Preload HSTS for the .foo gTLD.

This CL also adds unit tests for .foo preloading and updates two tests
that were using http://foo as a test URL.

There are still other places in the code that use http[s]://foo as a test
domain. If this change causes issues for them down the line, they should be
changed to use foo.test or another domain under a test TLD:
https://tools.ietf.org/html/rfc2606#section-2

BUG=b/65158868 (Google-internal)

Change-Id: I8005a3767677e819b8df898ccc073cf1db523d60
Reviewed-on: https://chromium-review.googlesource.com/669396Reviewed-by: Chris Bentzel <cbentzel@chromium.org>
Reviewed-by: Matt Menke <mmenke@chromium.org>
Reviewed-by: Tarun Bansal <tbansal@chromium.org>
Reviewed-by: Lucas Garron <lgarron@chromium.org>
Commit-Queue: Lucas Garron <lgarron@chromium.org>
Cr-Commit-Position: refs/heads/master@{#502948}

chrome/browser/io_thread_browsertest.cc

@@ -189,7 +189,7 @@ class IOThreadBrowserTestWithPacFileURL : public IOThreadBrowserTest {
 IN_PROC_BROWSER_TEST_F(IOThreadBrowserTestWithPacFileURL, FilePac) {
   TestURLFetcherDelegate fetcher_delegate;
   std::unique_ptr<net::URLFetcher> fetcher =
-      net::URLFetcher::Create(GURL("http://foo:12345/echoheader?Foo"),
+      net::URLFetcher::Create(GURL("http://foo.test:12345/echoheader?Foo"),
                               net::URLFetcher::GET, &fetcher_delegate);
   fetcher->AddExtraRequestHeader("Foo: Bar");
   fetcher->SetRequestContext(

components/data_reduction_proxy/core/browser/data_reduction_proxy_interceptor_unittest.cc

@@ -173,9 +173,9 @@ TEST_F(DataReductionProxyInterceptorTest, MAYBE_TestJobFactoryChaining) {
   Init(std::move(factory1));
 
   net::TestDelegate d;
-  std::unique_ptr<net::URLRequest> req(
-      default_context_->CreateRequest(GURL("http://foo"), net::DEFAULT_PRIORITY,
-                                      &d, TRAFFIC_ANNOTATION_FOR_TESTS));
+  std::unique_ptr<net::URLRequest> req(default_context_->CreateRequest(
+      GURL("http://foo.test"), net::DEFAULT_PRIORITY, &d,
+      TRAFFIC_ANNOTATION_FOR_TESTS));
 
   req->Start();
   base::RunLoop().Run();

net/http/transport_security_state_static.json

@@ -248,6 +248,7 @@
     // but other gTLDs and eTLDs are welcome to preload if they are interested.
     { "name": "google", "include_subdomains": true, "mode": "force-https", "pins": "google" },
     { "name": "dev", "include_subdomains": true, "mode": "force-https" },
+    { "name": "foo", "include_subdomains": true, "mode": "force-https" },
 
     // Google domains using Expect-CT.
     { "name": "mail.google.com", "include_subdomains": true, "mode": "force-https", "pins": "google", "expect_ct": true, "expect_ct_report_uri": "https://clients3.google.com/ct_upload" },

net/http/transport_security_state_unittest.cc

@@ -917,6 +917,7 @@ TEST_F(TransportSecurityStateTest, IsPreloaded) {
   const std::string aypal = "aypal.com";
   const std::string google = "google";
   const std::string www_google = "www.google";
+  const std::string foo = "foo";
 
   TransportSecurityState state;
   TransportSecurityState::STSState sts_state;
@@ -927,6 +928,7 @@ TEST_F(TransportSecurityStateTest, IsPreloaded) {
   EXPECT_FALSE(sts_state.include_subdomains);
   EXPECT_TRUE(GetStaticDomainState(&state, google, &sts_state, &pkp_state));
   EXPECT_TRUE(GetStaticDomainState(&state, www_google, &sts_state, &pkp_state));
+  EXPECT_TRUE(GetStaticDomainState(&state, foo, &sts_state, &pkp_state));
   EXPECT_FALSE(
       GetStaticDomainState(&state, a_www_paypal, &sts_state, &pkp_state));
   EXPECT_FALSE(
@@ -1033,6 +1035,8 @@ TEST_F(TransportSecurityStateTest, Preloaded) {
   EXPECT_TRUE(StaticShouldRedirect("ssl.google-analytics.com"));
   EXPECT_TRUE(StaticShouldRedirect("google"));
   EXPECT_TRUE(StaticShouldRedirect("foo.google"));
+  EXPECT_TRUE(StaticShouldRedirect("foo"));
+  EXPECT_TRUE(StaticShouldRedirect("domaintest.foo"));
   EXPECT_TRUE(StaticShouldRedirect("gmail.com"));
   EXPECT_TRUE(StaticShouldRedirect("www.gmail.com"));
   EXPECT_TRUE(StaticShouldRedirect("googlemail.com"));