diff options
| author | lgarron <lgarron@chromium.org> | 2015-05-11 19:05:04 -0700 |
|---|---|---|
| committer | Commit bot <commit-bot@chromium.org> | 2015-05-12 02:05:15 +0000 |
| commit | 7b70d593c20676a7b2656684416a1be1f50a167a (patch) | |
| tree | 74533cd9c346b6724ea521976ffab63781c1d1f2 /chrome/browser/ui/extensions/extension_installed_bubble.h | |
| parent | 0d4b2884a58526ee74fb9b060488cd6fc31c50f3 (diff) | |
| download | chromium_src-7b70d593c20676a7b2656684416a1be1f50a167a.zip chromium_src-7b70d593c20676a7b2656684416a1be1f50a167a.tar.gz chromium_src-7b70d593c20676a7b2656684416a1be1f50a167a.tar.bz2 | |
Switch //chrome functions to use SchemeIsCryptographic() instead of SchemeIsSecure().
palmer@ recently introduced SchemeIsCryptographic() and
IsOriginSecure(), which are meant to replace SchemeIsSecure().
IsOriginSecure() roughly means "do we trust this content not to be
tampered with before it reaches the user?" [1] This is a higher-level
definition that corresponds to the new "privileged contexts" spec. [2]
SchemeIsCryptographic() [3] is close to the old definition of
SchemeIsSecure(), and literally just checks if the scheme is a
cryptographic scheme (HTTPS or WSS as of right now). The difference is
that SchemeIsCryptographic() will not consider filesystem URLs secure.
[1] https://code.google.com/p/chromium/codesearch#chromium/src/content/public/common/origin_util.h&sq=package:chromium&type=cs&l=19&rcl=143099866
[2] https://www.chromium.org/Home/chromium-security/prefer-secure-origins-for-powerful-new-features and https://w3c.github.io/webappsec/specs/powerfulfeatures/
[3] https://code.google.com/p/chromium/codesearch#chromium/src/url/gurl.h&sq=package:chromium&type=cs&l=250&rcl=1430998666
BUG=362214
Review URL: https://codereview.chromium.org/1131493004
Cr-Commit-Position: refs/heads/master@{#329313}
Diffstat (limited to 'chrome/browser/ui/extensions/extension_installed_bubble.h')
0 files changed, 0 insertions, 0 deletions