Enable mixed form warnings by default in code

Enable AutofillPreventMixedFormsFilling and InsecureFormSubmissionInterstitial in preparation for 100% launch. Bug: 1105210 Change-Id: Id6d4325ee8d0fb27f109b45d3654c56e5d653688 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2583141 Commit-Queue: Dominic Battré <battre@chromium.org> Auto-Submit: Carlos IL <carlosil@chromium.org> Reviewed-by: Dominic Battré <battre@chromium.org> Reviewed-by: Emily Stark <estark@chromium.org> Cr-Commit-Position: refs/heads/master@{#836057}

Enable mixed form warnings by default in code
Enable AutofillPreventMixedFormsFilling and InsecureFormSubmissionInterstitial in preparation for 100% launch. Bug: 1105210 Change-Id: Id6d4325ee8d0fb27f109b45d3654c56e5d653688 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2583141 Commit-Queue: Dominic Battré <battre@chromium.org> Auto-Submit: Carlos IL <carlosil@chromium.org> Reviewed-by: Dominic Battré <battre@chromium.org> Reviewed-by: Emily Stark <estark@chromium.org> Cr-Commit-Position: refs/heads/master@{#836057}
27a7fe02 · Carlos IL · Chromium LUCI CQ · dc8b3fc1 · 27a7fe02 · 27a7fe02
Commit 27a7fe02 authored Dec 11, 2020 by Carlos IL Committed by Chromium LUCI CQ Dec 11, 2020
5 changed files
--- a/components/autofill/core/browser/autofill_manager_unittest.cc
+++ b/components/autofill/core/browser/autofill_manager_unittest.cc
--- a/components/autofill/core/browser/autofill_metrics_unittest.cc
+++ b/components/autofill/core/browser/autofill_metrics_unittest.cc
@@ -66,6 +66,7 @@
 #include "testing/gtest/include/gtest/gtest.h"
 #include "ui/gfx/geometry/rect.h"
 #include "url/gurl.h"
+#include "url/url_canon.h"

 #if !defined(OS_IOS)
 #include "components/autofill/core/browser/payments/test_credit_card_fido_authenticator.h"
@@ -3962,8 +3963,8 @@ TEST_F(AutofillMetricsTest, AddressSuggestionsCount) {
  FormData form;
  form.unique_renderer_id = MakeFormRendererId();
  form.name = ASCIIToUTF16("TestForm");
-  form.url = GURL("http://example.com/form.html");
-  form.action = GURL("http://example.com/submit.html");
+  form.url = GURL("https://example.com/form.html");
+  form.action = GURL("https://example.com/submit.html");
  form.main_frame_origin = url::Origin::Create(autofill_client_.form_origin());

  FormFieldData field;
@@ -4035,8 +4036,8 @@ TEST_F(AutofillMetricsTest, CompanyNameSuggestions) {
  FormData form;
  form.unique_renderer_id = MakeFormRendererId();
  form.name = ASCIIToUTF16("TestForm");
-  form.url = GURL("http://example.com/form.html");
-  form.action = GURL("http://example.com/submit.html");
+  form.url = GURL("https://example.com/form.html");
+  form.action = GURL("https://example.com/submit.html");
  form.main_frame_origin = url::Origin::Create(autofill_client_.form_origin());

  FormFieldData field;
@@ -4076,8 +4077,8 @@ TEST_F(AutofillMetricsTest, CreditCardCheckoutFlowUserActions) {
  FormData form;
  form.unique_renderer_id = MakeFormRendererId();
  form.name = ASCIIToUTF16("TestForm");
-  form.url = GURL("http://example.com/form.html");
-  form.action = GURL("http://example.com/submit.html");
+  form.url = GURL("https://example.com/form.html");
+  form.action = GURL("https://example.com/submit.html");
  form.main_frame_origin = url::Origin::Create(autofill_client_.form_origin());

  FormFieldData field;
@@ -4294,8 +4295,8 @@ TEST_F(AutofillMetricsTest, ProfileCheckoutFlowUserActions) {
  FormData form;
  form.unique_renderer_id = MakeFormRendererId();
  form.name = ASCIIToUTF16("TestForm");
-  form.url = GURL("http://example.com/form.html");
-  form.action = GURL("http://example.com/submit.html");
+  form.url = GURL("https://example.com/form.html");
+  form.action = GURL("https://example.com/submit.html");
  form.main_frame_origin = url::Origin::Create(autofill_client_.form_origin());

  FormFieldData field;
@@ -4518,6 +4519,15 @@ TEST_F(AutofillMetricsTest, QueriedCreditCardFormIsSecure) {
    form.unique_renderer_id = MakeFormRendererId();
    form.url = GURL("http://example.com/form.html");
    form.action = GURL("http://example.com/submit.html");
+    // In order to test that the QueriedCreditCardFormIsSecure is logged as
+    // false, we need to set the main frame origin, otherwise this fill is
+    // skipped due to the form being detected as mixed content.
+    GURL client_form_origin = autofill_client_.form_origin();
+    GURL::Replacements replacements;
+    replacements.SetScheme(url::kHttpScheme,
+                           url::Component(0, strlen(url::kHttpScheme)));
+    autofill_client_.set_form_origin(
+        client_form_origin.ReplaceComponents(replacements));
    form.main_frame_origin =
        url::Origin::Create(autofill_client_.form_origin());
    autofill_manager_->AddSeenForm(form, field_types, field_types);
@@ -4530,6 +4540,8 @@ TEST_F(AutofillMetricsTest, QueriedCreditCardFormIsSecure) {
        /*autoselect_first_suggestion=*/false);
    histogram_tester.ExpectUniqueSample(
        "Autofill.QueriedCreditCardFormIsSecure", false, 1);
+    // Reset the main frame origin to secure for other tests
+    autofill_client_.set_form_origin(client_form_origin);
  }

