Use origins instead of URLs in console messages about mixed content.

Use origins instead of URLs in console messages about mixed content.

Specifically, use origins when the frame loading a resource and the
frame with respect to which content is mixed are different.  This
avoids potential information disclosure with OOPIFs, and includes
scenarios such as https://foo.com embedding an insecure subframe
http://bar.com, or that insecure subframe further loading insecure
subresources.  It does *not* include the case where https://foo.com
embeds insecure subresources, like <img src="http://foo.com/foo.jpg">.

BUG=726178
CQ_INCLUDE_TRYBOTS=master.tryserver.chromium.linux:linux_site_isolation

[alexmos, 2017-05-25 01:30:06]

Description was changed from

==========
Use origins instead of URLs in console messages about mixed content.

Specifically, use origins when the frame loading a resource and the
frame with respect to which content is mixed are different.  This
avoids potential information disclosure with OOPIFs, and includes
scenarios such as https://foo.com embedding an insecure subframe
http://bar.com, or that insecure subframe further loading insecure
subresources.  It does *not* include the case where https://foo.com
embeds insecure subresources, like <img src="http://foo.com/foo.jpg">.

BUG=726178
==========

to

==========
Use origins instead of URLs in console messages about mixed content.

Specifically, use origins when the frame loading a resource and the
frame with respect to which content is mixed are different.  This
avoids potential information disclosure with OOPIFs, and includes
scenarios such as https://foo.com embedding an insecure subframe
http://bar.com, or that insecure subframe further loading insecure
subresources.  It does *not* include the case where https://foo.com
embeds insecure subresources, like <img src="http://foo.com/foo.jpg">.

BUG=726178
CQ_INCLUDE_TRYBOTS=master.tryserver.chromium.linux:linux_site_isolation
==========

[alexmos, 2017-05-25 01:30:15]

The CQ bit was checked by alexmos@chromium.org to run a CQ dry run

[commit-bot: I haz the power, 2017-05-25 01:31:21]

Dry run: CQ is trying da patch.

Follow status at:
https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...

[commit-bot: I haz the power, 2017-05-25 03:10:06]

The CQ bit was unchecked by commit-bot@chromium.org

[commit-bot: I haz the power, 2017-05-25 03:10:07]

Dry run: This issue passed the CQ dry run.

[arthursonzogni, 2017-05-29 15:23:04]

On 2017/05/25 03:10:07, commit-bot: I haz the power wrote:
> Dry run: This issue passed the CQ dry run.

I like it. FYI I ran the PlzNavigate TryBot
"linux_chromium_browser_side_navigation_rel".
One test is failing:
http/tests/security/mixedContent/insecure-iframe-with-hsts.https.html
The "line:18" is missing. This is because the source location of the main frame
is not transmitted to the sub-frame. This is expected because that is what this
CL does.