Add HSTS preload for code.google.com.

BUG=158594
TEST=Navigate to code.google.com and expect to get https://.
uploads.code.google.com should NOT get upgraded to https:// yet.
Review URL: https://codereview.chromium.org/11362014

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@165260 0039d316-1c4b-4281-b951-d872f2087c98

2 files changed, 7 insertions, 2 deletions

diff --git a/net/base/transport_security_state_static.h b/net/base/transport_security_state_static.h
index 13b8f2c..e10a13c 100644
--- a/net/base/transport_security_state_static.h
+++ b/net/base/transport_security_state_static.h
@@ -334,6 +334,7 @@ static const struct HSTSPreload kPreloadedSTS[] = {
   {16, true, "\012googleapis\003com", false, kGooglePins, DOMAIN_GOOGLEAPIS_COM },
   {22, true, "\020googleadservices\003com", false, kGooglePins, DOMAIN_GOOGLEADSERVICES_COM },
   {16, true, "\012googlecode\003com", false, kGooglePins, DOMAIN_GOOGLECODE_COM },
+  {17, false, "\004code\006google\003com", true, kGooglePins, DOMAIN_GOOGLECODE_COM },
   {13, true, "\007appspot\003com", false, kGooglePins, DOMAIN_APPSPOT_COM },
   {23, true, "\021googlesyndication\003com", false, kGooglePins, DOMAIN_GOOGLESYNDICATION_COM },
   {17, true, "\013doubleclick\003net", false, kGooglePins, DOMAIN_DOUBLECLICK_NET },
diff --git a/net/base/transport_security_state_static.json b/net/base/transport_security_state_static.json
index 0567213..df52921 100644
--- a/net/base/transport_security_state_static.json
+++ b/net/base/transport_security_state_static.json
@@ -166,7 +166,7 @@
     { "name": "script.google.com", "include_subdomains": true, "mode": "force-https", "pins": "google" },
     { "name": "history.google.com", "include_subdomains": true, "mode": "force-https", "pins": "google" },
 
-    // Other Google related domain that must use HTTPS.
+    // Other Google-related domains that must use HTTPS.
     { "name": "market.android.com", "include_subdomains": true, "mode": "force-https", "pins": "google" },
     { "name": "ssl.google-analytics.com", "include_subdomains": true, "mode": "force-https", "pins": "google" },
     { "name": "drive.google.com", "include_subdomains": true, "mode": "force-https", "pins": "google" },
@@ -176,6 +176,11 @@
     { "name": "chromiumcodereview.appspot.com", "include_subdomains": true, "mode": "force-https", "pins": "google" },
     { "name": "codereview.appspot.com", "include_subdomains": true, "mode": "force-https", "pins": "google" },
     { "name": "codereview.chromium.org", "include_subdomains": true, "mode": "force-https", "pins": "google" },
+    // TODO(palmer): include_subdomains must be set to true when the
+    // certificate for uploads.code.google.com is corrected. See
+    // https://code.google.com/p/chromium/issues/detail?id=158594.
+    { "name": "code.google.com", "include_subdomains": false, "mode": "force-https", "pins": "google" },
+    { "name": "googlecode.com", "include_subdomains": true, "pins": "google" },
 
     // chart.apis.google.com is *not* HSTS because the certificate doesn't match
     // and there are lots of links out there that still use the name. The correct
@@ -189,7 +194,6 @@
     { "name": "youtube.com", "include_subdomains": true, "pins": "google" },
     { "name": "googleapis.com", "include_subdomains": true, "pins": "google" },
     { "name": "googleadservices.com", "include_subdomains": true, "pins": "google" },
-    { "name": "googlecode.com", "include_subdomains": true, "pins": "google" },
     { "name": "appspot.com", "include_subdomains": true, "pins": "google" },
     { "name": "googlesyndication.com", "include_subdomains": true, "pins": "google" },
     { "name": "doubleclick.net", "include_subdomains": true, "pins": "google" },