Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(459)

Issue 2917873004: Implement 'Not secure' warning for non-secure pages in Incognito mode (Closed)

Created:
3 years, 6 months ago by elawrence
Modified:
3 years, 6 months ago
CC:
chromium-reviews, ios-reviews+chrome_chromium.org, ios-reviews_chromium.org, pkl (ping after 24h if needed), jam, noyau+watch_chromium.org, marq+watch_chromium.org, darin-cc_chromium.org, Eugene But (OOO till 7-30)
Target Ref:
refs/heads/master
Project:
chromium
Visibility:
Public.

Description

Implement 'Not secure' warning for non-secure pages in Incognito mode Non-secure HTTP cannot meet users’ security and privacy expectations when browsing the web. This change marks HTTP pages as 'Not secure' in the Security Chip UI when the user is browsing in Incognito mode. BUG=718556 TESTS= browser_tests.exe --gtest_filter=SecurityStateTabHelperIncognitoTest.* browser_tests.exe --gtest_filter=SecurityStateTabHelperTest.PasswordSecurityLevelDowngraded browser_tests.exe --gtest_filter=SecurityStateTabHelperTest.SecurityLevelNotDowngradedForHTTPInGuestMode components_unittests.exe --gtest_filter=SecurityStateTest.IncognitoFlagPropagates components_unittests.exe --gtest_filter=SecurityStateTest.MarkHttpAsStatusHistogram components_unittests.exe --gtest_filter=SecurityStateContentUtilsTest.HTTPWarning Review-Url: https://codereview.chromium.org/2917873004 Cr-Commit-Position: refs/heads/master@{#479494} Committed: https://chromium.googlesource.com/chromium/src/+/bb56996bdeb8a961f734140764e6c8e2218b7b21

Patch Set 1 #

Patch Set 2 : Add tests and lint #

Patch Set 3 : Add histogram test #

Patch Set 4 : Ensure sensitive fields trigger warnings outside of Incognito #

Total comments: 4

Patch Set 5 : Move console log to Navigation completion #

Total comments: 20

Patch Set 6 : Address feedback #

Patch Set 7 : Fix Guest mode test #

Total comments: 18

Patch Set 8 : Address feedback #

Patch Set 9 : Rebase #

Patch Set 10 : Remove obsolete includes #

Unified diffs Side-by-side diffs Delta from patch set Stats (+535 lines, -41 lines) Patch
M chrome/browser/ssl/security_state_tab_helper.h View 1 2 3 4 5 2 chunks +6 lines, -3 lines 0 comments Download
M chrome/browser/ssl/security_state_tab_helper.cc View 1 2 3 4 5 6 7 8 4 chunks +29 lines, -7 lines 0 comments Download
M chrome/browser/ssl/security_state_tab_helper_browser_tests.cc View 1 2 3 4 5 6 7 8 9 10 chunks +293 lines, -3 lines 0 comments Download
M components/security_state/content/content_utils.cc View 1 2 3 4 5 6 7 1 chunk +16 lines, -9 lines 0 comments Download
M components/security_state/content/content_utils_unittest.cc View 1 2 3 4 5 6 7 8 9 2 chunks +11 lines, -0 lines 0 comments Download
M components/security_state/core/security_state.h View 1 2 3 4 5 6 7 4 chunks +12 lines, -3 lines 0 comments Download
M components/security_state/core/security_state.cc View 1 2 3 4 5 6 7 8 chunks +67 lines, -13 lines 0 comments Download
M components/security_state/core/security_state_unittest.cc View 1 2 3 4 5 6 7 7 chunks +92 lines, -3 lines 0 comments Download
M components/security_state_strings.grdp View 1 chunk +6 lines, -0 lines 0 comments Download
M ios/chrome/browser/ssl/ios_security_state_tab_helper.mm View 1 2 3 4 5 6 7 2 chunks +3 lines, -0 lines 0 comments Download

