Do not require Expect-CT report-uris to be quoted

net/http/http_security_headers_unittest.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include <stdint.h>
 #include <algorithm>
 
 #include "base/base64.h"
 #include "base/strings/string_piece.h"
 #include "crypto/sha2.h"
@@ skipping 976 matching lines @@
                                    &enforce, &report_uri));
   EXPECT_FALSE(ParseExpectCTHeader(",", &max_age, &enforce, &report_uri));
   EXPECT_FALSE(
       ParseExpectCTHeader("max-age, ,", &max_age, &enforce, &report_uri));
 
   // Test that the parser rejects misquoted or invalid report-uris.
   EXPECT_FALSE(ParseExpectCTHeader("max-age=999, report-uri=\"http://foo;bar\'",
                                    &max_age, &enforce, &report_uri));
   EXPECT_FALSE(ParseExpectCTHeader("max-age=999, report-uri=\"foo;bar\"",
                                    &max_age, &enforce, &report_uri));
-  EXPECT_FALSE(ParseExpectCTHeader("max-age=999, report-uri=http://blah",
-                                   &max_age, &enforce, &report_uri));
   EXPECT_FALSE(ParseExpectCTHeader("max-age=999, report-uri=\"\"", &max_age,
                                    &enforce, &report_uri));
 
   // Test that the parser does not fix up misquoted values.
   EXPECT_FALSE(
       ParseExpectCTHeader("max-age=\"999", &max_age, &enforce, &report_uri));
 
   // Test that the parser rejects headers that contain duplicate directives.
   EXPECT_FALSE(ParseExpectCTHeader("max-age=999, enforce, max-age=99999",
                                    &max_age, &enforce, &report_uri));
@@ skipping 69 matching lines @@
 
   enforce = false;
   report_uri = GURL();
   EXPECT_TRUE(
       ParseExpectCTHeader("enforce,report-uri=\"https://foo.test\",max-age=123",
                           &max_age, &enforce, &report_uri));
   EXPECT_EQ(base::TimeDelta::FromSeconds(123), max_age);
   EXPECT_TRUE(enforce);
   EXPECT_EQ(GURL("https://foo.test"), report_uri);
 
+  enforce = false;
+  report_uri = GURL();
+  EXPECT_TRUE(
+      ParseExpectCTHeader("enforce,report-uri=https://foo.test,max-age=123",
+                          &max_age, &enforce, &report_uri));
+  EXPECT_EQ(base::TimeDelta::FromSeconds(123), max_age);
+  EXPECT_TRUE(enforce);
+  EXPECT_EQ(GURL("https://foo.test"), report_uri);
+
   report_uri = GURL();
   enforce = false;
   EXPECT_TRUE(ParseExpectCTHeader("report-uri=\"https://foo.test\",max-age=123",
                                   &max_age, &enforce, &report_uri));
   EXPECT_EQ(base::TimeDelta::FromSeconds(123), max_age);
   EXPECT_FALSE(enforce);
   EXPECT_EQ(GURL("https://foo.test"), report_uri);
 
   report_uri = GURL();
   EXPECT_TRUE(ParseExpectCTHeader("   enFORcE, max-age=123, pumpkin=kitten",
@@ skipping 88 matching lines @@
   EXPECT_TRUE(ParseExpectCTHeader(
       "  max-age=999999999999999999999999999999999999999999999  ,"
       "  enforce   ",
       &max_age, &enforce, &report_uri));
   EXPECT_EQ(base::TimeDelta::FromSeconds(kMaxExpectCTAgeSecs), max_age);
   EXPECT_TRUE(enforce);
   EXPECT_TRUE(report_uri.is_empty());
 }
 
 };    // namespace net