Rename X-Force-TLS to Strict-Transport-Security.

Also, remove StrictTransportSecurity code from SSLPolicy because that code
doesn't work.

R=agl

Review URL: http://codereview.chromium.org/198035

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@25577 0039d316-1c4b-4281-b951-d872f2087c98

7 files changed, 101 insertions, 94 deletions

diff --git a/net/base/force_tls_state.cc b/net/base/strict_transport_security_state.cc
index eca45a7..58f9f25 100644
--- a/net/base/force_tls_state.cc
+++ b/net/base/strict_transport_security_state.cc
@@ -2,7 +2,7 @@
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
-#include "net/base/force_tls_state.h"
+#include "net/base/strict_transport_security_state.h"
 
 #include "base/json_reader.h"
 #include "base/json_writer.h"
@@ -16,12 +16,12 @@
 
 namespace net {
 
-ForceTLSState::ForceTLSState()
+StrictTransportSecurityState::StrictTransportSecurityState()
     : delegate_(NULL) {
 }
 
-void ForceTLSState::DidReceiveHeader(const GURL& url,
-                                     const std::string& value) {
+void StrictTransportSecurityState::DidReceiveHeader(const GURL& url,
+                                                    const std::string& value) {
   int max_age;
   bool include_subdomains;
 
@@ -35,8 +35,9 @@ void ForceTLSState::DidReceiveHeader(const GURL& url,
   EnableHost(url.host(), expiry, include_subdomains);
 }
 
-void ForceTLSState::EnableHost(const std::string& host, base::Time expiry,
-                               bool include_subdomains) {
+void StrictTransportSecurityState::EnableHost(const std::string& host,
+                                         base::Time expiry,
+                                         bool include_subdomains) {
   // TODO(abarth): Canonicalize host.
   AutoLock lock(lock_);
 
@@ -45,7 +46,7 @@ void ForceTLSState::EnableHost(const std::string& host, base::Time expiry,
   DirtyNotify();
 }
 
-bool ForceTLSState::IsEnabledForHost(const std::string& host) {
+bool StrictTransportSecurityState::IsEnabledForHost(const std::string& host) {
   // TODO(abarth): Canonicalize host.
   // TODO: check for subdomains too.
 
@@ -66,9 +67,9 @@ bool ForceTLSState::IsEnabledForHost(const std::string& host) {
 
 // "X-Force-TLS" ":" "max-age" "=" delta-seconds *1INCLUDESUBDOMAINS
 // INCLUDESUBDOMAINS = [ " includeSubDomains" ]
-bool ForceTLSState::ParseHeader(const std::string& value,
-                                int* max_age,
-                                bool* include_subdomains) {
+bool StrictTransportSecurityState::ParseHeader(const std::string& value,
+                                               int* max_age,
+                                               bool* include_subdomains) {
   DCHECK(max_age);
   DCHECK(include_subdomains);
 
@@ -161,13 +162,14 @@ bool ForceTLSState::ParseHeader(const std::string& value,
   }
 }
 
-void ForceTLSState::SetDelegate(ForceTLSState::Delegate* delegate) {
+void StrictTransportSecurityState::SetDelegate(
+    StrictTransportSecurityState::Delegate* delegate) {
   AutoLock lock(lock_);
 
   delegate_ = delegate;
 }
 
-bool ForceTLSState::Serialise(std::string* output) {
+bool StrictTransportSecurityState::Serialise(std::string* output) {
   AutoLock lock(lock_);
 
   DictionaryValue toplevel;
@@ -184,7 +186,7 @@ bool ForceTLSState::Serialise(std::string* output) {
   return true;
 }
 
-bool ForceTLSState::Deserialise(const std::string& input) {
+bool StrictTransportSecurityState::Deserialise(const std::string& input) {
   AutoLock lock(lock_);
 
   enabled_hosts_.clear();
@@ -223,7 +225,7 @@ bool ForceTLSState::Deserialise(const std::string& input) {
   return enabled_hosts_.size() > 0;
 }
 
-void ForceTLSState::DirtyNotify() {
+void StrictTransportSecurityState::DirtyNotify() {
   if (delegate_)
     delegate_->StateIsDirty(this);
 }
diff --git a/net/base/force_tls_state.h b/net/base/strict_transport_security_state.h
index 068d73c..b41be1e 100644
--- a/net/base/force_tls_state.h
+++ b/net/base/strict_transport_security_state.h
@@ -2,8 +2,8 @@
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
-#ifndef NET_BASE_FORCE_TLS_STATE_H_
-#define NET_BASE_FORCE_TLS_STATE_H_
+#ifndef NET_BASE_STRICT_TRANSPORT_SECURITY_STATE_H_
+#define NET_BASE_STRICT_TRANSPORT_SECURITY_STATE_H_
 
