Add a console messsage for HTTP-bad

chrome/browser/ssl/chrome_security_state_model_client.cc

Index: chrome/browser/ssl/chrome_security_state_model_client.cc
diff --git a/chrome/browser/ssl/chrome_security_state_model_client.cc b/chrome/browser/ssl/chrome_security_state_model_client.cc
index 51cd505bc34bbffe981a309fd96a2da7606d819a..d4e2c6c2b06f8ab7cbd273cf3418bf0e8a51d9bc 100644
--- a/chrome/browser/ssl/chrome_security_state_model_client.cc
+++ b/chrome/browser/ssl/chrome_security_state_model_client.cc
@@ -22,6 +22,7 @@
 #include "chrome/browser/safe_browsing/ui_manager.h"
 #include "chrome/grit/generated_resources.h"
 #include "content/public/browser/navigation_entry.h"
+#include "content/public/browser/render_frame_host.h"
 #include "content/public/browser/security_style_explanation.h"
 #include "content/public/browser/security_style_explanations.h"
 #include "content/public/browser/ssl_status.h"
@@ -160,13 +161,34 @@ void CheckSafeBrowsingStatus(content::NavigationEntry* entry,
   }
 }
 
+// Logs a message to the console if the security level has been
+// downgraded to HTTP_SHOW_WARNING. Returns true if the console message
+// was logged, false otherwise.
+bool MaybeLogHttpWarning(
+    content::WebContents* web_contents,
+    const security_state::SecurityStateModel::SecurityInfo* const
+        security_info) {
+  if (security_info->security_level ==
+      security_state::SecurityStateModel::HTTP_SHOW_WARNING) {
+    web_contents->GetMainFrame()->AddMessageToConsole(
+        content::CONSOLE_MESSAGE_LEVEL_WARNING,
+        base::StringPrintf("In Chrome M56 (Jan 2017), this page will be marked "

[elawrence, 2016/10/12 02:09:45]

I'll betray my lack of understanding of Chrome's use of strings by asking why we
need a printf here when it feels like a normal string constant should work?

Do we have an official document that defines the public name for UI pieces? E.g.
"URL bar" vs. "Omnibox" vs. "Security Chip" etc?

[estark, 2016/10/12 02:43:19]

Err... that would be because I mindlessly based this on a different console
message which also uses base::StringPrintf for apparently no reason. Fixed.
Not sure. I'll cc emilyschechter, got the string from her.

+                           "as \"not secure\" in the URL bar. For more "
+                           "information see https://goo.gl/zmWq3m"));
+    return true;
+  }
+  return false;
+}
+
 }  // namespace
 
 ChromeSecurityStateModelClient::ChromeSecurityStateModelClient(
     content::WebContents* web_contents)
     : web_contents_(web_contents),
-      security_state_model_(new SecurityStateModel()) {
+      security_state_model_(new SecurityStateModel()),
+      logged_http_warning_on_current_navigation_(false) {
   security_state_model_->SetClient(this);
+  WebContentsObserver::Observe(web_contents_);
 }
 
 ChromeSecurityStateModelClient::~ChromeSecurityStateModelClient() {}
@@ -297,6 +319,10 @@ blink::WebSecurityStyle ChromeSecurityStateModelClient::GetSecurityStyle(
 void ChromeSecurityStateModelClient::GetSecurityInfo(
     SecurityStateModel::SecurityInfo* result) const {
   security_state_model_->GetSecurityInfo(result);
+  if (!logged_http_warning_on_current_navigation_) {
+    logged_http_warning_on_current_navigation_ =
+        MaybeLogHttpWarning(web_contents_, result);
+  }
 }
 
 bool ChromeSecurityStateModelClient::UsedPolicyInstalledCertificate() {
@@ -314,6 +340,11 @@ bool ChromeSecurityStateModelClient::IsOriginSecure(const GURL& url) {
   return content::IsOriginSecure(url);
 }
 
+void ChromeSecurityStateModelClient::DidFinishNavigation(
+    content::NavigationHandle* navigation_handle) {
+  logged_http_warning_on_current_navigation_ = false;
+}
+
 void ChromeSecurityStateModelClient::GetVisibleSecurityState(
     SecurityStateModel::VisibleSecurityState* state) {
   content::NavigationEntry* entry =