Executed HTTPS upgrade before notifying the start of the provisional load.

third_party/WebKit/Source/core/fetch/ResourceFetcher.cpp

Index: third_party/WebKit/Source/core/fetch/ResourceFetcher.cpp
diff --git a/third_party/WebKit/Source/core/fetch/ResourceFetcher.cpp b/third_party/WebKit/Source/core/fetch/ResourceFetcher.cpp
index 31e8389897ba03dbbff62479cf5bd80ba306983d..125574198187efcb950f2f282e08add791c2c5f6 100644
--- a/third_party/WebKit/Source/core/fetch/ResourceFetcher.cpp
+++ b/third_party/WebKit/Source/core/fetch/ResourceFetcher.cpp
@@ -410,7 +410,8 @@ Resource* ResourceFetcher::requestResource(FetchRequest& request, const Resource
 {
     ASSERT(request.options().synchronousPolicy == RequestAsynchronously || factory.type() == Resource::Raw || factory.type() == Resource::XSLStyleSheet);
 
-    context().upgradeInsecureRequest(request);
+    if (request.resourceRequest().httpHeaderField("Upgrade-Insecure-Requests") != AtomicString("1"))

[Mike West, 2016/07/04 08:33:25]

1. Can you add a comment describing the rationale for checking the header's
presence?

2. This could probably be moved into `FrameFetchContext::upgradeInsecureRequest`
as an early-exit, rather than complicating the callsites.

[carlosk, 2016/07/04 09:22:59]

Both done. Much better indeed.

+        context().upgradeInsecureRequest(request.mutableResourceRequest());
     context().addClientHintsIfNecessary(request);
     context().addCSPHeaderIfNecessary(factory.type(), request);