Add security feature to ProvisionalSavePassword

components/password_manager/core/browser/password_manager.cc

Index: components/password_manager/core/browser/password_manager.cc
diff --git a/components/password_manager/core/browser/password_manager.cc b/components/password_manager/core/browser/password_manager.cc
index dc06e20c4e8d73bb9c0a8fd03124d6a5b86714f6..81a6a8c6c65c951700e075e9e4ed3c6b850cbcbd 100644
--- a/components/password_manager/core/browser/password_manager.cc
+++ b/components/password_manager/core/browser/password_manager.cc
@@ -271,6 +271,13 @@ void PasswordManager::ProvisionallySavePassword(const PasswordForm& form) {
     return;
   }
 
+  if (ShouldBlockPasswordForSameOriginButDifferentScheme(form)) {
+    if (logger)
+      logger->LogMessage(
+          Logger::STRING_BLOCK_PASSWORD_SAME_ORIGIN_INSECURE_SCHEME);
+    return;
+  }
+
   auto matched_manager_it = pending_login_managers_.end();
   PasswordFormManager::MatchResultMask current_match_result =
       PasswordFormManager::RESULT_NO_MATCH;
@@ -560,6 +567,15 @@ bool PasswordManager::CanProvisionalManagerSave() {
   return true;
 }
 
+bool PasswordManager::ShouldBlockPasswordForSameOriginButDifferentScheme(
+    const PasswordForm& form) const {
+  const GURL& old_origin = main_frame_url_.GetOrigin();
+  const GURL& new_origin = form.origin.GetOrigin();
+  return old_origin.host_piece() == new_origin.host_piece() &&
+         old_origin.SchemeIsCryptographic() &&
+         !new_origin.SchemeIsCryptographic();
+}

[jdoerrie, 2017/01/05 18:11:30]

Does it make sense to avoid the declaration in the header file and just move
this logic in the anonymous namespace on the top of this file (taking
main_frame_url_ as an extra argument)?

[vasilii, 2017/01/09 14:16:55]

Only if you have a strong reason not to unittest this method ;-)

+
 bool PasswordManager::ShouldPromptUserToSavePassword() const {
   return !client_->IsAutomaticPasswordSavingEnabled() &&
          (provisional_save_manager_->IsNewLogin() ||