From 92725553228681b9b7a8fd9a9e9f324d32c12018 Mon Sep 17 00:00:00 2001 From: lgarron Date: Mon, 11 May 2015 19:03:15 -0700 Subject: Switch remaining functions from SchemeIsSecure() to SchemeIsCryptographic(). We recently introduced SchemeIsCryptographic() and IsOriginSecure(), which are meant to replace SchemeIsSecure(). IsOriginSecure() roughly means "do we trust this content not to be tampered with before it reaches the user?" [1] This is a higher-level definition that corresponds to the new "privileged contexts" spec. [2] SchemeIsCryptographic() [3] is close to the old definition of SchemeIsSecure(), and literally just checks if the scheme is a cryptographic scheme (HTTPS or WSS as of right now). The difference is that SchemeIsCryptographic() will not consider filesystem URLs secure. IsOriginSecure() should be correct for most Fizz code. [1] https://code.google.com/p/chromium/codesearch#chromium/src/content/public/common/origin_util.h&sq=package:chromium&type=cs&l=19&rcl=143099866 [2] https://www.chromium.org/Home/chromium-security/prefer-secure-origins-for-powerful-new-features and https://w3c.github.io/webappsec/specs/powerfulfeatures/ [3] https://code.google.com/p/chromium/codesearch#chromium/src/url/gurl.h&sq=package:chromium&type=cs&l=250&rcl=1430998666 BUG=362214 Review URL: https://codereview.chromium.org/1136643004 Cr-Commit-Position: refs/heads/master@{#329310} --- third_party/libaddressinput/chromium/chrome_metadata_source.cc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'third_party') diff --git a/third_party/libaddressinput/chromium/chrome_metadata_source.cc b/third_party/libaddressinput/chromium/chrome_metadata_source.cc index 7ef9b29..702ea5c 100644 --- a/third_party/libaddressinput/chromium/chrome_metadata_source.cc +++ b/third_party/libaddressinput/chromium/chrome_metadata_source.cc @@ -88,7 +88,7 @@ ChromeMetadataSource::Request::Request(const std::string& key, void ChromeMetadataSource::Download(const std::string& key, const Callback& downloaded) { GURL resource(validation_data_url_ + key); - if (!resource.SchemeIsSecure()) { + if (!resource.SchemeIsCryptographic()) { downloaded(false, key, NULL); return; } -- cgit v1.1