 #include <map>
 #include <string>
@@ -17,25 +17,27 @@ class GURL;
 
 namespace net {
 
-// ForceTLSState
+// StrictTransportSecurityState
 //
-// Tracks which hosts have enabled ForceTLS.  After a host enables ForceTLS,
-// then we refuse to talk to the host over HTTP, treat all certificate errors as
-// fatal, and refuse to load any mixed content.
+// Tracks which hosts have enabled StrictTransportSecurityState.  After a host
+// enables StrictTransportSecurityState, then we refuse to talk to the host
+// over HTTP, treat all certificate errors as fatal, and refuse to load any
+// mixed content.
 //
-class ForceTLSState : public base::RefCountedThreadSafe<ForceTLSState> {
+class StrictTransportSecurityState :
+    public base::RefCountedThreadSafe<StrictTransportSecurityState> {
  public:
-  ForceTLSState();
+  StrictTransportSecurityState();
 
   // Called when we see an X-Force-TLS header that we should process.  Modifies
   // our state as instructed by the header.
   void DidReceiveHeader(const GURL& url, const std::string& value);
 
-  // Enable ForceTLS for |host|.
+  // Enable StrictTransportSecurity for |host|.
   void EnableHost(const std::string& host, base::Time expiry,
                   bool include_subdomains);
 
-  // Returns whether |host| has had ForceTLS enabled.
+  // Returns whether |host| has had StrictTransportSecurity enabled.
   bool IsEnabledForHost(const std::string& host);
 
   // Returns |true| if |value| parses as a valid X-Force-TLS header value.
@@ -54,8 +56,8 @@ class ForceTLSState : public base::RefCountedThreadSafe<ForceTLSState> {
   class Delegate {
    public:
     // This function may not block and may be called with internal locks held.
-    // Thus it must not reenter the ForceTLSState object.
-    virtual void StateIsDirty(ForceTLSState* state) = 0;
+    // Thus it must not reenter the StrictTransportSecurityState object.
+    virtual void StateIsDirty(StrictTransportSecurityState* state) = 0;
   };
 
   void SetDelegate(Delegate*);
@@ -68,7 +70,7 @@ class ForceTLSState : public base::RefCountedThreadSafe<ForceTLSState> {
   // our state is dirty.
   void DirtyNotify();
 
-  // The set of hosts that have enabled ForceTLS.
+  // The set of hosts that have enabled StrictTransportSecurity.
   std::map<std::string, State> enabled_hosts_;
 
   // Protect access to our data members with this lock.
@@ -77,9 +79,9 @@ class ForceTLSState : public base::RefCountedThreadSafe<ForceTLSState> {
   // Our delegate who gets notified when we are dirtied, or NULL.
   Delegate* delegate_;
 
-  DISALLOW_COPY_AND_ASSIGN(ForceTLSState);
+  DISALLOW_COPY_AND_ASSIGN(StrictTransportSecurityState);
 };
 
 }  // namespace net
 
-#endif  // NET_BASE_FORCE_TLS_STATE_H_
+#endif  // NET_BASE_STRICT_TRANSPORT_SECURITY_STATE_H_
diff --git a/net/base/force_tls_state_unittest.cc b/net/base/strict_transport_security_state_unittest.cc
index c1f12c1..34ef7ae 100644
--- a/net/base/force_tls_state_unittest.cc
+++ b/net/base/strict_transport_security_state_unittest.cc
@@ -2,117 +2,117 @@
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
-#include "net/base/force_tls_state.h"
+#include "net/base/strict_transport_security_state.h"
 #include "testing/gtest/include/gtest/gtest.h"
 
 namespace {
 
-class ForceTLSStateTest : public testing::Test {
+class StrictTransportSecurityStateTest : public testing::Test {
 };
 
-TEST_F(ForceTLSStateTest, BogusHeaders) {
+TEST_F(StrictTransportSecurityStateTest, BogusHeaders) {
   int max_age = 42;
   bool include_subdomains = false;
 
