Switch //chrome/browser code to use IsOriginSecure() instead of SchemeIsSecure().

We recently introduced SchemeIsCryptographic() and IsOriginSecure(),
which are meant to replace SchemeIsSecure().

IsOriginSecure() roughly means "do we trust this content not to be
tampered with before it reaches the user?" [1] This is a higher-level
definition that corresponds to the new "privileged contexts" spec. [2]

SchemeIsCryptographic() [3] is close to the old definition of
SchemeIsSecure(), and literally just checks if the scheme is a
cryptographic scheme (HTTPS or WSS as of right now). The difference is
that SchemeIsCryptographic() will not consider filesystem URLs secure.

[1] https://code.google.com/p/chromium/codesearch#chromium/src/content/public/common/origin_util.h&sq=package:chromium&type=cs&l=19&rcl=143099866
[2] https://www.chromium.org/Home/chromium-security/prefer-secure-origins-for-powerful-new-features and https://w3c.github.io/webappsec/specs/powerfulfeatures/
[3] https://code.google.com/p/chromium/codesearch#chromium/src/url/gurl.h&sq=package:chromium&type=cs&l=250&rcl=1430998666

BUG=362214

Review URL: https://codereview.chromium.org/1131993005

Cr-Commit-Position: refs/heads/master@{#329344}

chrome/browser/banners/app_banner_manager.cc

@@ -11,6 +11,7 @@
 #include "content/public/browser/render_frame_host.h"
 #include "content/public/browser/web_contents.h"
 #include "content/public/common/frame_navigate_params.h"
+#include "content/public/common/origin_util.h"
 #include "net/base/load_flags.h"
 #include "ui/gfx/screen.h"
 
@@ -47,9 +48,9 @@ void AppBannerManager::DidFinishLoad(
     return;
   }
 
-  // A secure scheme is required to show banners, so exit early if we see the
+  // A secure origin is required to show banners, so exit early if we see the
   // URL is invalid.
-  if (!validated_url.SchemeIsSecure() && !gDisableSecureCheckForTesting)
+  if (!content::IsOriginSecure(validated_url) && !gDisableSecureCheckForTesting)
     return;
 
   // Kick off the data retrieval pipeline.

chrome/browser/content_settings/permission_context_uma_util.cc

@@ -8,6 +8,7 @@
 #include "chrome/browser/content_settings/permission_context_uma_util.h"
 #include "components/rappor/rappor_utils.h"
 #include "content/public/browser/permission_type.h"
+#include "content/public/common/origin_util.h"
 #include "url/gurl.h"
 
 // UMA keys need to be statically initialized so plain function would not
@@ -80,7 +81,7 @@ const std::string GetRapporMetric(ContentSettingsType permission,
 void RecordPermissionAction(ContentSettingsType permission,
                             PermissionAction action,
                             const GURL& requesting_origin) {
-  bool secure_origin = requesting_origin.SchemeIsSecure();
+  bool secure_origin = content::IsOriginSecure(requesting_origin);
 
   switch (permission) {
       case CONTENT_SETTINGS_TYPE_GEOLOCATION:
@@ -138,7 +139,7 @@ void RecordPermissionAction(ContentSettingsType permission,
 
 void RecordPermissionRequest(ContentSettingsType permission,
                              const GURL& requesting_origin) {
-  bool secure_origin = requesting_origin.SchemeIsSecure();
+  bool secure_origin = content::IsOriginSecure(requesting_origin);
   content::PermissionType type;
   switch (permission) {
     case CONTENT_SETTINGS_TYPE_GEOLOCATION:

chrome/browser/extensions/api/desktop_capture/desktop_capture_api.cc

@@ -12,6 +12,7 @@
 #include "content/public/browser/render_process_host.h"
 #include "content/public/browser/render_view_host.h"
 #include "content/public/browser/web_contents.h"
+#include "content/public/common/origin_util.h"
 #include "net/base/net_util.h"
 
 namespace extensions {
@@ -66,11 +67,11 @@ bool DesktopCaptureChooseDesktopMediaFunction::RunAsync() {
 
     if (!base::CommandLine::ForCurrentProcess()->HasSwitch(
             switches::kAllowHttpScreenCapture) &&
-        !origin.SchemeIsSecure()) {
+        !content::IsOriginSecure(origin)) {
       error_ = kTabUrlNotSecure;
       return false;
     }
-    target_name = base::UTF8ToUTF16(origin.SchemeIsSecure() ?
+    target_name = base::UTF8ToUTF16(content::IsOriginSecure(origin) ?
         net::GetHostAndOptionalPort(origin) : origin.spec());
 
     if (!params->target_tab->id) {

chrome/browser/ui/content_settings/content_setting_bubble_model.cc

@@ -35,6 +35,7 @@
 #include "content/public/browser/user_metrics.h"
 #include "content/public/browser/web_contents.h"
 #include "content/public/browser/web_contents_delegate.h"
+#include "content/public/common/origin_util.h"
 #include "grit/components_strings.h"
 #include "grit/theme_resources.h"
 #include "net/base/net_util.h"
@@ -700,7 +701,7 @@ void ContentSettingMediaStreamBubbleModel::SetRadioGroup() {
   int radio_block_label_id = 0;
   if (state_ & (TabSpecificContentSettings::MICROPHONE_BLOCKED |
                 TabSpecificContentSettings::CAMERA_BLOCKED)) {
-    if (url.SchemeIsSecure()) {
+    if (content::IsOriginSecure(url)) {
       radio_item_setting_[0] = CONTENT_SETTING_ALLOW;
       radio_allow_label_id = IDS_BLOCKED_MEDIASTREAM_CAMERA_ALLOW;
       if (is_mic)

chrome/browser/ui/website_settings/permission_menu_model.cc

@@ -6,6 +6,7 @@
 
 #include "chrome/grit/generated_resources.h"
 #include "components/content_settings/core/browser/plugins_field_trial.h"
+#include "content/public/common/origin_util.h"
 #include "ui/base/l10n/l10n_util.h"
 
 PermissionMenuModel::PermissionMenuModel(
@@ -57,9 +58,9 @@ PermissionMenuModel::PermissionMenuModel(
        permission_.type == CONTENT_SETTINGS_TYPE_MOUSELOCK) &&
       url.SchemeIsFile();
 
-  // Media only support CONTENT_SETTTING_ALLOW for https.
+  // Media only supports CONTENT_SETTTING_ALLOW for secure origins.
   if ((permission_.type != CONTENT_SETTINGS_TYPE_MEDIASTREAM ||
-       url.SchemeIsSecure()) &&
+       content::IsOriginSecure(url)) &&
       !is_exclusive_access_on_file) {
     label = l10n_util::GetStringUTF16(
         IDS_WEBSITE_SETTINGS_MENU_ITEM_ALLOW);