summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorpalmer <palmer@chromium.org>2015-08-04 12:59:34 -0700
committerCommit bot <commit-bot@chromium.org>2015-08-04 20:03:10 +0000
commita6e826b2b782c41e141b1c3ba1e95d85bb6e4d94 (patch)
tree8841af5a58339fe3049b05aaadc171137212a4af
parenteb2ba9ab7627093f3ef01a3b7cdf44be9bd8ee6c (diff)
downloadchromium_src-a6e826b2b782c41e141b1c3ba1e95d85bb6e4d94.zip
chromium_src-a6e826b2b782c41e141b1c3ba1e95d85bb6e4d94.tar.gz
chromium_src-a6e826b2b782c41e141b1c3ba1e95d85bb6e4d94.tar.bz2
Mark origins of Dubious security as Neutral.
Softening the UX will reduce ambiguity (Dubious means several things), warning fatigue, and site operator sadness (which we hope will then incentivize HTTPS adoption). BUG=513863 Review URL: https://codereview.chromium.org/1260563002 Cr-Commit-Position: refs/heads/master@{#341773}
-rw-r--r--chrome/android/java/src/org/chromium/chrome/browser/toolbar/CustomTabToolbar.java1
-rw-r--r--chrome/browser/ssl/connection_security.cc12
-rw-r--r--chrome/browser/ui/browser_browsertest.cc3
-rw-r--r--chrome/browser/ui/toolbar/toolbar_model_impl.cc3
-rw-r--r--chrome/browser/ui/views/location_bar/location_bar_view.cc5
5 files changed, 14 insertions, 10 deletions
diff --git a/chrome/android/java/src/org/chromium/chrome/browser/toolbar/CustomTabToolbar.java b/chrome/android/java/src/org/chromium/chrome/browser/toolbar/CustomTabToolbar.java
index e988781..da64afc 100644
--- a/chrome/android/java/src/org/chromium/chrome/browser/toolbar/CustomTabToolbar.java
+++ b/chrome/android/java/src/org/chromium/chrome/browser/toolbar/CustomTabToolbar.java
@@ -170,7 +170,6 @@ public class CustomTabToolbar extends ToolbarLayout implements LocationBar,
public boolean shouldEmphasizeHttpsScheme() {
int securityLevel = getSecurityLevel();
if (securityLevel == ConnectionSecurityLevel.SECURITY_ERROR
- || securityLevel == ConnectionSecurityLevel.SECURITY_WARNING
|| securityLevel == ConnectionSecurityLevel.SECURITY_POLICY_WARNING) {
return true;
}
diff --git a/chrome/browser/ssl/connection_security.cc b/chrome/browser/ssl/connection_security.cc
index 2e53f30..ca63e71 100644
--- a/chrome/browser/ssl/connection_security.cc
+++ b/chrome/browser/ssl/connection_security.cc
@@ -49,7 +49,7 @@ connection_security::SecurityLevel GetSecurityLevelForNonSecureFieldTrial() {
level = connection_security::NONE;
} else if (choice == switches::kMarkNonSecureAsDubious) {
status = DUBIOUS;
- level = connection_security::SECURITY_WARNING;
+ level = connection_security::NONE;
} else if (choice == switches::kMarkNonSecureAsNonSecure) {
status = NON_SECURE;
level = connection_security::SECURITY_ERROR;
@@ -58,7 +58,7 @@ connection_security::SecurityLevel GetSecurityLevelForNonSecureFieldTrial() {
level = connection_security::NONE;
} else if (group == switches::kMarkNonSecureAsDubious) {
status = DUBIOUS;
- level = connection_security::SECURITY_WARNING;
+ level = connection_security::NONE;
} else if (group == switches::kMarkNonSecureAsNonSecure) {
status = NON_SECURE;
level = connection_security::SECURITY_ERROR;
@@ -156,18 +156,18 @@ SecurityLevel GetSecurityLevelForWebContents(
if (sha1_status == DEPRECATED_SHA1_BROKEN)
return SECURITY_ERROR;
if (sha1_status == DEPRECATED_SHA1_WARNING)
- return SECURITY_WARNING;
+ return NONE;
MixedContentStatus mixed_content_status = GetMixedContentStatus(ssl);
// Active mixed content is downgraded to the BROKEN style and
// handled above.
