Rename X-Force-TLS to Strict-Transport-Security.

Also, remove StrictTransportSecurity code from SSLPolicy because that code
doesn't work.

R=agl

Review URL: http://codereview.chromium.org/198035

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@25577 0039d316-1c4b-4281-b951-d872f2087c98

3 files changed, 23 insertions, 20 deletions

diff --git a/net/url_request/url_request_context.h b/net/url_request/url_request_context.h
index 1c9d1c8..5f852e7 100644
--- a/net/url_request/url_request_context.h
+++ b/net/url_request/url_request_context.h
@@ -20,7 +20,7 @@
 #include "net/proxy/proxy_service.h"
 
 namespace net {
-class ForceTLSState;
+class StrictTransportSecurityState;
 class FtpTransactionFactory;
 class HttpTransactionFactory;
 }
@@ -34,7 +34,7 @@ class URLRequestContext :
       : http_transaction_factory_(NULL),
         ftp_transaction_factory_(NULL),
         cookie_store_(NULL),
-        force_tls_state_(NULL) {
+        strict_transport_security_state_(NULL) {
   }
 
   net::HostResolver* host_resolver() const {
@@ -67,7 +67,8 @@ class URLRequestContext :
   // Gets the cookie policy for this context.
   net::CookiePolicy* cookie_policy() { return &cookie_policy_; }
 
-  net::ForceTLSState* force_tls_state() { return force_tls_state_; }
+  net::StrictTransportSecurityState* strict_transport_security_state() {
+      return strict_transport_security_state_; }
 
   // Gets the FTP authentication cache for this context.
   net::FtpAuthCache* ftp_auth_cache() { return &ftp_auth_cache_; }
@@ -119,7 +120,7 @@ class URLRequestContext :
   net::FtpTransactionFactory* ftp_transaction_factory_;
   scoped_refptr<net::CookieStore> cookie_store_;
   net::CookiePolicy cookie_policy_;
-  net::ForceTLSState* force_tls_state_;;
+  net::StrictTransportSecurityState* strict_transport_security_state_;
   net::FtpAuthCache ftp_auth_cache_;
   std::string accept_language_;
   std::string accept_charset_;
diff --git a/net/url_request/url_request_http_job.cc b/net/url_request/url_request_http_job.cc
index bd33720..71eee28 100644
--- a/net/url_request/url_request_http_job.cc
+++ b/net/url_request/url_request_http_job.cc
@@ -14,7 +14,7 @@
 #include "base/string_util.h"
 #include "net/base/cert_status_flags.h"
 #include "net/base/filter.h"
-#include "net/base/force_tls_state.h"
+#include "net/base/strict_transport_security_state.h"
 #include "net/base/load_flags.h"
 #include "net/base/net_errors.h"
 #include "net/base/net_util.h"
@@ -55,8 +55,8 @@ URLRequestJob* URLRequestHttpJob::Factory(URLRequest* request,
   static const bool kForceHTTPS =
       CommandLine::ForCurrentProcess()->HasSwitch(switches::kForceHTTPS);
   if (kForceHTTPS && scheme == "http" &&
-      request->context()->force_tls_state() &&
-      request->context()->force_tls_state()->IsEnabledForHost(
+      request->context()->strict_transport_security_state() &&
+      request->context()->strict_transport_security_state()->IsEnabledForHost(
           request->url().host())) {
     DCHECK_EQ(request->url().scheme(), "http");
     url_canon::Replacements<char> replacements;
@@ -536,11 +536,11 @@ bool URLRequestHttpJob::ShouldTreatAsCertificateError(int result) {
   if (!CommandLine::ForCurrentProcess()->HasSwitch(switches::kForceHTTPS))
     return true;
 
-  // Check whether our context is using ForceTLS.
-  if (!context_->force_tls_state())
+  // Check whether our context is using Strict-Transport-Security.
+  if (!context_->strict_transport_security_state())
     return true;
 
-  return !context_->force_tls_state()->IsEnabledForHost(
+  return !context_->strict_transport_security_state()->IsEnabledForHost(
       request_info_.url.host());
 }
 
@@ -568,7 +568,7 @@ void URLRequestHttpJob::NotifyHeadersComplete() {
     }
   }
 
-  ProcessForceTLSHeader();
+  ProcessStrictTransportSecurityHeader();
 
   if (SdchManager::Global() &&
       SdchManager::Global()->IsInSupportedDomain(request_->url())) {
@@ -741,29 +741,31 @@ void URLRequestHttpJob::FetchResponseCookies() {
 }
 
 
-void URLRequestHttpJob::ProcessForceTLSHeader() {
+void URLRequestHttpJob::ProcessStrictTransportSecurityHeader() {
   DCHECK(response_info_);
 
   // Hide processing behind a command line flag.
   if (!CommandLine::ForCurrentProcess()->HasSwitch(switches::kForceHTTPS))
     return;
 
-  // Only process X-Force-TLS from HTTPS responses.
+  // Only process Strict-Transport-Security from HTTPS responses.
   if (request_info_.url.scheme() != "https")
     return;
 
-  // Only process X-Force-TLS from responses with valid certificates.
+  // Only process Strict-Transport-Security from responses with valid certificates.
   if (response_info_->ssl_info.cert_status & net::CERT_STATUS_ALL_ERRORS)
     return;
 
   URLRequestContext* ctx = request_->context();
-  if (!ctx || !ctx->force_tls_state())
+  if (!ctx || !ctx->strict_transport_security_state())
     return;
 
-  std::string name = "X-Force-TLS";
+  std::string name = "Strict-Transport-Security";
   std::string value;
 
   void* iter = NULL;
-  while (response_info_->headers->EnumerateHeader(&iter, name, &value))
-    ctx->force_tls_state()->DidReceiveHeader(request_info_.url, value);
+  while (response_info_->headers->EnumerateHeader(&iter, name, &value)) {
+    ctx->strict_transport_security_state()->DidReceiveHeader(
+        request_info_.url, value);
+  }
 }
diff --git a/net/url_request/url_request_http_job.h b/net/url_request/url_request_http_job.h
index 48c155d..a74d398 100644
--- a/net/url_request/url_request_http_job.h
+++ b/net/url_request/url_request_http_job.h
@@ -74,8 +74,8 @@ class URLRequestHttpJob : public URLRequestJob {
   std::string AssembleRequestCookies();
   void FetchResponseCookies();
 
-  // Process the X-Force-TLS header, if one exists.
-  void ProcessForceTLSHeader();
+  // Process the Strict-Transport-Security header, if one exists.
+  void ProcessStrictTransportSecurityHeader();
 
   void OnStartCompleted(int result);
   void OnReadCompleted(int result);