commit | 7b70d593c20676a7b2656684416a1be1f50a167a | [log] [tgz] |
---|---|---|
author | lgarron <lgarron@chromium.org> | Tue May 12 02:05:04 2015 |
committer | Commit bot <commit-bot@chromium.org> | Tue May 12 02:05:15 2015 |
tree | 74533cd9c346b6724ea521976ffab63781c1d1f2 | |
parent | 0d4b2884a58526ee74fb9b060488cd6fc31c50f3 [diff] |
Switch //chrome functions to use SchemeIsCryptographic() instead of SchemeIsSecure(). palmer@ recently introduced SchemeIsCryptographic() and IsOriginSecure(), which are meant to replace SchemeIsSecure(). IsOriginSecure() roughly means "do we trust this content not to be tampered with before it reaches the user?" [1] This is a higher-level definition that corresponds to the new "privileged contexts" spec. [2] SchemeIsCryptographic() [3] is close to the old definition of SchemeIsSecure(), and literally just checks if the scheme is a cryptographic scheme (HTTPS or WSS as of right now). The difference is that SchemeIsCryptographic() will not consider filesystem URLs secure. [1] https://code.google.com/p/chromium/codesearch#chromium/src/content/public/common/origin_util.h&sq=package:chromium&type=cs&l=19&rcl=143099866 [2] https://www.chromium.org/Home/chromium-security/prefer-secure-origins-for-powerful-new-features and https://w3c.github.io/webappsec/specs/powerfulfeatures/ [3] https://code.google.com/p/chromium/codesearch#chromium/src/url/gurl.h&sq=package:chromium&type=cs&l=250&rcl=1430998666 BUG=362214 Review URL: https://codereview.chromium.org/1131493004 Cr-Commit-Position: refs/heads/master@{#329313}