Network traffic annotation added to password_protection_request

components/safe_browsing/password_protection/password_protection_request.cc

 // Copyright 2017 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 #include "components/safe_browsing/password_protection/password_protection_request.h"
 
 #include "base/memory/ptr_util.h"
 #include "base/memory/weak_ptr.h"
 #include "base/metrics/histogram_macros.h"
 #include "components/data_use_measurement/core/data_use_user_data.h"
 #include "components/safe_browsing_db/database_manager.h"
 #include "net/base/escape.h"
 #include "net/base/load_flags.h"
 #include "net/base/url_util.h"
 #include "net/http/http_status_code.h"
+#include "net/traffic_annotation/network_traffic_annotation.h"
 
 using content::BrowserThread;
 
 namespace safe_browsing {
 
 PasswordProtectionRequest::PasswordProtectionRequest(
     const GURL& main_frame_url,
     const GURL& password_form_action,
     const GURL& password_form_frame_url,
     LoginReputationClientRequest::TriggerType type,
@@ skipping 94 matching lines @@
   FillRequestProto();
 
   std::string serialized_request;
   if (!request_proto_->SerializeToString(&serialized_request)) {
     Finish(RequestOutcome::REQUEST_MALFORMED, nullptr);
     return;
   }
 
   // In case the request take too long, we set a timer to cancel this request.
   StartTimeout();
-
+  net::NetworkTrafficAnnotationTag traffic_annotation =
+      net::DefineNetworkTrafficAnnotation("password_protection_request", R"(
+        semantics {
+          sender: "Safe Browsing"
+          description:
+            "When the user is about to log in to a new, uncommon site, Chrome "
+            "will send a request to Safe Browsing to determine if the page is "
+            "phishing. It'll then show a warning if the page poses a risk of "
+            "phishing."
+          trigger:
+            "When a user focuses on a password field on a page that they "
+            "haven't visited before and that isn't popular or known to be safe."
+          data:
+            "URL and referrer of the current page, password form action, and "
+            "iframe structure."
+          destination: GOOGLE_OWNED_SERVICE
+        }
+        policy {
+          cookies_allowed: true
+          cookies_store: "Safe Browsing Cookie Store"
+          setting:
+            "Users can control this feature via 'Protect you and your device "
+            "from dangerous sites' or 'Automatically report details of "
+            "possible security incidents to Google' setting under 'Privacy'. "
+            "By default, the first setting is enabled and the second is not."
+          chrome_policy {
+            SafeBrowsingExtendedReportingOptInAllowed {
+              policy_options {mode: MANDATORY}
+              SafeBrowsingExtendedReportingOptInAllowed: false
+            }
+          }
+        })");
   fetcher_ = net::URLFetcher::Create(
       0, PasswordProtectionService::GetPasswordProtectionRequestUrl(),
-      net::URLFetcher::POST, this);
+      net::URLFetcher::POST, this, traffic_annotation);
   data_use_measurement::DataUseUserData::AttachToFetcher(
       fetcher_.get(), data_use_measurement::DataUseUserData::SAFE_BROWSING);
   fetcher_->SetLoadFlags(net::LOAD_DISABLE_CACHE);
   fetcher_->SetAutomaticallyRetryOn5xx(false);
   fetcher_->SetRequestContext(
       password_protection_service_->request_context_getter().get());
   fetcher_->SetUploadData("application/octet-stream", serialized_request);
   request_start_time_ = base::TimeTicks::Now();
   fetcher_->Start();
 }
@@ skipping 74 matching lines @@
 }
 
 void PasswordProtectionRequest::Cancel(bool timed_out) {
   DCHECK_CURRENTLY_ON(BrowserThread::UI);
   fetcher_.reset();
 
   Finish(timed_out ? TIMEDOUT : CANCELED, nullptr);
 }
 
 }  // namespace safe_browsing