-  EXPECT_FALSE(net::ForceTLSState::ParseHeader(
+  EXPECT_FALSE(net::StrictTransportSecurityState::ParseHeader(
       "", &max_age, &include_subdomains));
-  EXPECT_FALSE(net::ForceTLSState::ParseHeader(
+  EXPECT_FALSE(net::StrictTransportSecurityState::ParseHeader(
       "    ", &max_age, &include_subdomains));
-  EXPECT_FALSE(net::ForceTLSState::ParseHeader(
+  EXPECT_FALSE(net::StrictTransportSecurityState::ParseHeader(
       "abc", &max_age, &include_subdomains));
-  EXPECT_FALSE(net::ForceTLSState::ParseHeader(
+  EXPECT_FALSE(net::StrictTransportSecurityState::ParseHeader(
       "  abc", &max_age, &include_subdomains));
-  EXPECT_FALSE(net::ForceTLSState::ParseHeader(
+  EXPECT_FALSE(net::StrictTransportSecurityState::ParseHeader(
       "  abc   ", &max_age, &include_subdomains));
-  EXPECT_FALSE(net::ForceTLSState::ParseHeader(
+  EXPECT_FALSE(net::StrictTransportSecurityState::ParseHeader(
       "max-age", &max_age, &include_subdomains));
-  EXPECT_FALSE(net::ForceTLSState::ParseHeader(
+  EXPECT_FALSE(net::StrictTransportSecurityState::ParseHeader(
       "  max-age", &max_age, &include_subdomains));
-  EXPECT_FALSE(net::ForceTLSState::ParseHeader(
+  EXPECT_FALSE(net::StrictTransportSecurityState::ParseHeader(
       "  max-age  ", &max_age, &include_subdomains));
-  EXPECT_FALSE(net::ForceTLSState::ParseHeader(
+  EXPECT_FALSE(net::StrictTransportSecurityState::ParseHeader(
       "max-age=", &max_age, &include_subdomains));
-  EXPECT_FALSE(net::ForceTLSState::ParseHeader(
+  EXPECT_FALSE(net::StrictTransportSecurityState::ParseHeader(
       "   max-age=", &max_age, &include_subdomains));
-  EXPECT_FALSE(net::ForceTLSState::ParseHeader(
+  EXPECT_FALSE(net::StrictTransportSecurityState::ParseHeader(
       "   max-age  =", &max_age, &include_subdomains));
-  EXPECT_FALSE(net::ForceTLSState::ParseHeader(
+  EXPECT_FALSE(net::StrictTransportSecurityState::ParseHeader(
       "   max-age=   ", &max_age, &include_subdomains));
-  EXPECT_FALSE(net::ForceTLSState::ParseHeader(
+  EXPECT_FALSE(net::StrictTransportSecurityState::ParseHeader(
       "   max-age  =     ", &max_age, &include_subdomains));
-  EXPECT_FALSE(net::ForceTLSState::ParseHeader(
+  EXPECT_FALSE(net::StrictTransportSecurityState::ParseHeader(
       "   max-age  =     xy", &max_age, &include_subdomains));
-  EXPECT_FALSE(net::ForceTLSState::ParseHeader(
+  EXPECT_FALSE(net::StrictTransportSecurityState::ParseHeader(
       "   max-age  =     3488a923", &max_age, &include_subdomains));
-  EXPECT_FALSE(net::ForceTLSState::ParseHeader(
+  EXPECT_FALSE(net::StrictTransportSecurityState::ParseHeader(
       "max-age=3488a923  ", &max_age, &include_subdomains));
-  EXPECT_FALSE(net::ForceTLSState::ParseHeader(
+  EXPECT_FALSE(net::StrictTransportSecurityState::ParseHeader(
       "max-ag=3488923", &max_age, &include_subdomains));
-  EXPECT_FALSE(net::ForceTLSState::ParseHeader(
+  EXPECT_FALSE(net::StrictTransportSecurityState::ParseHeader(
       "max-aged=3488923", &max_age, &include_subdomains));
-  EXPECT_FALSE(net::ForceTLSState::ParseHeader(
+  EXPECT_FALSE(net::StrictTransportSecurityState::ParseHeader(
       "max-age==3488923", &max_age, &include_subdomains));
-  EXPECT_FALSE(net::ForceTLSState::ParseHeader(
+  EXPECT_FALSE(net::StrictTransportSecurityState::ParseHeader(
       "amax-age=3488923", &max_age, &include_subdomains));
-  EXPECT_FALSE(net::ForceTLSState::ParseHeader(
+  EXPECT_FALSE(net::StrictTransportSecurityState::ParseHeader(
       "max-age=-3488923", &max_age, &include_subdomains));
-  EXPECT_FALSE(net::ForceTLSState::ParseHeader(
+  EXPECT_FALSE(net::StrictTransportSecurityState::ParseHeader(
       "max-age=3488923;", &max_age, &include_subdomains));
-  EXPECT_FALSE(net::ForceTLSState::ParseHeader(
+  EXPECT_FALSE(net::StrictTransportSecurityState::ParseHeader(
       "max-age=3488923     e", &max_age, &include_subdomains));
-  EXPECT_FALSE(net::ForceTLSState::ParseHeader(
+  EXPECT_FALSE(net::StrictTransportSecurityState::ParseHeader(
       "max-age=3488923     includesubdomain", &max_age, &include_subdomains));
-  EXPECT_FALSE(net::ForceTLSState::ParseHeader(
+  EXPECT_FALSE(net::StrictTransportSecurityState::ParseHeader(
       "max-age=3488923includesubdomains", &max_age, &include_subdomains));
-  EXPECT_FALSE(net::ForceTLSState::ParseHeader(
+  EXPECT_FALSE(net::StrictTransportSecurityState::ParseHeader(
       "max-age=3488923=includesubdomains", &max_age, &include_subdomains));
-  EXPECT_FALSE(net::ForceTLSState::ParseHeader(
+  EXPECT_FALSE(net::StrictTransportSecurityState::ParseHeader(
       "max-age=3488923 includesubdomainx", &max_age, &include_subdomains));
-  EXPECT_FALSE(net::ForceTLSState::ParseHeader(
+  EXPECT_FALSE(net::StrictTransportSecurityState::ParseHeader(
       "max-age=3488923 includesubdomain=", &max_age, &include_subdomains));
-  EXPECT_FALSE(net::ForceTLSState::ParseHeader(
+  EXPECT_FALSE(net::StrictTransportSecurityState::ParseHeader(
       "max-age=3488923 includesubdomain=true", &max_age, &include_subdomains));
-  EXPECT_FALSE(net::ForceTLSState::ParseHeader(
+  EXPECT_FALSE(net::StrictTransportSecurityState::ParseHeader(
       "max-age=3488923 includesubdomainsx", &max_age, &include_subdomains));
-  EXPECT_FALSE(net::ForceTLSState::ParseHeader(
+  EXPECT_FALSE(net::StrictTransportSecurityState::ParseHeader(
       "max-age=3488923 includesubdomains x", &max_age, &include_subdomains));
-  EXPECT_FALSE(net::ForceTLSState::ParseHeader(
+  EXPECT_FALSE(net::StrictTransportSecurityState::ParseHeader(
       "max-age=34889.23 includesubdomains", &max_age, &include_subdomains));
 
