Implement 'Not secure' warning for non-secure pages in Incognito mode

chrome/browser/ssl/security_state_tab_helper.cc

Index: chrome/browser/ssl/security_state_tab_helper.cc
diff --git a/chrome/browser/ssl/security_state_tab_helper.cc b/chrome/browser/ssl/security_state_tab_helper.cc
index 590c3fdf83e48707f0fc9003b8911b5d764d3222..8d2c02ae4095aa8ca4c7aef788604419f9836c50 100644
--- a/chrome/browser/ssl/security_state_tab_helper.cc
+++ b/chrome/browser/ssl/security_state_tab_helper.cc
@@ -15,6 +15,7 @@
 #include "components/prefs/pref_service.h"
 #include "components/security_state/content/content_utils.h"
 #include "components/ssl_config/ssl_config_prefs.h"
+#include "content/public/browser/browser_context.h"
 #include "content/public/browser/navigation_entry.h"
 #include "content/public/browser/navigation_handle.h"
 #include "content/public/browser/render_frame_host.h"
@@ -39,6 +40,7 @@ using safe_browsing::SafeBrowsingUIManager;
 SecurityStateTabHelper::SecurityStateTabHelper(
     content::WebContents* web_contents)
     : content::WebContentsObserver(web_contents),
+      logged_incognito_warning_on_current_navigation_(false),
       logged_http_warning_on_current_navigation_(false) {}
 
 SecurityStateTabHelper::~SecurityStateTabHelper() {}
@@ -51,13 +53,29 @@ void SecurityStateTabHelper::GetSecurityInfo(
 }
 
 void SecurityStateTabHelper::VisibleSecurityStateChanged() {
-  if (logged_http_warning_on_current_navigation_)
+  if (logged_incognito_warning_on_current_navigation_ &&
+      logged_http_warning_on_current_navigation_) {
     return;
+  }
 
   security_state::SecurityInfo security_info;
   GetSecurityInfo(&security_info);
-  if (!security_info.displayed_password_field_on_http &&
-      !security_info.displayed_credit_card_field_on_http) {
+
+  if (!logged_incognito_warning_on_current_navigation_ &&
+      security_info.is_incognito &&
+      security_info.security_level == security_state::HTTP_SHOW_WARNING) {
+    logged_incognito_warning_on_current_navigation_ = true;
+
+    web_contents()->GetMainFrame()->AddMessageToConsole(
+        content::CONSOLE_MESSAGE_LEVEL_WARNING,
+        "This page was loaded non-securely in an incognito mode browser. A "
+        "warning has been added to the URL bar. For more information, see "
+        "https://goo.gl/y8SRRv.");
+  }
+
+  if (logged_http_warning_on_current_navigation_ ||
+      (!security_info.displayed_password_field_on_http &&
+       !security_info.displayed_credit_card_field_on_http)) {
     return;
   }
 
@@ -92,11 +110,15 @@ void SecurityStateTabHelper::VisibleSecurityStateChanged() {
 
 void SecurityStateTabHelper::DidStartNavigation(
     content::NavigationHandle* navigation_handle) {
-  if (time_of_http_warning_on_current_navigation_.is_null() ||
-      !navigation_handle->IsInMainFrame() ||
+  if (!navigation_handle->IsInMainFrame() ||
       navigation_handle->IsSameDocument()) {
     return;
   }
+
+  logged_incognito_warning_on_current_navigation_ = false;
+
+  if (time_of_http_warning_on_current_navigation_.is_null())
+    return;
   // Record how quickly a user leaves a site after encountering an
   // HTTP-bad warning. A navigation here only counts if it is a
   // main-frame, not-same-page navigation, since it aims to measure how
@@ -199,5 +221,13 @@ SecurityStateTabHelper::GetVisibleSecurityState() const {
   // information is still being initialized, thus no need to check for that.
   state->malicious_content_status = GetMaliciousContentStatus();
 
+  if (!state->certificate &&
+      security_state::IsHttpWarningForIncognitoEnabled()) {
+    content::BrowserContext* context = web_contents()->GetBrowserContext();
+    if (context->IsOffTheRecord() &&
+        !Profile::FromBrowserContext(context)->IsGuestSession()) {
+      state->is_incognito = true;
+    }
+  }
   return state;
 }