Upgrade insecure requests: Pipe navigational hosts down into nested documents.

Source/core/loader/FrameLoader.cpp

Index: Source/core/loader/FrameLoader.cpp
diff --git a/Source/core/loader/FrameLoader.cpp b/Source/core/loader/FrameLoader.cpp
index f9b9cce6a50dacf236cd71abb323dc753506f09d..b31c49bc146ae82dcb767448e4801797d67a26c7 100644
--- a/Source/core/loader/FrameLoader.cpp
+++ b/Source/core/loader/FrameLoader.cpp
@@ -1403,6 +1403,7 @@ bool FrameLoader::shouldEnforceStrictMixedContentChecking() const
     if (!parentFrame->isLocalFrame())
         return true;
 
+    ASSERT(toLocalFrame(parentFrame)->document());
     return toLocalFrame(parentFrame)->document()->shouldEnforceStrictMixedContentChecking();
 }
 
@@ -1417,7 +1418,24 @@ SecurityContext::InsecureRequestsPolicy FrameLoader::insecureRequestsPolicy() co
     if (!parentFrame->isLocalFrame())
         return SecurityContext::InsecureRequestsDoNotUpgrade;
 
+    ASSERT(toLocalFrame(parentFrame)->document());
     return toLocalFrame(parentFrame)->document()->insecureRequestsPolicy();
 }
 
+SecurityContext::InsecureNavigationsSet* FrameLoader::insecureNavigationsToUpgrade() const
+{
+    ASSERT(m_frame);
+    Frame* parentFrame = m_frame->tree().parent();
+    if (!parentFrame)
+        return nullptr;
+
+    // FIXME: We need a way to propagate insecure requests policy flags to
+    // out-of-process frames. For now, we'll always use default behavior.
+    if (!parentFrame->isLocalFrame())
+        return nullptr;
+
+    ASSERT(toLocalFrame(parentFrame)->document());
+    return toLocalFrame(parentFrame)->document()->insecureNavigationsToUpgrade();
+}
+
 } // namespace blink