Remember user decisions on invalid certificates behind a flag

content/browser/ssl/ssl_policy.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "content/browser/ssl/ssl_policy.h"
 
 #include "base/base_switches.h"
 #include "base/bind.h"
 #include "base/command_line.h"
 #include "base/memory/singleton.h"
@@ skipping 15 matching lines @@
 
 namespace content {
 
 SSLPolicy::SSLPolicy(SSLPolicyBackend* backend)
     : backend_(backend) {
   DCHECK(backend_);
 }
 
 void SSLPolicy::OnCertError(SSLCertErrorHandler* handler) {
   // First we check if we know the policy for this error.
-  net::CertPolicy::Judgment judgment = backend_->QueryPolicy(
-      handler->ssl_info().cert.get(),
-      handler->request_url().host(),
-      handler->cert_error());
+  net::CertPolicy::Judgment judgment =
+      backend_->QueryPolicy(handler->ssl_info().cert.get(),
+                            handler->request_url(),
+                            handler->cert_error());
 
   if (judgment == net::CertPolicy::ALLOWED) {
     handler->ContinueRequest();
     return;
   }
 
   // The judgment is either DENIED or UNKNOWN.
   // For now we handle the DENIED as the UNKNOWN, which means a blocking
   // page is shown to the user every time he comes back to the page.
 
@@ skipping 105 matching lines @@
     // Note that we should not call SetMaxSecurityStyle here, because the active
     // NavigationEntry has just been deleted (in HideInterstitialPage) and the
     // new NavigationEntry will not be set until DidNavigate.  This is ok,
     // because the new NavigationEntry will have its max security style set
     // within DidNavigate.
     //
     // While AllowCertForHost() executes synchronously on this thread,
     // ContinueRequest() gets posted to a different thread. Calling
     // AllowCertForHost() first ensures deterministic ordering.
     backend_->AllowCertForHost(handler->ssl_info().cert.get(),
-                               handler->request_url().host(),
+                               handler->request_url(),
                                handler->cert_error());
     handler->ContinueRequest();
   } else {
     // Default behavior for rejecting a certificate.
     //
     // While DenyCertForHost() executes synchronously on this thread,
     // CancelRequest() gets posted to a different thread. Calling
     // DenyCertForHost() first ensures deterministic ordering.
     backend_->DenyCertForHost(handler->ssl_info().cert.get(),
-                              handler->request_url().host(),
+                              handler->request_url(),
                               handler->cert_error());
     handler->CancelRequest();
   }
 }
 
 ////////////////////////////////////////////////////////////////////////////////
 // Certificate Error Routines
 
 void SSLPolicy::OnCertErrorInternal(SSLCertErrorHandler* handler,
                                     bool overridable,
@@ skipping 34 matching lines @@
       SECURITY_STYLE_AUTHENTICATED : SECURITY_STYLE_UNAUTHENTICATED;
 }
 
 void SSLPolicy::OriginRanInsecureContent(const std::string& origin, int pid) {
   GURL parsed_origin(origin);
   if (parsed_origin.SchemeIsSecure())
     backend_->HostRanInsecureContent(parsed_origin.host(), pid);
 }
 
 }  // namespace content