Treat `http://localhost` as potentially secure during navigation.

We should have removed this code when we landed https://chromium-review.googlesource.com/c/chromium/src/+/598068/. Bug: 691930 Change-Id: I018f284eb3f78ff6b7c0d042c704a84385fb754a Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2002584Reviewed-by: Arthur Sonzogni <arthursonzogni@chromium.org> Commit-Queue: Mike West <mkwst@chromium.org> Cr-Commit-Position: refs/heads/master@{#732772}

Treat `http://localhost` as potentially secure during navigation.
We should have removed this code when we landed https://chromium-review.googlesource.com/c/chromium/src/+/598068/. Bug: 691930 Change-Id: I018f284eb3f78ff6b7c0d042c704a84385fb754a Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2002584Reviewed-by: Arthur Sonzogni <arthursonzogni@chromium.org> Commit-Queue: Mike West <mkwst@chromium.org> Cr-Commit-Position: refs/heads/master@{#732772}
12be943e · Mike West · Commit Bot · c7ce835a · 12be943e · 12be943e
Commit 12be943e authored Jan 17, 2020 by Mike West Committed by Commit Bot Jan 17, 2020
3 changed files
--- a/content/browser/frame_host/mixed_content_navigation_throttle.cc
+++ b/content/browser/frame_host/mixed_content_navigation_throttle.cc
@@ -46,20 +46,9 @@ bool ShouldTreatURLSchemeAsCorsEnabled(const GURL& url) {
 bool IsUrlPotentiallySecure(const GURL& url) {
  // blob: and filesystem: URLs never hit the network, and access is restricted
  // to same-origin contexts, so they are not blocked.
-  bool is_secure = url.SchemeIs(url::kBlobScheme) ||
-                   url.SchemeIs(url::kFileSystemScheme) ||
-                   IsOriginSecure(url) ||
-                   IsPotentiallyTrustworthyOrigin(url::Origin::Create(url));
-
-  // TODO(mkwst): Remove this once the following draft is implemented:
-  // https://tools.ietf.org/html/draft-west-let-localhost-be-localhost-03. See:
-  // https://crbug.com/691930.
-  if (is_secure && url.SchemeIs(url::kHttpScheme) &&
-      net::IsLocalHostname(url.HostNoBracketsPiece(), nullptr)) {
-    is_secure = false;
-  }
-
-  return is_secure;
+  return url.SchemeIs(url::kBlobScheme) ||
+         url.SchemeIs(url::kFileSystemScheme) || IsOriginSecure(url) ||
+         IsPotentiallyTrustworthyOrigin(url::Origin::Create(url));
 }

 // This method should return the same results as

--- a/content/browser/frame_host/mixed_content_navigation_throttle_unittest.cc
+++ b/content/browser/frame_host/mixed_content_navigation_throttle_unittest.cc
@@ -26,21 +26,22 @@ TEST(MixedContentNavigationThrottleTest, IsMixedContent) {
      {"https://example.com/foo", "https://example.com/foo", false},
      {"https://example.com/foo", "wss://example.com/foo", false},
      {"https://example.com/foo", "data:text/html,<p>Hi!</p>", false},
-      {"https://example.com/foo", "http://127.0.0.1/", false},
-      {"https://example.com/foo", "http://[::1]/", false},
      {"https://example.com/foo", "blob:https://example.com/foo", false},
      {"https://example.com/foo", "blob:http://example.com/foo", false},
      {"https://example.com/foo", "blob:null/foo", false},
      {"https://example.com/foo", "filesystem:https://example.com/foo", false},
      {"https://example.com/foo", "filesystem:http://example.com/foo", false},
      {"https://example.com/foo", "filesystem:null/foo", false},
+      {"https://example.com/foo", "http://127.0.0.1/", false},
+      {"https://example.com/foo", "http://[::1]/", false},
+      {"https://example.com/foo", "http://a.localhost/", false},
+      {"https://example.com/foo", "http://localhost/", false},

      {"https://example.com/foo", "http://example.com/foo", true},
      {"https://example.com/foo", "http://google.com/foo", true},
      {"https://example.com/foo", "ws://example.com/foo", true},
      {"https://example.com/foo", "ws://google.com/foo", true},
      {"https://example.com/foo", "http://192.168.1.1/", true},
-      {"https://example.com/foo", "http://localhost/", true},
  };

  for (const auto& test : cases) {

--- a/third_party/blink/renderer/core/loader/mixed_content_checker_test.cc
+++ b/third_party/blink/renderer/core/loader/mixed_content_checker_test.cc
@@ -40,15 +40,15 @@ TEST(MixedContentCheckerTest, IsMixedContent) {
      {"https://example.com/foo", "https://example.com/foo", false},
      {"https://example.com/foo", "wss://example.com/foo", false},
      {"https://example.com/foo", "data:text/html,<p>Hi!</p>", false},
-      {"https://example.com/foo", "http://127.0.0.1/", false},
-      {"https://example.com/foo", "http://[::1]/", false},
      {"https://example.com/foo", "blob:https://example.com/foo", false},
      {"https://example.com/foo", "blob:http://example.com/foo", false},
      {"https://example.com/foo", "blob:null/foo", false},
      {"https://example.com/foo", "filesystem:https://example.com/foo", false},
      {"https://example.com/foo", "filesystem:http://example.com/foo", false},
-      {"https://example.com/foo", "http://localhost/", false},
+      {"https://example.com/foo", "http://127.0.0.1/", false},
+      {"https://example.com/foo", "http://[::1]/", false},
      {"https://example.com/foo", "http://a.localhost/", false},
+      {"https://example.com/foo", "http://localhost/", false},

      {"https://example.com/foo", "http://example.com/foo", true},
      {"https://example.com/foo", "http://google.com/foo", true},