Implement 'Not secure' warning for non-secure pages in Incognito mode

components/security_state/core/security_state.h

 // Copyright 2015 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
-#ifndef COMPONENTS_SECURITY_STATE_SECURITY_STATE_H_
-#define COMPONENTS_SECURITY_STATE_SECURITY_STATE_H_
+#ifndef COMPONENTS_SECURITY_STATE_CORE_SECURITY_STATE_H_
+#define COMPONENTS_SECURITY_STATE_CORE_SECURITY_STATE_H_
 
 #include <stdint.h>
 #include <memory>
 
 #include "base/callback.h"
 #include "base/feature_list.h"
 #include "base/macros.h"
 #include "net/cert/cert_status_flags.h"
 #include "net/cert/sct_status_flags.h"
 #include "net/cert/x509_certificate.h"
@@ skipping 117 matching lines @@
   bool pkp_bypassed;
   // True if the page displayed password field on an HTTP page.
   bool displayed_password_field_on_http;
   // True if the page displayed credit card field on an HTTP page.
   bool displayed_credit_card_field_on_http;
   // True if the secure page contained a form with a nonsecure target.
   bool contained_mixed_form;
   // True if the server's certificate does not contain a
   // subjectAltName extension with a domain name or IP address.
   bool cert_missing_subject_alt_name;
+  // True if the |security_level| was downgraded to HTTP_SHOW_WARNING because
+  // the page was loaded while Incognito.
+  bool incognito_downgraded_security_level;
 };
 
 // Contains the security state relevant to computing the SecurityInfo
 // for a page. This is the input to GetSecurityInfo().
 struct VisibleSecurityState {
   VisibleSecurityState();
   ~VisibleSecurityState();
   bool operator==(const VisibleSecurityState& other) const;
   GURL url;
 
@@ skipping 20 matching lines @@
   // True if the page displayed passive subresources with certificate errors.
   bool displayed_content_with_cert_errors;
   // True if the page ran active subresources with certificate errors.
   bool ran_content_with_cert_errors;
   // True if PKP was bypassed due to a local trust anchor.
   bool pkp_bypassed;
   // True if the page was an HTTP page that displayed a password field.
   bool displayed_password_field_on_http;
   // True if the page was an HTTP page that displayed a credit card field.
   bool displayed_credit_card_field_on_http;
+  // True if the page was displayed in an Incognito context.
+  bool is_incognito;
 };
 
 // These security levels describe the treatment given to pages that
 // display and run mixed content. They are used to coordinate the
 // treatment of mixed content with other security UI elements.
 constexpr SecurityLevel kDisplayedInsecureContentLevel = NONE;
 constexpr SecurityLevel kRanInsecureContentLevel = DANGEROUS;
 
 // Returns true if the given |url|'s origin should be considered secure.
 using IsOriginSecureCallback = base::Callback<bool(const GURL& url)>;
 
 // Populates |result| to describe the current page.
 // |visible_security_state| contains the relevant security state.
 // |used_policy_installed_certificate| indicates whether the page or request
 // is known to be loaded with a certificate installed by the system admin.
 // |is_origin_secure_callback| determines whether a URL's origin should be
 // considered secure.
 void GetSecurityInfo(
     std::unique_ptr<VisibleSecurityState> visible_security_state,
     bool used_policy_installed_certificate,
     IsOriginSecureCallback is_origin_secure_callback,
     SecurityInfo* result);
 
 // Returns true if an experimental form warning UI about HTTP passwords
 // and credit cards is enabled. This warning UI can be enabled with the
 // |kHttpFormWarningFeature| feature.
 bool IsHttpWarningInFormEnabled();
 
+// Returns true if the MarkHttpAs setting indicates that a warning
+// should be shown for HTTP pages loaded while in Incognito mode.
+bool IsHttpWarningForIncognitoEnabled();
+
 }  // namespace security_state
 
-#endif  // COMPONENTS_SECURITY_STATE_SECURITY_STATE_H_
+#endif  // COMPONENTS_SECURITY_STATE_CORE_SECURITY_STATE_H_