Add a console messsage for HTTP-bad

chrome/browser/ui/browser.cc

 // Copyright 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/ui/browser.h"
 
 #include <stddef.h>
 
 #include <algorithm>
 #include <string>
@@ skipping 344 matching lines @@
       initial_workspace_(params.initial_workspace),
       is_session_restore_(params.is_session_restore),
       content_setting_bubble_model_delegate_(
           new BrowserContentSettingBubbleModelDelegate(this)),
       toolbar_model_delegate_(new BrowserToolbarModelDelegate(this)),
       live_tab_context_(new BrowserLiveTabContext(this)),
       synced_window_delegate_(new BrowserSyncedWindowDelegate(this)),
       bookmark_bar_state_(BookmarkBar::HIDDEN),
       command_controller_(new chrome::BrowserCommandController(this)),
       window_has_shown_(false),
+      logged_http_warning_on_current_navigation_(false),
       chrome_updater_factory_(this),
       weak_factory_(this) {
   // If this causes a crash then a window is being opened using a profile type
   // that is disallowed by policy. The crash prevents the disabled window type
   // from opening at all, but the path that triggered it should be fixed.
   CHECK(IncognitoModePrefs::CanOpenBrowser(profile_));
   CHECK(!profile_->IsGuestSession() || profile_->IsOffTheRecord())
       << "Only off the record browser may be opened in guest mode";
   DCHECK(!profile_->IsSystemProfile())
       << "The system profile should never have a real browser.";
@@ skipping 1048 matching lines @@
   if (hosted_app_controller_)
     hosted_app_controller_->UpdateLocationBarVisibility(true);
 }
 
 void Browser::VisibleSSLStateChanged(const WebContents* source) {
   // When the current tab's SSL state changes, we need to update the URL
   // bar to reflect the new state.
   DCHECK(source);
   if (tab_strip_model_->GetActiveWebContents() == source)
     UpdateToolbar(false);
+
+  if (!logged_http_warning_on_current_navigation_) {

[msw, 2016/10/13 23:58:01]

I'm not sure if this is the right place for this logging; I'm definitely not the
best reviewer for this change; maybe try Scott for this one.

+    const ChromeSecurityStateModelClient* security_model =
+        ChromeSecurityStateModelClient::FromWebContents(source);
+    security_state::SecurityStateModel::SecurityInfo security_info;
+    security_model->GetSecurityInfo(&security_info);
+    if (security_info.security_level ==
+        security_state::SecurityStateModel::HTTP_SHOW_WARNING) {
+      tab_strip_model_->GetActiveWebContents()
+          ->GetMainFrame()
+          ->AddMessageToConsole(
+              content::CONSOLE_MESSAGE_LEVEL_WARNING,
+              "In Chrome M56 (Jan 2017), this page will be marked "
+              "as \"not secure\" in the URL bar. For more "
+              "information see https://goo.gl/zmWq3m");

[elawrence, 2016/10/14 15:12:27]

trivial: comma after "information"?

[estark, 2016/10/14 17:57:06]

Done.

+      logged_http_warning_on_current_navigation_ = true;
+    }
+  }
 }
 
 void Browser::AddNewContents(WebContents* source,
                              WebContents* new_contents,
                              WindowOpenDisposition disposition,
                              const gfx::Rect& initial_rect,
                              bool user_gesture,
                              bool* was_blocked) {
   chrome::AddWebContents(this, source, new_contents, disposition, initial_rect,
                          user_gesture, was_blocked);
@@ skipping 191 matching lines @@
   TabDialogs::FromWebContents(source)->ShowHungRendererDialog();
 }
 
 void Browser::RendererResponsive(WebContents* source) {
   TabDialogs::FromWebContents(source)->HideHungRendererDialog();
 }
 
 void Browser::DidNavigateMainFramePostCommit(WebContents* web_contents) {
   if (web_contents == tab_strip_model_->GetActiveWebContents())
     UpdateBookmarkBarState(BOOKMARK_BAR_STATE_CHANGE_TAB_STATE);
+  // Reset the flag that prevents logging an HTTP warning message more
+  // than once per main-frame navigation.
+  logged_http_warning_on_current_navigation_ = false;

[sky, 2016/10/14 16:44:03]

Browser is the delegate of multiple WebContents.
logged_http_warning_on_current_navigation_ is really specific to a WebContents.
So, having Browser track per WebContents state doesn't make sense and won't
really work.

ChromeSecurityStateModelClient is per WebContents, and seems to be the place
that is tracking related information. Would it make sense to have these two
functions call equivalent functions on ChromeSecurityStateModelClient, moving
logged_http_warning_on_current_navigation_ there? By doing that
logged_http_warning_on_current_navigation_  is scoped to a WebContents, which is
what you want.

[estark, 2016/10/14 17:57:06]

Ah, right, that makes sense. I forwarded VisibleSSLStateChanged to the
ChromeSSMClient. And I just made ChromeSSMClient a WebContentsObserver so that
it can observe navigations itself. (I already in fact already done that in an
earlier patchset.)

Please take another look.

 }
 
 content::JavaScriptDialogManager* Browser::GetJavaScriptDialogManager(
     WebContents* source) {
   return JavaScriptDialogTabHelper::FromWebContents(source);
 }
 
 content::ColorChooser* Browser::OpenColorChooser(
       WebContents* web_contents,
       SkColor initial_color,
@@ skipping 916 matching lines @@
   if (contents && !allow_js_access) {
     contents->web_contents()->GetController().LoadURL(
         target_url,
         content::Referrer(),
         ui::PAGE_TRANSITION_LINK,
         std::string());  // No extra headers.
   }
 
   return contents != NULL;
 }