Add metrics for https upgrades omnibox escape hatch

This adds a new bucket to NavigationRequestSecurityLevel that is logged when a navigation is opted out from upgrades due to the URL including an explicit http:// scheme. Bug: 1447921 Change-Id: I985fdf0e6bba12ce224906149723fac47e0798b6 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4568799 Auto-Submit: Carlos IL <carlosil@chromium.org> Reviewed-by: Chris Thompson <cthomp@chromium.org> Commit-Queue: Carlos IL <carlosil@chromium.org> Commit-Queue: Chris Thompson <cthomp@chromium.org> Cr-Commit-Position: refs/heads/main@{#1149472}
monkbrowser · May 26, 2023 · 9e60488 · 9e60488
1 parent bbb6806
commit 9e60488
Show file tree

Hide file tree

Showing 4 changed files with 13 additions and 1 deletion.
diff --git a/chrome/browser/ssl/https_upgrades_browsertest.cc b/chrome/browser/ssl/https_upgrades_browsertest.cc
@@ -2140,6 +2140,10 @@ IN_PROC_BROWSER_TEST_P(HttpsUpgradesBrowserTest,
     // Typed http URLs don't opt out of upgrades in HFM.
     EXPECT_EQ(https_url, contents->GetLastCommittedURL());
   } else {
+    histograms()->ExpectTotalCount(kNavigationRequestSecurityLevelHistogram, 1);
+    histograms()->ExpectBucketCount(
+        kNavigationRequestSecurityLevelHistogram,
+        NavigationRequestSecurityLevel::kExplicitHttpScheme, 1);
     EXPECT_EQ(http_url, contents->GetLastCommittedURL());
   }
 }

diff --git a/chrome/browser/ssl/https_upgrades_interceptor.cc b/chrome/browser/ssl/https_upgrades_interceptor.cc
@@ -318,6 +318,8 @@ void HttpsUpgradesInterceptor::MaybeCreateLoader(
       state->AllowHttpForHost(tentative_resource_request.url.host(),
                               storage_partition);
     }
+    RecordNavigationRequestSecurityLevel(
+        NavigationRequestSecurityLevel::kExplicitHttpScheme);
     std::move(callback).Run({});
     return;
   }

diff --git a/components/security_interstitials/core/https_only_mode_metrics.h b/components/security_interstitials/core/https_only_mode_metrics.h
@@ -118,7 +118,11 @@ enum class NavigationRequestSecurityLevel {
   // This bucket is recorded IN ADDITION to kInsecure/kAllowlisted.
   kNonUniqueHostname = 8,
 
-  kMaxValue = kNonUniqueHostname,
+  // Request was insecure (HTTP), but was to a URL that was fully typed (as
+  // opposed to autocompleted) that included an explicit http scheme.
+  kExplicitHttpScheme = 9,
+
+  kMaxValue = kExplicitHttpScheme,
 };
 
 // Recorded by the Site Engagement Heuristic logic, recording whether HFM should

diff --git a/tools/metrics/histograms/enums.xml b/tools/metrics/histograms/enums.xml
@@ -71657,6 +71657,8 @@ Called by update_use_counter_css.py.-->
       label="HTTP allowed by content/enterprise setting (NOT by failing
              auto-upgrade or clicking through warning)."/>
   <int value="8" label="HTTP request to non-unique host."/>
+  <int value="9"
+      label="HTTP request to a fully typed URL with explicit HTTP scheme."/>
 </enum>
 
 <enum name="NavigationRequiresDedicatedProcess">