Rename SecurityStyleExplanations and WebSecurityStyle fields

content/child/web_url_loader_impl.cc

 // Copyright 2014 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "content/child/web_url_loader_impl.h"
 
 #include <stdint.h>
 
 #include <algorithm>
 #include <memory>
@@ skipping 83 matching lines @@
 // per-resource security styles should live in the same place as the
 // logic for assigning per-page security styles (which lives in the
 // embedder). It would also be nice for the embedder to have the chance
 // to control the per-resource security style beyond the simple logic
 // here. (For example, the embedder might want to mark certain resources
 // differently if they use SHA1 signatures.) https://crbug.com/648326
 blink::WebSecurityStyle GetSecurityStyleForResource(
     const GURL& url,
     net::CertStatus cert_status) {
   if (!url.SchemeIsCryptographic())
-    return blink::WebSecurityStyleUnauthenticated;
+    return blink::WebSecurityStyleNeutral;
 
   // Minor errors don't lower the security style to
   // WebSecurityStyleAuthenticationBroken.
   if (net::IsCertStatusError(cert_status) &&
       !net::IsCertStatusMinorError(cert_status)) {
-    return blink::WebSecurityStyleAuthenticationBroken;
+    return blink::WebSecurityStyleInsecure;
   }
 
-  return blink::WebSecurityStyleAuthenticated;
+  return blink::WebSecurityStyleSecure;
 }
 
 // Converts timing data from |load_timing| to the format used by WebKit.
 void PopulateURLLoadTiming(const net::LoadTimingInfo& load_timing,
                            WebURLLoadTiming* url_timing) {
   DCHECK(!load_timing.request_start.is_null());
 
   const TimeTicks kNullTicks;
   url_timing->initialize();
   url_timing->setRequestTime(
@@ skipping 128 matching lines @@
 
 void SetSecurityStyleAndDetails(const GURL& url,
                                 const ResourceResponseInfo& info,
                                 WebURLResponse* response,
                                 bool report_security_info) {
   if (!report_security_info) {
     response->setSecurityStyle(blink::WebSecurityStyleUnknown);
     return;
   }
   if (!url.SchemeIsCryptographic()) {
-    response->setSecurityStyle(blink::WebSecurityStyleUnauthenticated);
+    response->setSecurityStyle(blink::WebSecurityStyleNeutral);
     return;
   }
 
-  // There are cases where an HTTPS request can come in without security
-  // info attached (such as a redirect response).
+  // The resource loader does not provide a guarantee that requests always have
+  // security info (such as a certificate) attached. Use WebSecurityStyleUnknown

[estark, 2017/03/22 17:32:27]

(unrelated comment cleanup while I was here)

+  // in this case where there isn't enough information to be useful.
   if (info.certificate.empty()) {
     response->setSecurityStyle(blink::WebSecurityStyleUnknown);
     return;
   }
 
   int ssl_version =
       net::SSLConnectionStatusToVersion(info.ssl_connection_status);
   const char* protocol;
   net::SSLVersionToString(&protocol, ssl_version);
 
@@ skipping 970 matching lines @@
                                          int intra_priority_value) {
   context_->DidChangePriority(new_priority, intra_priority_value);
 }
 
 void WebURLLoaderImpl::setLoadingTaskRunner(
     base::SingleThreadTaskRunner* loading_task_runner) {
   context_->SetTaskRunner(loading_task_runner);
 }
 
 }  // namespace content