Replace SecurityContext::InsecureRequestsPolicy with WebInsecureRequestPolicy.

third_party/WebKit/Source/core/dom/Document.cpp

 /*
  * Copyright (C) 1999 Lars Knoll (knoll@kde.org)
  *           (C) 1999 Antti Koivisto (koivisto@kde.org)
  *           (C) 2001 Dirk Mueller (mueller@kde.org)
  *           (C) 2006 Alexey Proskuryakov (ap@webkit.org)
  * Copyright (C) 2004, 2005, 2006, 2007, 2008, 2009, 2011, 2012 Apple Inc. All rights reserved.
  * Copyright (C) 2008, 2009 Torch Mobile Inc. All rights reserved. (http://www.torchmobile.com/)
  * Copyright (C) 2008, 2009, 2011, 2012 Google Inc. All rights reserved.
  * Copyright (C) 2010 Nokia Corporation and/or its subsidiary(-ies)
  * Copyright (C) Research In Motion Limited 2010-2011. All rights reserved.
@@ skipping 4886 matching lines @@
         m_cookieURL = KURL(ParsedURLString, emptyString());
         setSecurityOrigin(SecurityOrigin::createUnique());
         initContentSecurityPolicy();
         // Unique security origins cannot have a suborigin
         return;
     }
 
     // In the common case, create the security context from the currently
     // loading URL with a fresh content security policy.
     enforceSandboxFlags(initializer.getSandboxFlags());
-    if (initializer.shouldEnforceStrictMixedContentChecking())
-        enforceStrictMixedContentChecking();
-    setInsecureRequestsPolicy(initializer.getInsecureRequestsPolicy());
+    setInsecureRequestPolicy(initializer.getInsecureRequestPolicy());
     if (initializer.insecureNavigationsToUpgrade()) {
         for (auto toUpgrade : *initializer.insecureNavigationsToUpgrade())
             addInsecureNavigationUpgrade(toUpgrade);
     }
 
     if (isSandboxed(SandboxOrigin)) {
         m_cookieURL = m_url;
         setSecurityOrigin(SecurityOrigin::createUnique());
         // If we're supposed to inherit our security origin from our
         // owner, but we're also sandboxed, the only things we inherit are
@@ skipping 935 matching lines @@
 {
     if (frame())
         return m_frame->frameScheduler()->timerTaskRunner();
     if (m_importsController)
         return m_importsController->master()->timerTaskRunner();
     if (m_contextDocument)
         return m_contextDocument->timerTaskRunner();
     return Platform::current()->currentThread()->scheduler()->timerTaskRunner();
 }
 
-void Document::enforceStrictMixedContentChecking()
+void Document::enforceInsecureRequestPolicy(WebInsecureRequestPolicy policy)
 {
-    securityContext().setShouldEnforceStrictMixedContentChecking(true);
-    if (frame())
+    // Combine the new policy with the existing policy, as a base policy may be
+    // inherited from a remote parent before this page's policy is set. In other
+    // words, insecure requests should be upgraded or blocked if _either_ the
+    // existing policy or the newly enforced policy triggers upgrades or
+    // blockage.
+    setInsecureRequestPolicy(getInsecureRequestPolicy() | policy);
+
+    if (frame() && policy & kBlockAllMixedContent)
         frame()->loader().client()->didEnforceStrictMixedContentChecking();
 }
 
 void Document::setShadowCascadeOrder(ShadowCascadeOrder order)
 {
     DCHECK_NE(order, ShadowCascadeOrder::ShadowCascadeNone);
 
     if (order == m_shadowCascadeOrder)
         return;
 
@@ skipping 106 matching lines @@
 #ifndef NDEBUG
 using namespace blink;
 void showLiveDocumentInstances()
 {
     WeakDocumentSet& set = liveDocumentSet();
     fprintf(stderr, "There are %u documents currently alive:\n", set.size());
     for (Document* document : set)
         fprintf(stderr, "- Document %p URL: %s\n", document, document->url().getString().utf8().data());
 }
 #endif