Skip interstitials and don't block requests for localhost SSL errors

chrome/browser/ssl/chrome_ssl_host_state_delegate.cc

Index: chrome/browser/ssl/chrome_ssl_host_state_delegate.cc
diff --git a/chrome/browser/ssl/chrome_ssl_host_state_delegate.cc b/chrome/browser/ssl/chrome_ssl_host_state_delegate.cc
index e179edb926b9ef8df5a97c152f88933e09be8c57..d4c015ae8f17c5380fe468357b1f78ac49000186 100644
--- a/chrome/browser/ssl/chrome_ssl_host_state_delegate.cc
+++ b/chrome/browser/ssl/chrome_ssl_host_state_delegate.cc
@@ -327,6 +327,15 @@ ChromeSSLHostStateDelegate::QueryPolicy(const std::string& host,
   scoped_ptr<base::Value> value(map->GetWebsiteSetting(
       url, url, CONTENT_SETTINGS_TYPE_SSL_CERT_DECISIONS, std::string(), NULL));
 
+  // If the appropriate flag is set, let requests on localhost go
+  // through even if there are certificate errors. Errors on localhost
+  // are unlikely to indicate actual security problems.
+  bool allowLocalhost = base::CommandLine::ForCurrentProcess()->

[Ryan Sleevi, 2015/02/04 19:34:41]

nit: naming wise, this should be allow_localhost (see the naming rules for
http://google-styleguide.googlecode.com/svn/trunk/cppguide.html#Variable_Names )

This differs from our JS naming rules (which this would be correct in - see
https://google-styleguide.googlecode.com/svn/trunk/javascriptguide.xml#Naming )

[estark, 2015/02/05 03:02:38]

Done.

+    HasSwitch(switches::kAllowInsecureLocalhost);
+  if (allowLocalhost && url.DomainIs("localhost")) {

[felt, 2015/02/04 08:06:54]

will it always be normalized to "localhost"?  what about 127.0.0.1? are there
other addresses in the RFC that should count too?

[estark, 2015/02/05 03:02:38]

Done -- changed to use net::IsLocalhost, which is "localhost" and 127.0.0.0/8,
and maybe .localhost sometime in the future.

+    return ALLOWED;
+  }
+
   // Set a default value in case this method is short circuited and doesn't do a
   // full query.
   *expired_previous_decision = false;