Add a console messsage for HTTP-bad

chrome/browser/ui/browser.cc

 // Copyright 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/ui/browser.h"
 
 #include <stddef.h>
 
 #include <algorithm>
 #include <string>
@@ skipping 1406 matching lines @@
   // actions in the face of slow-to-commit pages.
   if (changed_flags & (content::INVALIDATE_TYPE_URL |
                        content::INVALIDATE_TYPE_LOAD |
                        content::INVALIDATE_TYPE_TAB))
     command_controller_->TabStateChanged();
 
   if (hosted_app_controller_)
     hosted_app_controller_->UpdateLocationBarVisibility(true);
 }
 
-void Browser::VisibleSSLStateChanged(const WebContents* source) {
+void Browser::VisibleSSLStateChanged(WebContents* source) {
   // When the current tab's SSL state changes, we need to update the URL
   // bar to reflect the new state.
   DCHECK(source);
   if (tab_strip_model_->GetActiveWebContents() == source)
     UpdateToolbar(false);
+
+  ChromeSecurityStateModelClient* security_model =
+      ChromeSecurityStateModelClient::FromWebContents(source);

[felt, 2016/10/17 16:59:33]

To make sure I understand:

(1) Something triggers DidChangeVisibleSSLState (like a load is committed, or
mixed content detected) which leads to this

(2) UpdateToolbar will, down the line, cause CSSMC to be updated

(3) This will then tell the CSSMC to maybe display the console message

This presumably assumes, then, that #2 has happened before #3 -- that
UpdateToolbar does cause the SSM to update. Or else it won't know that it needs
to display the console message. Yeah? Which is sort of weird.

[estark, 2016/10/17 17:14:20]

CSSMC::VisibleSSLStateChanged() computes the SecurityLevel fresh from the
current SSLStatus to check whether it needs to display the console message. So
it doesn't rely on #2 having happened first.

(It is a tad wasteful, but it should only happen once on navigation and when
there's a change like mixed content, which is relatively rarely compared to how
often the omnibox redrawing causes the security level to be recomputed.)

[felt, 2016/10/17 17:18:36]

Oh I see, I missed that there was a call to GetSecurityInfo at the top. So this
just adds one more time it's recomputed. ;) Cool.

+  security_model->VisibleSSLStateChanged();
 }
 
 void Browser::AddNewContents(WebContents* source,
                              WebContents* new_contents,
                              WindowOpenDisposition disposition,
                              const gfx::Rect& initial_rect,
                              bool user_gesture,
                              bool* was_blocked) {
   chrome::AddWebContents(this, source, new_contents, disposition, initial_rect,
                          user_gesture, was_blocked);
@@ skipping 1127 matching lines @@
   if (contents && !allow_js_access) {
     contents->web_contents()->GetController().LoadURL(
         target_url,
         content::Referrer(),
         ui::PAGE_TRANSITION_LINK,
         std::string());  // No extra headers.
   }
 
   return contents != NULL;
 }