   EXPECT_EQ(max_age, 42);
   EXPECT_FALSE(include_subdomains);
 }
 
-TEST_F(ForceTLSStateTest, ValidHeaders) {
+TEST_F(StrictTransportSecurityStateTest, ValidHeaders) {
   int max_age = 42;
   bool include_subdomains = true;
 
-  EXPECT_TRUE(net::ForceTLSState::ParseHeader(
+  EXPECT_TRUE(net::StrictTransportSecurityState::ParseHeader(
       "max-age=243", &max_age, &include_subdomains));
   EXPECT_EQ(max_age, 243);
   EXPECT_FALSE(include_subdomains);
 
-  EXPECT_TRUE(net::ForceTLSState::ParseHeader(
+  EXPECT_TRUE(net::StrictTransportSecurityState::ParseHeader(
       "  Max-agE    = 567", &max_age, &include_subdomains));
   EXPECT_EQ(max_age, 567);
   EXPECT_FALSE(include_subdomains);
 
-  EXPECT_TRUE(net::ForceTLSState::ParseHeader(
+  EXPECT_TRUE(net::StrictTransportSecurityState::ParseHeader(
       "  mAx-aGe    = 890      ", &max_age, &include_subdomains));
   EXPECT_EQ(max_age, 890);
   EXPECT_FALSE(include_subdomains);
 
-  EXPECT_TRUE(net::ForceTLSState::ParseHeader(
+  EXPECT_TRUE(net::StrictTransportSecurityState::ParseHeader(
       "max-age=123 incLudesUbdOmains", &max_age, &include_subdomains));
   EXPECT_EQ(max_age, 123);
   EXPECT_TRUE(include_subdomains);
 
