to represent the complete policy set by a context for insecure
requests. This patch expands its usage from //core/frame/csp to encompass
all of blink, replacing 'SecurityContext::InsecureRequestsPolicy' and
the strict mixed content checking boolean in various bits of our loading
infrastructure.

The next step will be to replicate this bitfield to remote frames instead
of replicating the strict mixed content checking boolean.

[Step 1]: https://codereview.chromium.org/2046523005
[Step 2]: This patch.
[Step 3]: https://codereview.chromium.org/2046733003

BUG=617947
R=yoav@yoav.ws
==========

[commit-bot: I haz the power, 2016-06-08 08:21:33]

The CQ bit was unchecked by commit-bot@chromium.org

[commit-bot: I haz the power, 2016-06-08 08:21:35]

Try jobs failed on following builders:
  win_chromium_compile_dbg_ng on tryserver.chromium.win (JOB_FAILED,
http://build.chromium.org/p/tryserver.chromium.win/builders/win_chromium_comp...)

[Mike West, 2016-06-08 09:53:46]

The CQ bit was checked by mkwst@chromium.org

[Mike West, 2016-06-08 09:53:47]

The patchset sent to the CQ was uploaded after l-g-t-m from yoav@yoav.ws
Link to the patchset: https://codereview.chromium.org/2040133003/#ps40001
(title: "cast")

[commit-bot: I haz the power, 2016-06-08 09:53:55]

CQ is trying da patch. Follow status at
 https://chromium-cq-status.appspot.com/patch-status/2040133003/40001

[commit-bot: I haz the power, 2016-06-08 10:15:23]

The CQ bit was unchecked by commit-bot@chromium.org

[commit-bot: I haz the power, 2016-06-08 10:15:25]

Try jobs failed on following builders:
  android_arm64_dbg_recipe on tryserver.chromium.android (JOB_FAILED,
https://build.chromium.org/p/tryserver.chromium.android/builders/android_arm6...)

[Mike West, 2016-06-08 12:18:18]

The CQ bit was checked by mkwst@chromium.org

[Mike West, 2016-06-08 12:18:18]

The patchset sent to the CQ was uploaded after l-g-t-m from yoav@yoav.ws
Link to the patchset: https://codereview.chromium.org/2040133003/#ps60001
(title: "Ugh.")

[commit-bot: I haz the power, 2016-06-08 12:18:33]

CQ is trying da patch. Follow status at
 https://chromium-cq-status.appspot.com/patch-status/2040133003/60001

[commit-bot: I haz the power, 2016-06-08 17:32:07]

The CQ bit was unchecked by commit-bot@chromium.org

[commit-bot: I haz the power, 2016-06-08 17:32:09]

Try jobs failed on following builders:
  win_chromium_rel_ng on tryserver.chromium.win (JOB_FAILED,
http://build.chromium.org/p/tryserver.chromium.win/builders/win_chromium_rel_...)

[Mike West, 2016-06-08 18:09:35]

The CQ bit was checked by mkwst@chromium.org

[commit-bot: I haz the power, 2016-06-08 18:10:17]

CQ is trying da patch. Follow status at
 https://chromium-cq-status.appspot.com/patch-status/2040133003/60001

[commit-bot: I haz the power, 2016-06-08 22:10:30]

The CQ bit was unchecked by commit-bot@chromium.org

[commit-bot: I haz the power, 2016-06-08 22:10:32]

Try jobs failed on following builders:
  win_chromium_rel_ng on tryserver.chromium.win (JOB_FAILED,
http://build.chromium.org/p/tryserver.chromium.win/builders/win_chromium_rel_...)

[Mike West, 2016-06-09 05:32:09]

The CQ bit was checked by mkwst@chromium.org

[commit-bot: I haz the power, 2016-06-09 05:32:23]

CQ is trying da patch. Follow status at
 https://chromium-cq-status.appspot.com/patch-status/2040133003/60001

[commit-bot: I haz the power, 2016-06-09 09:39:32]

The CQ bit was unchecked by commit-bot@chromium.org

[commit-bot: I haz the power, 2016-06-09 09:39:34]

Try jobs failed on following builders:
  win_chromium_rel_ng on tryserver.chromium.win (JOB_FAILED,
http://build.chromium.org/p/tryserver.chromium.win/builders/win_chromium_rel_...)

[Mike West, 2016-06-09 12:02:40]

The CQ bit was checked by mkwst@chromium.org

[commit-bot: I haz the power, 2016-06-09 12:02:55]

CQ is trying da patch. Follow status at
 https://chromium-cq-status.appspot.com/patch-status/2040133003/60001

[commit-bot: I haz the power, 2016-06-09 14:58:55]

Committed patchset #4 (id:60001)

[commit-bot: I haz the power, 2016-06-09 14:59:09]

CQ bit was unchecked

[commit-bot: I haz the power, 2016-06-09 15:00:05]

Description was changed from

==========
Replace SecurityContext::InsecureRequestsPolicy with WebInsecureRequestPolicy.

Introduced in https://codereview.chromium.org/2046523005,
WebInsecureRequestPolicy
aims to represent the complete policy set by a context for insecure
requests. This patch expands its usage from //core/frame/csp to encompass
all of blink, replacing 'SecurityContext::InsecureRequestsPolicy' and
the strict mixed content checking boolean in various bits of our loading
infrastructure.

The next step will be to replicate this bitfield to remote frames instead
of replicating the strict mixed content checking boolean.

[Step 1]: https://codereview.chromium.org/2046523005
[Step 2]: This patch.
[Step 3]: https://codereview.chromium.org/2046733003

BUG=617947
R=yoav@yoav.ws
==========

to

==========
Replace SecurityContext::InsecureRequestsPolicy with WebInsecureRequestPolicy.

Introduced in https://codereview.chromium.org/2046523005,
WebInsecureRequestPolicy
aims to represent the complete policy set by a context for insecure
requests. This patch expands its usage from //core/frame/csp to encompass
all of blink, replacing 'SecurityContext::InsecureRequestsPolicy' and
the strict mixed content checking boolean in various bits of our loading
infrastructure.

The next step will be to replicate this bitfield to remote frames instead
of replicating the strict mixed content checking boolean.

[Step 1]: https://codereview.chromium.org/2046523005
[Step 2]: This patch.
[Step 3]: https://codereview.chromium.org/2046733003

BUG=617947
R=yoav@yoav.ws

Committed: https://crrev.com/12f4d38a6a405aa5c07b235048cab2d478b0b92c
Cr-Commit-Position: refs/heads/master@{#398879}
==========

[commit-bot: I haz the power, 2016-06-09 15:00:07]

Patchset 4 (id:??) landed as
https://crrev.com/12f4d38a6a405aa5c07b235048cab2d478b0b92c
Cr-Commit-Position: refs/heads/master@{#398879}