[Autofill] Do not offer autofill suggestions on insecure forms

components/autofill/core/browser/autofill_manager_unittest.cc

 // Copyright 2013 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "components/autofill/core/browser/autofill_manager.h"
 
 #include <stddef.h>
 
 #include <algorithm>
 #include <memory>
@@ skipping 872 matching lines @@
   void CreateTestCreditCardFormData(FormData* form,
                                     bool is_https,
                                     bool use_month_type) {
     form->name = ASCIIToUTF16("MyForm");
     if (is_https) {
       form->origin = GURL("https://myform.com/form.html");
       form->action = GURL("https://myform.com/submit.html");
     } else {
       form->origin = GURL("http://myform.com/form.html");
       form->action = GURL("http://myform.com/submit.html");
-      autofill_client_.set_is_context_secure(false);
     }
 
     FormFieldData field;
     test::CreateTestFormField("Name on Card", "nameoncard", "", "text", &field);
     form->fields.push_back(field);
     test::CreateTestFormField("Card Number", "cardnumber", "", "text", &field);
     form->fields.push_back(field);
     if (use_month_type) {
       test::CreateTestFormField(
           "Expiration Date", "ccmonth", "", "month", &field);
@@ skipping 643 matching lines @@
   // Test that we sent the right values to the external delegate.
   external_delegate_->CheckSuggestions(
       kDefaultPageID,
       Suggestion("Elvis Presley", kVisaSuggestion, kVisaCard,
                  autofill_manager_->GetPackedCreditCardID(4)),
       Suggestion("Buddy Holly", kMcSuggestion, kMasterCard,
                  autofill_manager_->GetPackedCreditCardID(5)));
 }
 
 // Test that we return a warning explaining that credit card profile suggestions
-// are unavailable when the form is not secure.
+// are unavailable when the page and the form target URL are not secure.
 TEST_F(AutofillManagerTest, GetCreditCardSuggestions_NonHTTPS) {
   // Set up our form data.
   FormData form;
   CreateTestCreditCardFormData(&form, false, false);
   std::vector<FormData> forms(1, form);
   FormsSeen(forms);
 
   const FormFieldData& field = form.fields[0];
   GetAutofillSuggestions(form, field);
 
   // Test that we sent the right values to the external delegate.
   external_delegate_->CheckSuggestions(
       kDefaultPageID,
       Suggestion(
           l10n_util::GetStringUTF8(IDS_AUTOFILL_WARNING_INSECURE_CONNECTION),
           "", "", -1));
 
   // Clear the test credit cards and try again -- we shouldn't return a warning.
   personal_data_.ClearCreditCards();
   GetAutofillSuggestions(form, field);
   // Autocomplete suggestions are queried, but not Autofill.
   EXPECT_FALSE(external_delegate_->on_suggestions_returned_seen());
 }
 
+// Test that we return a warning explaining that credit card profile suggestions
+// are unavailable when the page is secure, but the form target URL is not
+// secure.
+TEST_F(AutofillManagerTest, GetCreditCardSuggestions_TargetURLNonHTTPS) {
+  // Set up our form data.
+  FormData form;
+  CreateTestCreditCardFormData(&form, /* is_https= */ true, false);
+  // However we set the action (target URL) to be HTTP after all.
+  form.action = GURL("http://myform.com/submit.html");
+  std::vector<FormData> forms(1, form);
+  FormsSeen(forms);
+
+  const FormFieldData& field = form.fields[0];
+  GetAutofillSuggestions(form, field);
+
+  // Test that we sent the right values to the external delegate.
+  external_delegate_->CheckSuggestions(
+      kDefaultPageID, Suggestion(l10n_util::GetStringUTF8(
+                                     IDS_AUTOFILL_WARNING_INSECURE_CONNECTION),
+                                 "", "", -1));
+
+  // Clear the test credit cards and try again -- we shouldn't return a warning.
+  personal_data_.ClearCreditCards();
+  GetAutofillSuggestions(form, field);
+  // Autocomplete suggestions are queried, but not Autofill.
+  EXPECT_FALSE(external_delegate_->on_suggestions_returned_seen());
+}
+
 // Test that we return all credit card suggestions in the case that two cards
 // have the same obfuscated number.
 TEST_F(AutofillManagerTest, GetCreditCardSuggestions_RepeatedObfuscatedNumber) {
   // Add a credit card with the same obfuscated number as Elvis's.
   // |credit_card| will be owned by the mock PersonalDataManager.
   CreditCard* credit_card = new CreditCard;
   test::SetCreditCardInfo(credit_card, "Elvis Presley",
                           "5231567890123456",  // Mastercard
                           "05", "2999");
   credit_card->set_guid("00000000-0000-0000-0000-000000000007");
@@ skipping 3622 matching lines @@
   FormsSeen(mixed_forms);
 
   // Suggestions should always be displayed.
   for (const FormFieldData& field : mixed_form.fields) {
     GetAutofillSuggestions(mixed_form, field);
     EXPECT_TRUE(external_delegate_->on_suggestions_returned_seen());
   }
 }
 
 }  // namespace autofill