Upgrade insecure requests: Pipe navigational hosts down into nested documents.

Source/core/loader/FrameFetchContextTest.cpp

Index: Source/core/loader/FrameFetchContextTest.cpp
diff --git a/Source/core/loader/FrameFetchContextTest.cpp b/Source/core/loader/FrameFetchContextTest.cpp
index 7a1e8d4f37e35066df9bc02a610b4c06385376f1..b301c48e7038e9e698e29d811574b39d2e2ef371 100644
--- a/Source/core/loader/FrameFetchContextTest.cpp
+++ b/Source/core/loader/FrameFetchContextTest.cpp
@@ -135,8 +135,7 @@ TEST_F(FrameFetchContextUpgradeTest, UpgradeInsecureResourceRequests)
     document->setInsecureRequestsPolicy(SecurityContext::InsecureRequestsUpgrade);
 
     for (auto test : tests) {
-        // secureOrigin's host is 'secureorigin.test', not 'example.test'
-        document->setSecurityOrigin(secureOrigin);
+        document->insecureNavigationsToUpgrade()->clear();
 
         // We always upgrade for FrameTypeNone and FrameTypeNested.
         expectUpgrade(test.original, WebURLRequest::RequestContextScript, WebURLRequest::FrameTypeNone, test.upgraded);
@@ -150,8 +149,8 @@ TEST_F(FrameFetchContextUpgradeTest, UpgradeInsecureResourceRequests)
         expectUpgrade(test.original, WebURLRequest::RequestContextForm, WebURLRequest::FrameTypeTopLevel, test.upgraded);
         expectUpgrade(test.original, WebURLRequest::RequestContextForm, WebURLRequest::FrameTypeAuxiliary, test.upgraded);
 
-        // Or unless the host of the document matches the host of the resource:
-        document->setSecurityOrigin(exampleOrigin);
+        // Or unless the host of the resource is in the document's InsecureNavigationsSet:
+        document->addInsecureNavigationUpgrade(exampleOrigin->host().impl()->hash());
         expectUpgrade(test.original, WebURLRequest::RequestContextScript, WebURLRequest::FrameTypeTopLevel, test.upgraded);
         expectUpgrade(test.original, WebURLRequest::RequestContextScript, WebURLRequest::FrameTypeAuxiliary, test.upgraded);
     }