Hosts opting in to strict-transport-security get mixed content blocking.

BUG=100136
Review URL: http://codereview.chromium.org/8341031

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@108337 0039d316-1c4b-4281-b951-d872f2087c98

1 files changed, 6 insertions, 0 deletions

diff --git a/chrome/renderer/chrome_render_view_observer.h b/chrome/renderer/chrome_render_view_observer.h
index a8d08f9..f0d8e82 100644
--- a/chrome/renderer/chrome_render_view_observer.h
+++ b/chrome/renderer/chrome_render_view_observer.h
@@ -6,6 +6,7 @@
 #define CHROME_RENDERER_CHROME_RENDER_VIEW_OBSERVER_H_
 #pragma once
 
+#include <set>
 #include <string>
 #include <vector>
 
@@ -127,6 +128,7 @@ class ChromeRenderViewObserver : public content::RenderViewObserver,
   void OnSetClientSidePhishingDetection(bool enable_phishing_detection);
   void OnStartFrameSniffer(const string16& frame_name);
   void OnGetFPS();
+  void OnAddStrictSecurityHost(const std::string& host);
 
   // Captures the thumbnail and text contents for indexing for the given load
   // ID. If the view's load ID is different than the parameter, this call is
@@ -174,6 +176,9 @@ class ChromeRenderViewObserver : public content::RenderViewObserver,
   // Decodes a data: URL image or returns an empty image in case of failure.
   SkBitmap ImageFromDataUrl(const GURL&) const;
 
+  // Determines if a host is in the strict security host set.
+  bool IsStrictSecurityHost(const std::string& host);
+
   // Save the JavaScript to preload if a ViewMsg_WebUIJavaScript is received.
   scoped_ptr<WebUIJavaScript> webui_javascript_;
 
@@ -197,6 +202,7 @@ class ChromeRenderViewObserver : public content::RenderViewObserver,
   // Insecure content may be permitted for the duration of this render view.
   bool allow_displaying_insecure_content_;
   bool allow_running_insecure_content_;
+  std::set<std::string> strict_security_hosts_;
 
   // Allows JS to access DOM automation. The JS object is only exposed when the
   // DOM automation bindings are enabled.