Add a console messsage for HTTP-bad

chrome/browser/ui/browser.cc

Index: chrome/browser/ui/browser.cc
diff --git a/chrome/browser/ui/browser.cc b/chrome/browser/ui/browser.cc
index e6cc266c85a03406dd0705897fd5cea1f6154b3b..b864a256d3c776e0cb37ed2514989f43a92407e9 100644
--- a/chrome/browser/ui/browser.cc
+++ b/chrome/browser/ui/browser.cc
@@ -362,6 +362,7 @@ Browser::Browser(const CreateParams& params)
       bookmark_bar_state_(BookmarkBar::HIDDEN),
       command_controller_(new chrome::BrowserCommandController(this)),
       window_has_shown_(false),
+      logged_http_warning_on_current_navigation_(false),
       chrome_updater_factory_(this),
       weak_factory_(this) {
   // If this causes a crash then a window is being opened using a profile type
@@ -1430,6 +1431,24 @@ void Browser::VisibleSSLStateChanged(const WebContents* source) {
   DCHECK(source);
   if (tab_strip_model_->GetActiveWebContents() == source)
     UpdateToolbar(false);
+
+  if (!logged_http_warning_on_current_navigation_) {

[msw, 2016/10/13 23:58:01]

I'm not sure if this is the right place for this logging; I'm definitely not the
best reviewer for this change; maybe try Scott for this one.

+    const ChromeSecurityStateModelClient* security_model =
+        ChromeSecurityStateModelClient::FromWebContents(source);
+    security_state::SecurityStateModel::SecurityInfo security_info;
+    security_model->GetSecurityInfo(&security_info);
+    if (security_info.security_level ==
+        security_state::SecurityStateModel::HTTP_SHOW_WARNING) {
+      tab_strip_model_->GetActiveWebContents()
+          ->GetMainFrame()
+          ->AddMessageToConsole(
+              content::CONSOLE_MESSAGE_LEVEL_WARNING,
+              "In Chrome M56 (Jan 2017), this page will be marked "
+              "as \"not secure\" in the URL bar. For more "
+              "information see https://goo.gl/zmWq3m");

[elawrence, 2016/10/14 15:12:27]

trivial: comma after "information"?

[estark, 2016/10/14 17:57:06]

Done.

+      logged_http_warning_on_current_navigation_ = true;
+    }
+  }
 }
 
 void Browser::AddNewContents(WebContents* source,
@@ -1641,6 +1660,9 @@ void Browser::RendererResponsive(WebContents* source) {
 void Browser::DidNavigateMainFramePostCommit(WebContents* web_contents) {
   if (web_contents == tab_strip_model_->GetActiveWebContents())
     UpdateBookmarkBarState(BOOKMARK_BAR_STATE_CHANGE_TAB_STATE);
+  // Reset the flag that prevents logging an HTTP warning message more
+  // than once per main-frame navigation.
+  logged_http_warning_on_current_navigation_ = false;

[sky, 2016/10/14 16:44:03]

Browser is the delegate of multiple WebContents.
logged_http_warning_on_current_navigation_ is really specific to a WebContents.
So, having Browser track per WebContents state doesn't make sense and won't
really work.

ChromeSecurityStateModelClient is per WebContents, and seems to be the place
that is tracking related information. Would it make sense to have these two
functions call equivalent functions on ChromeSecurityStateModelClient, moving
logged_http_warning_on_current_navigation_ there? By doing that
logged_http_warning_on_current_navigation_  is scoped to a WebContents, which is
what you want.

[estark, 2016/10/14 17:57:06]

Ah, right, that makes sense. I forwarded VisibleSSLStateChanged to the
ChromeSSMClient. And I just made ChromeSSMClient a WebContentsObserver so that
it can observe navigations itself. (I already in fact already done that in an
earlier patchset.)

Please take another look.

 }
 
 content::JavaScriptDialogManager* Browser::GetJavaScriptDialogManager(