Rework SafeBrowsingResourceHandler.

Most notably, don't start the request until the URL has been verified.

The previous behavior was to overlap the retrieval of the request's headers with the URL check.
This meant that cookies from blocked pages got applied, and also that the renderer received the headers for blocked pages, and other awkwardness.

Blocking before the request has started also has the advantage of protecting against malware URLs that might exploit bugs in the HTTP stack itself (as the request is never started).

In terms of performance, overlapping had the benefit that the request gets a head start while the URL is being verified.
In practice I don't think this is actually significant, since we rely on low bloom filter false positives to avoid these extended checks in the first place. Hence optimizing for the uncommon case of extended checks isn't fruitful, especially when it comes at the cost of complexity.

I don't have unit-tests for this yet since there wasn't an existing framework to put them in (apparantly there are no safe browsing unit tests for ResourceDispatcherHost?).
I will follow up with another CL that does the necessary surgery to add such tests in resource_dispatcher_host_unittest.cc.

BUG=33572,36046
TEST=see bugs.
Review URL: http://codereview.chromium.org/661072

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@40184 0039d316-1c4b-4281-b951-d872f2087c98

0 files changed, 0 insertions, 0 deletions