-  EXPECT_TRUE(net::ForceTLSState::ParseHeader(
+  EXPECT_TRUE(net::StrictTransportSecurityState::ParseHeader(
       "max-age=394082038    incLudesUbdOmains", &max_age, &include_subdomains));
   EXPECT_EQ(max_age, 394082038);
   EXPECT_TRUE(include_subdomains);
 
-  EXPECT_TRUE(net::ForceTLSState::ParseHeader(
+  EXPECT_TRUE(net::StrictTransportSecurityState::ParseHeader(
       "  max-age=0    incLudesUbdOmains   ", &max_age, &include_subdomains));
   EXPECT_EQ(max_age, 0);
   EXPECT_TRUE(include_subdomains);
diff --git a/net/net.gyp b/net/net.gyp
index e8c3a063..fb48e11 100644
--- a/net/net.gyp
+++ b/net/net.gyp
@@ -63,8 +63,6 @@
         'base/file_stream_win.cc',
         'base/filter.cc',
         'base/filter.h',
-        'base/force_tls_state.cc',
-        'base/force_tls_state.h',
         'base/gzip_filter.cc',
         'base/gzip_filter.h',
         'base/gzip_header.cc',
@@ -127,6 +125,8 @@
         'base/ssl_config_service_win.cc',
         'base/ssl_config_service_win.h',
         'base/ssl_info.h',
+        'base/strict_transport_security_state.cc',
+        'base/strict_transport_security_state.h',
         'base/telnet_server.cc',
         'base/telnet_server.h',
         'base/test_completion_callback.h',
@@ -454,7 +454,6 @@
         'base/file_stream_unittest.cc',
         'base/filter_unittest.cc',
         'base/filter_unittest.h',
-        'base/force_tls_state_unittest.cc',
         'base/gzip_filter_unittest.cc',
         'base/host_cache_unittest.cc',
         'base/host_resolver_impl_unittest.cc',
@@ -471,6 +470,7 @@
         'base/sdch_filter_unittest.cc',
         'base/ssl_client_auth_cache_unittest.cc',
         'base/ssl_config_service_win_unittest.cc',
+        'base/strict_transport_security_state_unittest.cc',
         'base/telnet_server_unittest.cc',
         'base/test_completion_callback_unittest.cc',
         'base/wininet_util_unittest.cc',
diff --git a/net/url_request/url_request_context.h b/net/url_request/url_request_context.h
index 1c9d1c8..5f852e7 100644
--- a/net/url_request/url_request_context.h
+++ b/net/url_request/url_request_context.h
@@ -20,7 +20,7 @@
 #include "net/proxy/proxy_service.h"
 
 namespace net {
-class ForceTLSState;
+class StrictTransportSecurityState;
 class FtpTransactionFactory;
 class HttpTransactionFactory;
 }
@@ -34,7 +34,7 @@ class URLRequestContext :
       : http_transaction_factory_(NULL),
         ftp_transaction_factory_(NULL),
         cookie_store_(NULL),
-        force_tls_state_(NULL) {
+        strict_transport_security_state_(NULL) {
   }
 
   net::HostResolver* host_resolver() const {
@@ -67,7 +67,8 @@ class URLRequestContext :
   // Gets the cookie policy for this context.
   net::CookiePolicy* cookie_policy() { return &cookie_policy_; }
 
-  net::ForceTLSState* force_tls_state() { return force_tls_state_; }
+  net::StrictTransportSecurityState* strict_transport_security_state() {
+      return strict_transport_security_state_; }
 
