Revert of Block port 443 for all protocols other than HTTPS or WSS. (patchset #7 id:120001 of https://codereview.chromium.org/770343003/)
Reason for revert:
Unfortunately, this fix didn't do enough to mitigate the original problem (it's easy to tell if a site has been visited).
It's also incomplete on its own (i.e. it needs further changes to prevent the HSTS redirect).
See https://crbug.com/436451#c30
Original issue's description:
> Block port 443 for all protocols other than HTTPS or WSS.
>
> This addresses the history leak (on non-preloaded HSTS sites) from https://crbug.com/436451:
>
> "If we ask Chrome to load http://example.com:443, it will definitely fail, because Chrome will make plain-text HTTP request to port 443 of the server. However, if example.com is a Known HSTS Host of Chrome (meaning either the user has visited https://example.com before, or it is on the HSTS preload list), it will send request to https://example.com:443, and the request will succeed. We can use JavaScript to differentiate the two cases, since in the first case, onerror event is triggered, while in the second case, onload event is triggered.
>
> Therefore, a malicious website can include well-chosen cross-domain images and use this trick to brute-force a list of domains that users have visited. Note that the list could only contain HSTS-enabled but not preloaded websites."
>
> BUG=436451
>
> Committed: https://crrev.com/b6cf19c7b9dd536405c3c4f80876411733c9d5a5
> Cr-Commit-Position: refs/heads/master@{#306959}
TBR=davidben@chromium.org,phistuck@gmail.com,mmenke@chromium.org
NOTREECHECKS=true
NOTRY=true
BUG=436451
Review URL: https://codereview.chromium.org/780943003
Cr-Commit-Position: refs/heads/master@{#307340}
4 files changed
