WIP: Move 'Upgrade-Insecure-Requests' to the browser process.

content/browser/loader/resource_dispatcher_host_impl.cc

Index: content/browser/loader/resource_dispatcher_host_impl.cc
diff --git a/content/browser/loader/resource_dispatcher_host_impl.cc b/content/browser/loader/resource_dispatcher_host_impl.cc
index 71577dc8cdccd795cb80afd653e2195c2e259c0b..c98186dceb4377799f386a0452bdc47ceb988f26 100644
--- a/content/browser/loader/resource_dispatcher_host_impl.cc
+++ b/content/browser/loader/resource_dispatcher_host_impl.cc
@@ -119,6 +119,7 @@
 #include "storage/browser/blob/shareable_file_reference.h"
 #include "storage/browser/fileapi/file_permission_policy.h"
 #include "storage/browser/fileapi/file_system_context.h"
+#include "third_party/WebKit/public/platform/WebInsecureRequestPolicy.h"
 #include "url/third_party/mozilla/url_parse.h"
 #include "url/url_constants.h"
 
@@ -1401,6 +1402,23 @@ void ResourceDispatcherHostImpl::ContinuePendingBeginRequest(
          request_data.resource_type == RESOURCE_TYPE_MAIN_FRAME);
   new_request->set_initiator(request_data.request_initiator);
 
+  if (request_data.insecure_request_policy & blink::kUpgradeInsecureRequests) {
+    // If the initiating context wishes to upgrade insecure requests, we
+    // blanket-upgrade everything that isn't a main-frame navigation. For
+    // main-frame navigations, we blanket-upgrade form submissions, and
+    // otherwise upgrade same-host navigations.
+    //
+    // https://w3c.github.io/webappsec-upgrade-insecure-requests/#upgrade-request
+    if (request_data.resource_type != RESOURCE_TYPE_MAIN_FRAME ||
+        request_data.fetch_request_context_type == REQUEST_CONTEXT_TYPE_FORM) {
+      new_request->set_insecure_request_policy(
+          net::URLRequest::UPGRADE_ALL_INSECURE_REQUESTS);
+    } else {
+      new_request->set_insecure_request_policy(
+          net::URLRequest::UPGRADE_SAME_HOST_INSECURE_REQUESTS);
+    }
+  }
+
   if (request_data.originated_from_service_worker) {
     new_request->SetUserData(URLRequestServiceWorkerData::kUserDataKey,
                              new URLRequestServiceWorkerData());