Revert of Upgrade insecure requests: Pipe navigational hosts down into nested documents.

Source/core/dom/SecurityContext.h

 /*
  * Copyright (C) 2011 Google Inc. All Rights Reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
  * 1. Redistributions of source code must retain the above copyright
  *    notice, this list of conditions and the following disclaimer.
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in the
@@ skipping 10 matching lines @@
  * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
  * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  *
  */
 
 #ifndef SecurityContext_h
 #define SecurityContext_h
 
 #include "core/dom/SandboxFlags.h"
-#include "wtf/HashSet.h"
 #include "wtf/PassRefPtr.h"
 #include "wtf/RefPtr.h"
-#include "wtf/text/StringHash.h"
 #include "wtf/text/WTFString.h"
 
 namespace blink {
 
 class SecurityOrigin;
 class ContentSecurityPolicy;
 class KURL;
 
 class SecurityContext {
 public:
-    using InsecureNavigationsSet = HashSet<unsigned, WTF::AlreadyHashed>;
-
     // The ordering here is important: 'Upgrade' overrides 'DoNotUpgrade'.
     enum InsecureRequestsPolicy {
         InsecureRequestsDoNotUpgrade = 0,
         InsecureRequestsUpgrade
     };
 
     SecurityOrigin* securityOrigin() const { return m_securityOrigin.get(); }
     ContentSecurityPolicy* contentSecurityPolicy() const { return m_contentSecurityPolicy.get(); }
 
     bool isSecureTransitionTo(const KURL&) const;
 
     // Explicitly override the security origin for this security context.
     // Note: It is dangerous to change the security origin of a script context
     //       that already contains content.
     void setSecurityOrigin(PassRefPtr<SecurityOrigin>);
     virtual void didUpdateSecurityOrigin() = 0;
 
     SandboxFlags sandboxFlags() const { return m_sandboxFlags; }
     bool isSandboxed(SandboxFlags mask) const { return m_sandboxFlags & mask; }
     void enforceSandboxFlags(SandboxFlags mask);
 
     void setHostedInReservedIPRange() { m_hostedInReservedIPRange = true; }
     bool isHostedInReservedIPRange() const { return m_hostedInReservedIPRange; }
 
     void setInsecureRequestsPolicy(InsecureRequestsPolicy policy) { m_insecureRequestsPolicy = policy; }
     InsecureRequestsPolicy insecureRequestsPolicy() const { return m_insecureRequestsPolicy; }
 
-    void addInsecureNavigationUpgrade(const String& host) { m_insecureNavigationsToUpgrade.add(host.impl()->hash()); }

[Yoav Weiss, 2015/03/10 19:03:05]

here we trusted host.impl() to be non-null. Are we sure that's the case? If so,
worth ASSERTing once this goes back in

-    void addInsecureNavigationUpgrade(unsigned hashedHost) { m_insecureNavigationsToUpgrade.add(hashedHost); }
-    InsecureNavigationsSet* insecureNavigationsToUpgrade() { return &m_insecureNavigationsToUpgrade; }
-
 protected:
     SecurityContext();
     virtual ~SecurityContext();
 
     void setContentSecurityPolicy(PassRefPtr<ContentSecurityPolicy>);
 
     void didFailToInitializeSecurityOrigin() { m_haveInitializedSecurityOrigin = false; }
     bool haveInitializedSecurityOrigin() const { return m_haveInitializedSecurityOrigin; }
 
 private:
     bool m_haveInitializedSecurityOrigin;
     RefPtr<SecurityOrigin> m_securityOrigin;
     RefPtr<ContentSecurityPolicy> m_contentSecurityPolicy;
 
     SandboxFlags m_sandboxFlags;
 
     bool m_hostedInReservedIPRange;
     InsecureRequestsPolicy m_insecureRequestsPolicy;
-    InsecureNavigationsSet m_insecureNavigationsToUpgrade;
 };
 
 } // namespace blink
 
 #endif // SecurityContext_h