  {
@@ -4561,8 +4573,8 @@ TEST_F(AutofillMetricsTest, PolledProfileSuggestions_DebounceLogs) {
  FormData form;
  form.unique_renderer_id = MakeFormRendererId();
  form.name = ASCIIToUTF16("TestForm");
-  form.url = GURL("http://example.com/form.html");
-  form.action = GURL("http://example.com/submit.html");
+  form.url = GURL("https://example.com/form.html");
+  form.action = GURL("https://example.com/submit.html");
  form.main_frame_origin = url::Origin::Create(autofill_client_.form_origin());

  FormFieldData field;
@@ -6397,8 +6409,8 @@ TEST_F(AutofillMetricsTest, LogServerOfferFormEvents) {
  // Set up our form data.
  FormData form;
  form.name = ASCIIToUTF16("TestForm");
-  form.url = GURL("http://example.com/form.html");
-  form.action = GURL("http://example.com/submit.html");
+  form.url = GURL("https://example.com/form.html");
+  form.action = GURL("https://example.com/submit.html");
  form.main_frame_origin = url::Origin::Create(autofill_client_.form_origin());

  FormFieldData field;
@@ -9400,7 +9412,9 @@ TEST_F(AutofillMetricsTest,
  form.unique_renderer_id = MakeFormRendererId();
  form.name = ASCIIToUTF16("TestForm");
  form.url = GURL("https://example.com/form.html");
-  form.action = GURL("http://example.com/submit.html");
+  // Form action needs to be secure on secure page, otherwise this triggers
+  // mixed form warnings and no suggestions are offered.
+  form.action = GURL("https://example.com/submit.html");
  form.main_frame_origin =
      url::Origin::Create(GURL("http://example_root.com/form.html"));


--- a/components/autofill/core/browser/autofill_test_utils.cc
+++ b/components/autofill/core/browser/autofill_test_utils.cc
@@ -176,9 +176,9 @@ void CreateTestAddressFormData(FormData* form,
  form->button_titles = {
      std::make_pair(ASCIIToUTF16("Submit"),
                     mojom::ButtonTitleType::BUTTON_ELEMENT_SUBMIT_TYPE)};
-  form->url = GURL("http://myform.com/form.html");
-  form->full_url = GURL("http://myform.com/form.html?foo=bar");
-  form->action = GURL("http://myform.com/submit.html");
+  form->url = GURL("https://myform.com/form.html");
+  form->full_url = GURL("https://myform.com/form.html?foo=bar");
+  form->action = GURL("https://myform.com/submit.html");
  form->is_action_empty = true;
  form->main_frame_origin =
      url::Origin::Create(GURL("https://myform_root.com/form.html"));
@@ -254,9 +254,9 @@ void CreateTestPersonalInformationFormData(FormData* form,
  form->unique_renderer_id = MakeFormRendererId();
  form->name =
      ASCIIToUTF16("MyForm") + ASCIIToUTF16(unique_id ? unique_id : "");
-  form->url = GURL("http://myform.com/form.html");
-  form->full_url = GURL("http://myform.com/form.html?foo=bar");
-  form->action = GURL("http://myform.com/submit.html");
+  form->url = GURL("https://myform.com/form.html");
+  form->full_url = GURL("https://myform.com/form.html?foo=bar");
+  form->action = GURL("https://myform.com/submit.html");
  form->main_frame_origin =
      url::Origin::Create(GURL("https://myform_root.com/form.html"));

@@ -281,7 +281,7 @@ void CreateTestCreditCardFormData(FormData* form,
      ASCIIToUTF16("MyForm") + ASCIIToUTF16(unique_id ? unique_id : "");
  if (is_https) {
    form->url = GURL("https://myform.com/form.html");
-    form->full_url = GURL("http://myform.com/form.html?foo=bar");
+    form->full_url = GURL("https://myform.com/form.html?foo=bar");
    form->action = GURL("https://myform.com/submit.html");
    form->main_frame_origin =
        url::Origin::Create(GURL("https://myform_root.com/form.html"));

--- a/components/autofill/core/common/autofill_features.cc
+++ b/components/autofill/core/common/autofill_features.cc
@@ -197,7 +197,7 @@ const base::Feature kAutofillParsingPatternsLanguageDependent{
 // If feature is enabled, Autofill will be disabled for mixed forms (forms on
 // HTTPS sites that submit over HTTP).
 const base::Feature kAutofillPreventMixedFormsFilling{
-    "AutofillPreventMixedFormsFilling", base::FEATURE_DISABLED_BY_DEFAULT};
+    "AutofillPreventMixedFormsFilling", base::FEATURE_ENABLED_BY_DEFAULT};

 // If the feature is enabled, FormTracker's probable-form-submission detection
 // is disabled and replaced with browser-side detection.

--- a/components/security_interstitials/core/features.cc
+++ b/components/security_interstitials/core/features.cc
@@ -7,6 +7,6 @@
 namespace security_interstitials {

 const base::Feature kInsecureFormSubmissionInterstitial{
-    "InsecureFormSubmissionInterstitial", base::FEATURE_DISABLED_BY_DEFAULT};
+    "InsecureFormSubmissionInterstitial", base::FEATURE_ENABLED_BY_DEFAULT};

 }  // namespace security_interstitials