Fix a null-deref in Upgrade-Insecure-Request's handling of unique origins.

third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.cpp

Index: third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.cpp
diff --git a/third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.cpp b/third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.cpp
index 92920a39a22e4302c5a619b9b72cad197a7ebace..9a8bcb84cc844826673cb9d1f666e3b9029e7707 100644
--- a/third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.cpp
+++ b/third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.cpp
@@ -174,11 +174,9 @@ void ContentSecurityPolicy::setupSelf(const SecurityOrigin& securityOrigin)
 
 void ContentSecurityPolicy::applyPolicySideEffectsToExecutionContext()
 {
-    ASSERT(m_executionContext);
+    DCHECK(m_executionContext && m_executionContext->securityContext().getSecurityOrigin());
 
-    SecurityOrigin* securityOrigin = m_executionContext->securityContext().getSecurityOrigin();
-    DCHECK(securityOrigin);
-    setupSelf(*securityOrigin);
+    setupSelf(*m_executionContext->securityContext().getSecurityOrigin());
 
     if (didSetReferrerPolicy())
         m_executionContext->setReferrerPolicy(m_referrerPolicy);
@@ -196,8 +194,8 @@ void ContentSecurityPolicy::applyPolicySideEffectsToExecutionContext()
         document->enforceInsecureRequestPolicy(m_insecureRequestPolicy);
         if (m_insecureRequestPolicy & kUpgradeInsecureRequests) {
             UseCounter::count(document, UseCounter::UpgradeInsecureRequestsEnabled);
-            if (!securityOrigin->host().isNull())
-                document->addInsecureNavigationUpgrade(securityOrigin->host().impl()->hash());
+            if (!document->url().host().isEmpty())
+                document->addInsecureNavigationUpgrade(document->url().host().impl()->hash());
         }
 
         for (const auto& consoleMessage : m_consoleMessages)