PasswordProtectionService verdict cache management

components/safe_browsing/csd.proto

Index: components/safe_browsing/csd.proto
diff --git a/components/safe_browsing/csd.proto b/components/safe_browsing/csd.proto
index 3da6cd68b6910c2aa23409cb029644c8104017da..1b61b4f2c0ebad27a9304710dbb04e5fa0396243 100644
--- a/components/safe_browsing/csd.proto
+++ b/components/safe_browsing/csd.proto
@@ -247,6 +247,18 @@ message LoginReputationClientResponse {
   // The pattern will always match the page_url of the request, and will be
   // a substring of page_url.
   optional string cache_expression = 3;
+
+  // If set true, we do not match a url's path-prefix with the cache_expression.
+  //
+  // Examples:
+  //    If set true, a cache_expression "dropbox.com" will match
+  //      "dropbox.com",
+  //      "dropbox.com/",
+  //      "dropbox.com/login.html?param=val",
+  //      "test.dropbox.com/"
+  //    but will NOT match
+  //      "dropbox.com/abc/"
+  optional bool cache_expression_exact_match = 4;

[Nathan Parker, 2017/03/20 15:55:35]

This isn't really "exact match," since we're ignoring the path in the cache
expression (or assuming it has none?), correct?  It _would_ be exact match if we
ensured the candidate URL matched the expression up to both of their last /'s.
Then 

dropbox.com/foo [exact] would match
     dropbox.com/foo
     dropbox.com/foo/bar.cgi
 NOT dropbox.com/foo/dog/cat.cgi

I think that's a generalization of what you described -- it may or may not be
useful.


Alternately, we could change the name to "cache_expression_root_path" or some
such and have it be only allowed when cache_expresion has no path.  That'd be
simpler.

[Jialiu Lin, 2017/03/20 18:02:39]

Ah, I copied this change from cl/150491510.
I believe Weining tried to express the same thing. But somehow he used an
example only has root path. Your examples are much better, much more
generalized.
I changed this comment according to your feedback. and I've forward your
feedback to him too. 

 }
 
 message ClientMalwareResponse {