Omnibox improvements and fixes.

chrome/browser/android/vr_shell/vr_web_contents_observer.cc

Index: chrome/browser/android/vr_shell/vr_web_contents_observer.cc
diff --git a/chrome/browser/android/vr_shell/vr_web_contents_observer.cc b/chrome/browser/android/vr_shell/vr_web_contents_observer.cc
index 4b337eb261a914e200a973509edb330a7095f619..dfe2453339238fd39e4c494c22454bafd49b1717 100644
--- a/chrome/browser/android/vr_shell/vr_web_contents_observer.cc
+++ b/chrome/browser/android/vr_shell/vr_web_contents_observer.cc
@@ -5,6 +5,8 @@
 #include "chrome/browser/android/vr_shell/vr_web_contents_observer.h"
 
 #include "chrome/browser/android/vr_shell/ui_interface.h"
+#include "chrome/browser/ssl/security_state_tab_helper.h"
+#include "components/security_state/core/security_state.h"
 #include "content/public/browser/navigation_handle.h"
 
 namespace vr_shell {
@@ -12,7 +14,10 @@ namespace vr_shell {
 VrWebContentsObserver::VrWebContentsObserver(content::WebContents* web_contents,
                                              UiInterface* ui_interface)
     : WebContentsObserver(web_contents),
-      ui_interface_(ui_interface) {}
+      ui_interface_(ui_interface) {
+  ui_interface_->SetURL(web_contents->GetVisibleURL());
+  SetSecurityLevel();
+}
 
 VrWebContentsObserver::~VrWebContentsObserver() {}
 
@@ -30,17 +35,42 @@ void VrWebContentsObserver::DidStopLoading() {
 
 void VrWebContentsObserver::DidStartNavigation(
     content::NavigationHandle* navigation_handle) {
-  ui_interface_->SetURL(navigation_handle->GetURL());
+  if (navigation_handle->IsInMainFrame()) {
+    ui_interface_->SetURL(navigation_handle->GetURL());
+    SetSecurityLevel();
+  }
 }
 
 void VrWebContentsObserver::DidRedirectNavigation(
     content::NavigationHandle* navigation_handle) {
-  ui_interface_->SetURL(navigation_handle->GetURL());
+  if (navigation_handle->IsInMainFrame()) {
+    ui_interface_->SetURL(navigation_handle->GetURL());
+    SetSecurityLevel();
+  }
 }
 
 void VrWebContentsObserver::DidFinishNavigation(
     content::NavigationHandle* navigation_handle) {
-  ui_interface_->SetURL(navigation_handle->GetURL());
+  if (navigation_handle->IsInMainFrame()) {
+    ui_interface_->SetURL(navigation_handle->GetURL());
+    SetSecurityLevel();
+  }
+}
+
+void VrWebContentsObserver::SetSecurityLevel() {
+  const auto* helper = SecurityStateTabHelper::FromWebContents(web_contents());

[cjgrant, 2016/11/29 16:33:52]

dcheng@ and clamy@:

This bit of code works for demo purposes, but I'm not comfortable with it, and
would like your advice.

In https://codereview.chromium.org/2361533003, you discuss how isSecureContext()
is currently generated by the renderer, but will (in the future) be made
available to the browser process (crbug.com/650203 tracks this).  I don't know
the difference between isSecureContext(), and the security level I'm querying
with my CL.  So far, I know that this method yields the same basic result for
https and non-https WebVR sites (ie. warnings are shown only on http sites).

Assuming that what I'm doing here is okay, my next question is, why isn't
security level exposes via a WebContentsObserver callback?  WebContentsObserver
exposes something called Security "Style" - I haven't yet figured out what that
is, but it's not the level.  :)

Finally, please note that the code here driving the omnibox is demo-grade. 
Eventually I expect we'll have a fully-functional omnibox that's similar to
Clank's version, but done solely in C++.  Details are a separate, huge
discussion.

+  CHECK(helper);
+  security_state::SecurityInfo security_info;
+  helper->GetSecurityInfo(&security_info);
+  const security_state::SecurityLevel level = security_info.security_level;
+
+  // TODO(cjgrant): Pass the level to the HTML UI instead.
+  if (level == security_state::SecurityLevel::EV_SECURE ||
+      level == security_state::SecurityLevel::SECURE) {
+    ui_interface_->SetSecureOrigin(true);
+  } else {
+    ui_interface_->SetSecureOrigin(false);
+  }
 }
 
 void VrWebContentsObserver::DidToggleFullscreenModeForTab(