Rewrite SecurityOrigin::IsSecure() using GURL and url::Origin

SecurityOrigin::IsSecure() is very similar to the concept of
"potentially trustworthy URL" defined in [1] and implemented by
network::IsUrlPotentiallyTrustworthy(), but it has historically been
hard to compare them. After previous refactoring they are quite close.

This CL is yet another iteration. SecurityOrigin::IsSecure() is
rewritten to use a similar implementation based on GURL and url::Origin.
Spec comments are also added to make the difference more obvious.

IsSecure() currently returns true if the URL scheme is in the secure
list [2] or possibly one wrapped in a blob: or filesystem:. The
constructor of url::Origin automatically unwraps this kind of URLs
but is also more restrictive about accepted schemes [3]. In particular,
about: and data: URLs or URLs with schemes registered as "secure"
but not "standard" will now generate invalid origins.

Special cases from network::IsUrlPotentiallyTrustworthy() are added to
preserve behavior with about: and data: schemes, although some weird
edge cases like "about:about" or "blob:about" are no longer treated as
secure. Behavior for all standard secure schemes (including https, wss,
quic-transport) are preserved. All these changes makes IsSecure()
closer to  the spec definition of "potentially trustworthy URL".

The rest of the IsSecure() handles opaque and allowedlist origins, which
is again just a subset of the work done by
network::IsUrlPotentiallyTrustworthy() and can be rewritten accordingly.


Bug: 1153336
Change-Id: I8f4a42f89a9ae13016a20a1e242c1efd48874162
Reviewed-by: Mike West <>
Commit-Queue: Frédéric Wang <>
Cr-Commit-Position: refs/heads/master@{#844034}
2 files changed
tree: c0860d0d06ba777b80bdfd54661052d52d5985d6
  1. .clang-format
  2. .clang-tidy
  3. .eslintrc.js
  4. .git-blame-ignore-revs
  5. .gitattributes
  6. .gitignore
  7. .gn
  8. .vpython
  9. .vpython3
  10. .yapfignore
  14. DEPS
  18. LICENSE.chromium_os
  19. OWNERS
  25. android_webview/
  26. apps/
  27. ash/
  28. base/
  29. build/
  30. build_overrides/
  31. buildtools/
  32. cc/
  33. chrome/
  34. chromecast/
  35. chromeos/
  36. cloud_print/
  37. codelabs/
  38. codereview.settings
  39. components/
  40. content/
  41. courgette/
  42. crypto/
  43. dbus/
  44. device/
  45. docs/
  46. extensions/
  47. fuchsia/
  48. gin/
  49. google_apis/
  50. google_update/
  51. gpu/
  52. headless/
  53. infra/
  54. ios/
  55. ipc/
  56. jingle/
  57. media/
  58. mojo/
  59. native_client_sdk/
  60. net/
  61. pdf/
  62. ppapi/
  63. printing/
  64. remoting/
  65. rlz/
  66. sandbox/
  67. services/
  68. skia/
  69. sql/
  70. storage/
  71. styleguide/
  72. testing/
  73. third_party/
  74. tools/
  75. ui/
  76. url/
  77. weblayer/

Logo Chromium

Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web.

The project's web site is

To check out the source code locally, don't use git clone! Instead, follow the instructions on how to get the code.

Documentation in the source is rooted in docs/

Learn how to Get Around the Chromium Source Code Directory Structure .

For historical reasons, there are some small top level directories. Now the guidance is that new top level directories are for product (e.g. Chrome, Android WebView, Ash). Even if these products have multiple executables, the code should be in subdirectories of the product.