Add URLS that are opted out from https upgrades due to being typed wi…

…th http scheme to the allowlist (cherry picked from commit 3b05be1) Bug: 1447921 Change-Id: Id676f34826534195cc013a81431bc68f5dae131d Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4553926 Reviewed-by: Chris Thompson <cthomp@chromium.org> Commit-Queue: Carlos IL <carlosil@chromium.org> Cr-Original-Commit-Position: refs/heads/main@{#1149391} Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4573299 Auto-Submit: Carlos IL <carlosil@chromium.org> Commit-Queue: Chris Thompson <cthomp@chromium.org> Cr-Commit-Position: refs/branch-heads/5790@{#141} Cr-Branched-From: 1d71a33-refs/heads/main@{#1148114}
chromium · May 30, 2023 · 5480da9 · 5480da9
1 parent a2496ae
commit 5480da9
Show file tree

Hide file tree

Showing 2 changed files with 43 additions and 0 deletions.
diff --git a/chrome/browser/ssl/https_upgrades_browsertest.cc b/chrome/browser/ssl/https_upgrades_browsertest.cc
@@ -2058,6 +2058,45 @@ IN_PROC_BROWSER_TEST_P(HttpsUpgradesBrowserTest,
   EXPECT_EQ(https_url, contents->GetLastCommittedURL());
 }
 
+// Tests that URLs typed with an explicit http:// scheme that result in an
+// opt-out cause the url to be added to the allowlist.
+IN_PROC_BROWSER_TEST_P(HttpsUpgradesBrowserTest,
+                       URLsTypedWithHttpSchemeNoUpgradesAllowlist) {
+  if (!IsHttpUpgradingEnabled() || IsHttpsFirstModePrefEnabled()) {
+    return;
+  }
+  GURL http_url = http_server()->GetURL("foo.com", "/simple.html");
+  GURL https_url = https_server()->GetURL("foo.com", "/simple.html");
+  auto* contents = browser()->tab_strip_model()->GetActiveWebContents();
+  OmniboxEditModelDelegate* edit_model_delegate = browser()
+                                                      ->window()
+                                                      ->GetLocationBar()
+                                                      ->GetOmniboxView()
+                                                      ->model()
+                                                      ->delegate();
+
+  Profile* profile = Profile::FromBrowserContext(contents->GetBrowserContext());
+  content::SSLHostStateDelegate* state = profile->GetSSLHostStateDelegate();
+
+  // Site should not yet be in the allowlist.
+  EXPECT_FALSE(state->IsHttpAllowedForHost(
+      http_url.host(), contents->GetPrimaryMainFrame()->GetStoragePartition()));
+
+  // Simulate the full URL was typed with an http scheme.
+  content::TestNavigationObserver nav_observer(contents, 1);
+  edit_model_delegate->OnAutocompleteAccept(
+      http_url, nullptr, WindowOpenDisposition::CURRENT_TAB,
+      ui::PAGE_TRANSITION_TYPED, AutocompleteMatchType::URL_WHAT_YOU_TYPED,
+      base::TimeTicks(), false, true, std::u16string(), AutocompleteMatch(),
+      AutocompleteMatch(), IDNA2008DeviationCharacter::kNone);
+  nav_observer.Wait();
+
+  // URL should not have been upgraded, and site should now be in the allowlist.
+  EXPECT_EQ(http_url, contents->GetLastCommittedURL());
+  EXPECT_TRUE(state->IsHttpAllowedForHost(
+      http_url.host(), contents->GetPrimaryMainFrame()->GetStoragePartition()));
+}
+
 // A simple test fixture that ensures the kHttpsFirstModeV2 feature is enabled
 // and constructs a HistogramTester (so that it gets initialized before browser
 // startup). Used for testing pref tracking logic.

diff --git a/chrome/browser/ssl/https_upgrades_interceptor.cc b/chrome/browser/ssl/https_upgrades_interceptor.cc
@@ -298,6 +298,10 @@ void HttpsUpgradesInterceptor::MaybeCreateLoader(
   if (chrome_navigation_ui_data &&
       chrome_navigation_ui_data->url_is_typed_with_http_scheme() &&
       !IsInterstitialEnabled(*interstitial_state_)) {
+    if (state) {
+      state->AllowHttpForHost(tentative_resource_request.url.host(),
+                              storage_partition);
+    }
     std::move(callback).Run({});
     return;
   }