Fix a null-deref in Upgrade-Insecure-Request's handling of unique origins.

third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicyTest.cpp

Index: third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicyTest.cpp
diff --git a/third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicyTest.cpp b/third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicyTest.cpp
index fdc9c60ab84d04306c2c4c5ab8da2dc3c1d23015..2f1f9c255a8fd8064a26df5d2f3bcefcaa1e2ebf 100644
--- a/third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicyTest.cpp
+++ b/third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicyTest.cpp
@@ -65,10 +65,11 @@ TEST_F(ContentSecurityPolicyTest, ParseInsecureRequestPolicy)
 
         document = Document::create();
         document->setSecurityOrigin(secureOrigin);
+        document->setURL(secureURL);
         csp->bindToExecutionContext(document.get());
         EXPECT_EQ(test.expectedPolicy, document->getInsecureRequestPolicy());
         bool expectUpgrade = test.expectedPolicy & kUpgradeInsecureRequests;
-        EXPECT_EQ(expectUpgrade, document->insecureNavigationsToUpgrade()->contains(secureOrigin->host().impl()->hash()));
+        EXPECT_EQ(expectUpgrade, document->insecureNavigationsToUpgrade()->contains(document->url().host().impl()->hash()));
     }
 
     // Report-Only