PlzNavigate: Move navigation-level mixed content checks to the browser.

third_party/WebKit/Source/core/loader/MixedContentChecker.h

Index: third_party/WebKit/Source/core/loader/MixedContentChecker.h
diff --git a/third_party/WebKit/Source/core/loader/MixedContentChecker.h b/third_party/WebKit/Source/core/loader/MixedContentChecker.h
index 01818964648b99fa80ecdde6bb44cb0b90b426ad..fb52cbd4a9ebec91256e18fd2ddf04fd37e0a30a 100644
--- a/third_party/WebKit/Source/core/loader/MixedContentChecker.h
+++ b/third_party/WebKit/Source/core/loader/MixedContentChecker.h
@@ -48,6 +48,12 @@ class KURL;
 class ResourceResponse;
 class SecurityOrigin;
 
+// Checks all sub-resource loads for mixed-content. Frame-level loads are
+// checked at the browser by MixedContentNavigationThrottle. Changes to this
+// class might need to be reflected on its browser counterpart.
+//
+// Current mixed content draft that drives this implementation:
+// https://w3c.github.io/webappsec-mixed-content/

[Mike West, 2016/07/19 14:39:32]

Can you file a bug to move whatever else we can up and out of Blink? This seems
like it's going to be a maintenance burden, and it would be a good idea to start
planning for it now.

[carlosk, 2016/07/19 16:32:16]

Sub resource loads are more complicated to handle in the browser. From a quick
talk to clamy@ that at least adds one extra IPC round trip to the browser per
resource request. Alternatively it would require adding the so much avoided
request-to-tree-node mapping to the IO thread.

This is something that should be evaluated anyway so I filed:
https://bugs.chromium.org/p/chromium/issues/detail?id=629528

 class CORE_EXPORT MixedContentChecker final {
     WTF_MAKE_NONCOPYABLE(MixedContentChecker);
     DISALLOW_NEW();