Send URLs on non-zero prefix suggest requests also.

chrome/browser/autocomplete/search_provider.h

Index: chrome/browser/autocomplete/search_provider.h
diff --git a/chrome/browser/autocomplete/search_provider.h b/chrome/browser/autocomplete/search_provider.h
index 30e601cebd44da85b30f91022f326a4ec04b063d..d39d084967ce4a05064021a6a88669d68255daa7 100644
--- a/chrome/browser/autocomplete/search_provider.h
+++ b/chrome/browser/autocomplete/search_provider.h
@@ -109,11 +109,17 @@ class SearchProvider : public AutocompleteProvider,
     return field_trial_triggered_in_session_;
   }
 
+  // This URL may be sent with suggest requests; see comments on CanSendURL().
+  void set_current_page_url(const GURL& current_page_url) {
+    current_page_url_ = current_page_url;
+  }
+
  private:
   // TODO(hfung): Remove ZeroSuggestProvider as a friend class after
   // refactoring common code to a new base class.
   friend class SearchProviderTest;
   friend class ZeroSuggestProvider;
+  FRIEND_TEST_ALL_PREFIXES(SearchProviderTest, CanSendURL);
   FRIEND_TEST_ALL_PREFIXES(SearchProviderTest, NavigationInline);
   FRIEND_TEST_ALL_PREFIXES(SearchProviderTest, NavigationInlineDomainClassify);
   FRIEND_TEST_ALL_PREFIXES(SearchProviderTest, NavigationInlineSchemeSubstring);
@@ -518,6 +524,35 @@ class SearchProvider : public AutocompleteProvider,
   // Updates the value of |done_| from the internal state.
   void UpdateDone();
 
+  // Returns whether we can send the URL of the current page in any suggest
+  // requests.  Doing this requires that all the following hold:
+  // * The user has suggest enabled in their settings and is not in incognito
+  //   mode.  Incognito disables suggest entirely.

[Peter Kasting, 2013/11/05 19:25:45]

Tiny nit: Either parenthesize this last sentence or keep them as separate
bullets.

[H Fung, 2013/11/05 19:33:27]

Done.

+  // * The current URL is HTTP, or HTTPS with the same domain as the suggest
+  //   server.  Non-HTTP[S] URLs (e.g. FTP/file URLs) may contain sensitive
+  //   information.  HTTPS URLs may also contain sensitive information, but if
+  //   they're on the same domain as the suggest server, then the relevant
+  //   entity could have already seen/logged this data.
+  // * The suggest request is sent over HTTPS.  This avoids leaking the current
+  //   page URL in world-readable network traffic.
+  // * The user's suggest provider is Google.  We might want to allow other
+  //   providers to see this data someday, but for now this has only been
+  //   implemented for Google.  Also see next bullet.
+  // * The user is OK in principle with sending URLs of current pages to their
+  //   provider.  Today, there is no explicit setting that controls this, but if
+  //   the user has tab sync enabled and tab sync is unencrypted, then they're
+  //   already sending this data to Google for sync purposes.  Thus we use this
+  //   setting as a proxy for "it's OK to send such data".  In the future,
+  //   especially if we want to support suggest providers other than Google, we
+  //   may change this to be a standalone setting or part of some explicit
+  //   general opt-in.
+  static bool CanSendURL(
+      const GURL& current_page_url,
+      const GURL& suggest_url,
+      const TemplateURL* template_url,
+      AutocompleteInput::PageClassification page_classification,
+      Profile* profile);
+
   // The amount of time to wait before sending a new suggest request after the
   // previous one.  Non-const because some unittests modify this value.
   static int kMinimumTimeBetweenSuggestQueriesMs;
@@ -587,6 +622,8 @@ class SearchProvider : public AutocompleteProvider,
   // they will not be inlined.
   bool prevent_search_history_inlining_;
 
+  GURL current_page_url_;
+
   DISALLOW_COPY_AND_ASSIGN(SearchProvider);
 };