Implement 'Not secure' warning for non-secure pages in Incognito mode

components/security_state/core/security_state.h

Index: components/security_state/core/security_state.h
diff --git a/components/security_state/core/security_state.h b/components/security_state/core/security_state.h
index 4d1ec3f90ce375ebc0be84fb98e6c0d4406cc319..0307f1b60a4499b3f8efbfe877d90228cb5cdb33 100644
--- a/components/security_state/core/security_state.h
+++ b/components/security_state/core/security_state.h
@@ -2,8 +2,8 @@
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
-#ifndef COMPONENTS_SECURITY_STATE_SECURITY_STATE_H_
-#define COMPONENTS_SECURITY_STATE_SECURITY_STATE_H_
+#ifndef COMPONENTS_SECURITY_STATE_CORE_SECURITY_STATE_H_
+#define COMPONENTS_SECURITY_STATE_CORE_SECURITY_STATE_H_
 
 #include <stdint.h>
 #include <memory>
@@ -141,6 +141,9 @@ struct SecurityInfo {
   // True if the server's certificate does not contain a
   // subjectAltName extension with a domain name or IP address.
   bool cert_missing_subject_alt_name;
+  // True if |IsHttpWarningForIncognitoEnabled| and the page was displayed in a

[estark, 2017/06/09 05:09:38]

nit: IsHttpWarningForIncognitoEnabled()

[elawrence, 2017/06/13 15:31:35]

Removed.

+  // non-secure Incognito context.
+  bool is_incognito;

[estark, 2017/06/09 05:09:38]

This also could use a more descriptive name; how about |did_warn_for_incognito|
or something like that? I'm thinking it would be nice if the name makes it clear
that it can be false even when we are in incognito.

[elawrence, 2017/06/13 15:31:35]

Simplified. It now always reflects the incognito state.

 };
 
 // Contains the security state relevant to computing the SecurityInfo
@@ -181,6 +184,9 @@ struct VisibleSecurityState {
   bool displayed_password_field_on_http;
   // True if the page was an HTTP page that displayed a credit card field.
   bool displayed_credit_card_field_on_http;
+  // True if |IsHttpWarningForIncognitoEnabled| and the page was displayed in a

[estark, 2017/06/09 05:09:38]

nitto

[elawrence, 2017/06/13 15:31:36]

Removed.

+  // non-secure Incognito context.
+  bool is_incognito;

[estark, 2017/06/09 05:09:38]

I mentioned this a few files ago, but I think this should either be named more
descriptively, or should really just mean "is incognito".

[elawrence, 2017/06/13 15:31:36]

Done. It now always reflects the incognito state.

 };
 
 // These security levels describe the treatment given to pages that
@@ -209,6 +215,10 @@ void GetSecurityInfo(
 // |kHttpFormWarningFeature| feature.
 bool IsHttpWarningInFormEnabled();
 
+// Returns true if the MarkHttpAs setting indicates that a warning
+// should be shown for HTTP pages loaded while in Incognito mode.
+bool IsHttpWarningForIncognitoEnabled();
+
 }  // namespace security_state
 
-#endif  // COMPONENTS_SECURITY_STATE_SECURITY_STATE_H_
+#endif  // COMPONENTS_SECURITY_STATE_CORE_SECURITY_STATE_H_