   // Gets the FTP authentication cache for this context.
   net::FtpAuthCache* ftp_auth_cache() { return &ftp_auth_cache_; }
@@ -119,7 +120,7 @@ class URLRequestContext :
   net::FtpTransactionFactory* ftp_transaction_factory_;
   scoped_refptr<net::CookieStore> cookie_store_;
   net::CookiePolicy cookie_policy_;
-  net::ForceTLSState* force_tls_state_;;
+  net::StrictTransportSecurityState* strict_transport_security_state_;
   net::FtpAuthCache ftp_auth_cache_;
   std::string accept_language_;
   std::string accept_charset_;
diff --git a/net/url_request/url_request_http_job.cc b/net/url_request/url_request_http_job.cc
index bd33720..71eee28 100644
--- a/net/url_request/url_request_http_job.cc
+++ b/net/url_request/url_request_http_job.cc
@@ -14,7 +14,7 @@
 #include "base/string_util.h"
 #include "net/base/cert_status_flags.h"
 #include "net/base/filter.h"
-#include "net/base/force_tls_state.h"
+#include "net/base/strict_transport_security_state.h"
 #include "net/base/load_flags.h"
 #include "net/base/net_errors.h"
 #include "net/base/net_util.h"
@@ -55,8 +55,8 @@ URLRequestJob* URLRequestHttpJob::Factory(URLRequest* request,
   static const bool kForceHTTPS =
       CommandLine::ForCurrentProcess()->HasSwitch(switches::kForceHTTPS);
   if (kForceHTTPS && scheme == "http" &&
-      request->context()->force_tls_state() &&
-      request->context()->force_tls_state()->IsEnabledForHost(
+      request->context()->strict_transport_security_state() &&
+      request->context()->strict_transport_security_state()->IsEnabledForHost(
           request->url().host())) {
     DCHECK_EQ(request->url().scheme(), "http");
     url_canon::Replacements<char> replacements;
@@ -536,11 +536,11 @@ bool URLRequestHttpJob::ShouldTreatAsCertificateError(int result) {
   if (!CommandLine::ForCurrentProcess()->HasSwitch(switches::kForceHTTPS))
     return true;
 
-  // Check whether our context is using ForceTLS.
-  if (!context_->force_tls_state())
+  // Check whether our context is using Strict-Transport-Security.
+  if (!context_->strict_transport_security_state())
     return true;
 
-  return !context_->force_tls_state()->IsEnabledForHost(
+  return !context_->strict_transport_security_state()->IsEnabledForHost(
       request_info_.url.host());
 }
 
@@ -568,7 +568,7 @@ void URLRequestHttpJob::NotifyHeadersComplete() {
     }
   }
 
-  ProcessForceTLSHeader();
+  ProcessStrictTransportSecurityHeader();
 
   if (SdchManager::Global() &&
       SdchManager::Global()->IsInSupportedDomain(request_->url())) {
@@ -741,29 +741,31 @@ void URLRequestHttpJob::FetchResponseCookies() {
 }
 
 
-void URLRequestHttpJob::ProcessForceTLSHeader() {
+void URLRequestHttpJob::ProcessStrictTransportSecurityHeader() {
   DCHECK(response_info_);
 
   // Hide processing behind a command line flag.
   if (!CommandLine::ForCurrentProcess()->HasSwitch(switches::kForceHTTPS))
     return;
 
-  // Only process X-Force-TLS from HTTPS responses.
+  // Only process Strict-Transport-Security from HTTPS responses.
   if (request_info_.url.scheme() != "https")
     return;
 
-  // Only process X-Force-TLS from responses with valid certificates.
+  // Only process Strict-Transport-Security from responses with valid certificates.
   if (response_info_->ssl_info.cert_status & net::CERT_STATUS_ALL_ERRORS)
     return;
 
   URLRequestContext* ctx = request_->context();
-  if (!ctx || !ctx->force_tls_state())
+  if (!ctx || !ctx->strict_transport_security_state())
     return;
 
-  std::string name = "X-Force-TLS";
+  std::string name = "Strict-Transport-Security";
   std::string value;
 
   void* iter = NULL;
-  while (response_info_->headers->EnumerateHeader(&iter, name, &value))
-    ctx->force_tls_state()->DidReceiveHeader(request_info_.url, value);
+  while (response_info_->headers->EnumerateHeader(&iter, name, &value)) {
+    ctx->strict_transport_security_state()->DidReceiveHeader(
+        request_info_.url, value);
+  }
 }
diff --git a/net/url_request/url_request_http_job.h b/net/url_request/url_request_http_job.h
index 48c155d..a74d398 100644
--- a/net/url_request/url_request_http_job.h
+++ b/net/url_request/url_request_http_job.h
@@ -74,8 +74,8 @@ class URLRequestHttpJob : public URLRequestJob {
   std::string AssembleRequestCookies();
   void FetchResponseCookies();
 
-  // Process the X-Force-TLS header, if one exists.
-  void ProcessForceTLSHeader();
+  // Process the Strict-Transport-Security header, if one exists.
+  void ProcessStrictTransportSecurityHeader();
 
   void OnStartCompleted(int result);
   void OnReadCompleted(int result);