Add a console messsage for HTTP-bad

chrome/browser/ssl/chrome_security_state_model_client.cc

 // Copyright 2015 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/ssl/chrome_security_state_model_client.h"
 
 #include <openssl/ssl.h>
 
 #include <vector>
 
 #include "base/command_line.h"
 #include "base/metrics/field_trial.h"
 #include "base/metrics/histogram_macros.h"
 #include "base/strings/string16.h"
 #include "base/strings/utf_string_conversions.h"
 #include "build/build_config.h"
 #include "chrome/browser/browser_process.h"
 #include "chrome/browser/chromeos/policy/policy_cert_service.h"
 #include "chrome/browser/chromeos/policy/policy_cert_service_factory.h"
 #include "chrome/browser/profiles/profile.h"
 #include "chrome/browser/safe_browsing/safe_browsing_service.h"
 #include "chrome/browser/safe_browsing/ui_manager.h"
 #include "chrome/grit/generated_resources.h"
 #include "content/public/browser/navigation_entry.h"
+#include "content/public/browser/navigation_handle.h"
+#include "content/public/browser/render_frame_host.h"
 #include "content/public/browser/security_style_explanation.h"
 #include "content/public/browser/security_style_explanations.h"
 #include "content/public/browser/ssl_status.h"
 #include "content/public/browser/web_contents.h"
 #include "content/public/common/origin_util.h"
 #include "net/base/net_errors.h"
 #include "net/cert/x509_certificate.h"
 #include "net/ssl/ssl_cipher_suite_names.h"
 #include "net/ssl/ssl_connection_status_flags.h"
 #include "ui/base/l10n/l10n_util.h"
@@ skipping 124 matching lines @@
   if (sb_ui_manager->IsUrlWhitelistedOrPendingForWebContents(
           entry->GetURL(), false, entry, web_contents, false)) {
     state->fails_malware_check = true;
   }
 }
 
 }  // namespace
 
 ChromeSecurityStateModelClient::ChromeSecurityStateModelClient(
     content::WebContents* web_contents)
-    : web_contents_(web_contents),
-      security_state_model_(new SecurityStateModel()) {
+    : content::WebContentsObserver(web_contents),
+      web_contents_(web_contents),
+      security_state_model_(new SecurityStateModel()),
+      logged_http_warning_on_current_navigation_(false) {
   security_state_model_->SetClient(this);
 }
 
 ChromeSecurityStateModelClient::~ChromeSecurityStateModelClient() {}
 
 // static
 blink::WebSecurityStyle ChromeSecurityStateModelClient::GetSecurityStyle(
     const security_state::SecurityStateModel::SecurityInfo& security_info,
     content::SecurityStyleExplanations* security_style_explanations) {
   const blink::WebSecurityStyle security_style =
@@ skipping 113 matching lines @@
   }
 
   return security_style;
 }
 
 void ChromeSecurityStateModelClient::GetSecurityInfo(
     SecurityStateModel::SecurityInfo* result) const {
   security_state_model_->GetSecurityInfo(result);
 }
 
+void ChromeSecurityStateModelClient::VisibleSSLStateChanged() {
+  if (logged_http_warning_on_current_navigation_)
+    return;
+
+  security_state::SecurityStateModel::SecurityInfo security_info;
+  GetSecurityInfo(&security_info);
+  if (security_info.security_level ==
+      security_state::SecurityStateModel::HTTP_SHOW_WARNING) {
+    web_contents_->GetMainFrame()->AddMessageToConsole(
+        content::CONSOLE_MESSAGE_LEVEL_WARNING,
+        "In Chrome M56 (Jan 2017), this page will be marked "
+        "as \"not secure\" in the URL bar. For more "
+        "information, see https://goo.gl/zmWq3m");
+    logged_http_warning_on_current_navigation_ = true;
+  }
+}
+
+void ChromeSecurityStateModelClient::DidFinishNavigation(
+    content::NavigationHandle* navigation_handle) {
+  if (navigation_handle->IsInMainFrame() &&
+      !navigation_handle->IsSynchronousNavigation()) {
+    // Only reset the console message flag for main-frame navigations,
+    // and not for synchronous navigations like reference fragments and
+    // pushState.
+    logged_http_warning_on_current_navigation_ = false;
+  }
+}
+
 bool ChromeSecurityStateModelClient::UsedPolicyInstalledCertificate() {
 #if defined(OS_CHROMEOS)
   policy::PolicyCertService* service =
       policy::PolicyCertServiceFactory::GetForProfile(
           Profile::FromBrowserContext(web_contents_->GetBrowserContext()));
   if (service && service->UsedPolicyCertificates())
     return true;
 #endif
   return false;
 }
@@ skipping 43 matching lines @@
       !!(ssl.content_status & content::SSLStatus::RAN_CONTENT_WITH_CERT_ERRORS);
   state->displayed_password_field_on_http =
       !!(ssl.content_status &
          content::SSLStatus::DISPLAYED_PASSWORD_FIELD_ON_HTTP);
   state->displayed_credit_card_field_on_http =
       !!(ssl.content_status &
          content::SSLStatus::DISPLAYED_CREDIT_CARD_FIELD_ON_HTTP);
 
   CheckSafeBrowsingStatus(entry, web_contents_, state);
 }