Do not save passwords if the landing page has HTTP status 5xx or 4xx

components/password_manager/core/browser/password_manager.cc

Index: components/password_manager/core/browser/password_manager.cc
diff --git a/components/password_manager/core/browser/password_manager.cc b/components/password_manager/core/browser/password_manager.cc
index edeadedbc92852e6e4f4d74fee4b0c27feb737ec..4663ee715d0c918412016b9a9ce4a5bb228e98f3 100644
--- a/components/password_manager/core/browser/password_manager.cc
+++ b/components/password_manager/core/browser/password_manager.cc
@@ -488,6 +488,11 @@ void PasswordManager::OnPasswordFormsRendered(
     // Clear all_visible_forms_ after checking all the visible forms.
     all_visible_forms_.clear();
 
+    // If the server throws an internal error, access denied page, page not
+    // found etc. after a login attempt, we do not save the credentials.
+    if (client_->WasLastNavigationHTTPError())

[vabr (Chromium), 2014/11/17 15:32:15]

Would you mind moving this whole check up, to just after the DCHECK on line 452?
It is a simple information to check, so let's make sure we don't have to do the
for-loop if this check fails.

[Sunil Ratnu, 2014/11/18 06:40:05]

Done.

+      return;

[vabr (Chromium), 2014/11/17 15:32:15]

You need to call SubmitFailed() on the saved form and release it, as is done
above in the for-cycle iterating over all_visible_forms_.
Also, please log STRING_DECISION_DROP here.

[Sunil Ratnu, 2014/11/18 06:40:05]

Done.

+
     // Looks like a successful login attempt. Either show an infobar or
     // automatically save the login data. We prompt when the user hasn't
     // already given consent, either through previously accepting the infobar