DCHECK_NE(RAN_MIXED_CONTENT, mixed_content_status);
if (mixed_content_status == DISPLAYED_MIXED_CONTENT)
- return SECURITY_WARNING;
+ return NONE;
if (net::IsCertStatusError(ssl.cert_status)) {
DCHECK(net::IsCertStatusMinorError(ssl.cert_status));
- return SECURITY_WARNING;
+ return NONE;
}
if (net::SSLConnectionStatusToVersion(ssl.connection_status) ==
net::SSL_CONNECTION_VERSION_SSL3) {
@@ -196,6 +196,7 @@ void GetSecurityInfoForWebContents(const content::WebContents* web_contents,
SecurityLevel security_level = GetSecurityLevelForWebContents(web_contents);
switch (security_level) {
+ case SECURITY_WARNING:
case NONE:
security_info->security_style = content::SECURITY_STYLE_UNAUTHENTICATED;
break;
@@ -203,7 +204,6 @@ void GetSecurityInfoForWebContents(const content::WebContents* web_contents,
case SECURE:
security_info->security_style = content::SECURITY_STYLE_AUTHENTICATED;
break;
- case SECURITY_WARNING:
case SECURITY_POLICY_WARNING:
security_info->security_style = content::SECURITY_STYLE_WARNING;
break;
diff --git a/chrome/browser/ui/browser_browsertest.cc b/chrome/browser/ui/browser_browsertest.cc
index 64a6161..54f9d99 100644
--- a/chrome/browser/ui/browser_browsertest.cc
+++ b/chrome/browser/ui/browser_browsertest.cc
@@ -2950,7 +2950,8 @@ IN_PROC_BROWSER_TEST_F(BrowserTest, SecurityStyleChangedObserver) {
GURL mixed_content_url(https_test_server.GetURL(replacement_path));
ui_test_utils::NavigateToURL(browser(), mixed_content_url);
- EXPECT_EQ(content::SECURITY_STYLE_WARNING, observer.latest_security_style());
+ EXPECT_EQ(content::SECURITY_STYLE_UNAUTHENTICATED,
+ observer.latest_security_style());
const content::SecurityStyleExplanations& mixed_content_explanation =
observer.latest_explanations();
diff --git a/chrome/browser/ui/toolbar/toolbar_model_impl.cc b/chrome/browser/ui/toolbar/toolbar_model_impl.cc
index 083b11b..92245a4 100644
--- a/chrome/browser/ui/toolbar/toolbar_model_impl.cc
+++ b/chrome/browser/ui/toolbar/toolbar_model_impl.cc
@@ -134,7 +134,8 @@ int ToolbarModelImpl::GetIconForSecurityLevel(
case connection_security::SECURE:
return IDR_OMNIBOX_HTTPS_VALID;
case connection_security::SECURITY_WARNING:
- return IDR_OMNIBOX_HTTPS_WARNING;
+ // Surface Dubious as Neutral.
+ return IDR_LOCATION_BAR_HTTP;
case connection_security::SECURITY_POLICY_WARNING:
return IDR_OMNIBOX_HTTPS_POLICY_WARNING;
case connection_security::SECURITY_ERROR:
diff --git a/chrome/browser/ui/views/location_bar/location_bar_view.cc b/chrome/browser/ui/views/location_bar/location_bar_view.cc
index 32050e5..ceab3e9 100644
--- a/chrome/browser/ui/views/location_bar/location_bar_view.cc
+++ b/chrome/browser/ui/views/location_bar/location_bar_view.cc
@@ -357,7 +357,6 @@ SkColor LocationBarView::GetColor(
color = SkColorSetRGB(7, 149, 0);
break;
- case connection_security::SECURITY_WARNING:
case connection_security::SECURITY_POLICY_WARNING:
return GetColor(security_level, DEEMPHASIZED_TEXT);
break;
@@ -366,6 +365,10 @@ SkColor LocationBarView::GetColor(
color = SkColorSetRGB(162, 0, 0);
break;
+ case connection_security::SECURITY_WARNING:
+ return GetColor(security_level, TEXT);
+ break;
+
default:
NOTREACHED();
return GetColor(security_level, TEXT);