commit c3efc57462238dc0a5de6e7857f6af6e4459ce6f
author lgarron <lgarron@chromium.org> Tue May 12 03:49:36 2015
committer Commit bot <commit-bot@chromium.org> Tue May 12 03:49:55 2015
tree a97203e341ee71ec5f88fac50469de93873625c3
parent 4872ba41d2be74386a21897636c7d64a698cc97b

Switch //chrome/browser code to use IsOriginSecure() instead of SchemeIsSecure().

We recently introduced SchemeIsCryptographic() and IsOriginSecure(),
which are meant to replace SchemeIsSecure().

IsOriginSecure() roughly means "do we trust this content not to be
tampered with before it reaches the user?" [1] This is a higher-level
definition that corresponds to the new "privileged contexts" spec. [2]

SchemeIsCryptographic() [3] is close to the old definition of
SchemeIsSecure(), and literally just checks if the scheme is a
cryptographic scheme (HTTPS or WSS as of right now). The difference is
that SchemeIsCryptographic() will not consider filesystem URLs secure.

[1] https://code.google.com/p/chromium/codesearch#chromium/src/content/public/common/origin_util.h&sq=package:chromium&type=cs&l=19&rcl=143099866
[2] https://www.chromium.org/Home/chromium-security/prefer-secure-origins-for-powerful-new-features and https://w3c.github.io/webappsec/specs/powerfulfeatures/
[3] https://code.google.com/p/chromium/codesearch#chromium/src/url/gurl.h&sq=package:chromium&type=cs&l=250&rcl=1430998666

BUG=362214

Review URL: https://codereview.chromium.org/1131993005

Cr-Commit-Position: refs/heads/master@{#329344}