Upgrade Insecure Requests: bugfixes, tests, and support for OOPIF.

third_party/WebKit/Source/core/frame/Frame.cpp

Index: third_party/WebKit/Source/core/frame/Frame.cpp
diff --git a/third_party/WebKit/Source/core/frame/Frame.cpp b/third_party/WebKit/Source/core/frame/Frame.cpp
index 9680704918860464f3f63c78c599744ecda86538..84cf8593da2888411590cc2022cc996dccadf5cf 100644
--- a/third_party/WebKit/Source/core/frame/Frame.cpp
+++ b/third_party/WebKit/Source/core/frame/Frame.cpp
@@ -334,6 +334,32 @@ void Frame::didChangeVisibilityState() {
     childFrames[i]->didChangeVisibilityState();
 }
 
+// static
+void Frame::upgradeInsecureRequest(KURL& url, Document& originDocument) {
+  // We always upgrade requests that meet any of the following criteria:
+  //
+  // Enforced in FrameLoader::upgradeInsecureRequest.
+  //    1. Are for subresources.
+  //    2. Are for nested frames.
+  //    3. Are form submissions.
+  //    4. Whose hosts are contained in the originDocument's upgrade insecure
+  //       navigations set. (same-frame navigation).
+  // Enforced in Frame::upgradeInsecureRequest.
+  //    4. Whose hosts are contained in the originDocument's upgrade insecure
+  //       navigations set. (cross-frame navigation).
+  if (url.protocolIs("http") &&
+      originDocument.getInsecureRequestPolicy() & kUpgradeInsecureRequests &&
+      !url.host().isNull() &&
+      originDocument.insecureNavigationsToUpgrade()->contains(
+          url.host().impl()->hash())) {
+    UseCounter::count(originDocument,
+                      UseCounter::UpgradeInsecureRequestsUpgradedRequest);
+    url.setProtocol("https");
+    if (url.port() == 80)
+      url.setPort(443);
+  }
+}
+
 Frame::Frame(FrameClient* client, FrameHost* host, FrameOwner* owner)
     : m_treeNode(this),
       m_host(host),
@@ -349,5 +375,4 @@ Frame::Frame(FrameClient* client, FrameHost* host, FrameOwner* owner)
   else
     page()->setMainFrame(this);
 }
-
 }  // namespace blink