Messages

Total messages: 50 (38 generated)
elawrence
PTAL? Much of the code change relates to handling the various states of the MarkNonSecureAs ...
3 years, 6 months ago (2017-06-07 21:05:06 UTC) #13
estark
https://codereview.chromium.org/2917873004/diff/150001/chrome/browser/ssl/security_state_tab_helper.cc File chrome/browser/ssl/security_state_tab_helper.cc (right): https://codereview.chromium.org/2917873004/diff/150001/chrome/browser/ssl/security_state_tab_helper.cc#newcode118 chrome/browser/ssl/security_state_tab_helper.cc:118: !navigation_handle->IsSameDocument()) { I think this needs a `&& navigation_handle->HasCommitted()` ...
3 years, 6 months ago (2017-06-09 05:09:38 UTC) #20
elawrence
Please take another look? https://codereview.chromium.org/2917873004/diff/150001/chrome/browser/ssl/security_state_tab_helper.cc File chrome/browser/ssl/security_state_tab_helper.cc (right): https://codereview.chromium.org/2917873004/diff/150001/chrome/browser/ssl/security_state_tab_helper.cc#newcode118 chrome/browser/ssl/security_state_tab_helper.cc:118: !navigation_handle->IsSameDocument()) { On 2017/06/09 05:09:38, ...
3 years, 6 months ago (2017-06-13 15:31:36 UTC) #22
elawrence
> > If it's not too hard, could you add a test that the warning ...
3 years, 6 months ago (2017-06-13 16:50:58 UTC) #27
estark
lgtm with some nits https://codereview.chromium.org/2917873004/diff/190001/chrome/browser/ssl/security_state_tab_helper_browser_tests.cc File chrome/browser/ssl/security_state_tab_helper_browser_tests.cc (right): https://codereview.chromium.org/2917873004/diff/190001/chrome/browser/ssl/security_state_tab_helper_browser_tests.cc#newcode1708 chrome/browser/ssl/security_state_tab_helper_browser_tests.cc:1708: // Check that the expected ...
3 years, 6 months ago (2017-06-13 22:47:12 UTC) #32
estark
eugenebut, could you advise how to write a test for the change in ios/chrome/browser/ssl/ios_security_state_tab_helper.mm?
3 years, 6 months ago (2017-06-13 22:47:51 UTC) #34
Eugene But (OOO till 7-30)
https://codereview.chromium.org/2917873004/diff/190001/ios/chrome/browser/ssl/ios_security_state_tab_helper.mm File ios/chrome/browser/ssl/ios_security_state_tab_helper.mm (right): https://codereview.chromium.org/2917873004/diff/190001/ios/chrome/browser/ssl/ios_security_state_tab_helper.mm#newcode66 ios/chrome/browser/ssl/ios_security_state_tab_helper.mm:66: if (!state->certificate && On 2017/06/13 22:47:11, estark wrote: > ...
3 years, 6 months ago (2017-06-14 01:18:10 UTC) #37
elawrence
Thanks for the thorough review! https://codereview.chromium.org/2917873004/diff/190001/chrome/browser/ssl/security_state_tab_helper_browser_tests.cc File chrome/browser/ssl/security_state_tab_helper_browser_tests.cc (right): https://codereview.chromium.org/2917873004/diff/190001/chrome/browser/ssl/security_state_tab_helper_browser_tests.cc#newcode1708 chrome/browser/ssl/security_state_tab_helper_browser_tests.cc:1708: // Check that the ...
3 years, 6 months ago (2017-06-14 17:01:39 UTC) #38
commit-bot: I haz the power
CQ is trying da patch. Follow status at: https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.org/2917873004/250001
3 years, 6 months ago (2017-06-14 19:12:20 UTC) #43
commit-bot: I haz the power
Try jobs failed on following builders: ios-device-xcode-clang on master.tryserver.chromium.mac (JOB_FAILED, http://build.chromium.org/p/tryserver.chromium.mac/builders/ios-device-xcode-clang/builds/117404)
3 years, 6 months ago (2017-06-14 19:20:54 UTC) #45
commit-bot: I haz the power
CQ is trying da patch. Follow status at: https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.org/2917873004/250001
3 years, 6 months ago (2017-06-14 20:37:08 UTC) #47
commit-bot: I haz the power
3 years, 6 months ago (2017-06-14 20:43:09 UTC) #50
Message was sent while issue was closed.
Committed patchset #10 (id:250001) as
https://chromium.googlesource.com/chromium/src/+/bb56996bdeb8a961f734140764e6...

Powered by Google App Engine
This is Rietveld 408576698