Implement upgrade-insecure-requests in browser for frame requests

content/browser/frame_host/form_submission_throttle.cc

Index: content/browser/frame_host/form_submission_throttle.cc
diff --git a/content/browser/frame_host/form_submission_throttle.cc b/content/browser/frame_host/form_submission_throttle.cc
index 5784bbfa3317bd268e36176c8fa916481c357b03..5a235d8698ee0244657d5532963e8b7fc36b6e88 100644
--- a/content/browser/frame_host/form_submission_throttle.cc
+++ b/content/browser/frame_host/form_submission_throttle.cc
@@ -60,8 +60,12 @@ FormSubmissionThrottle::CheckContentSecurityPolicyFormAction(bool is_redirect) {
   RenderFrameHostImpl* render_frame =
       handle->frame_tree_node()->current_frame_host();
 
+  // TODO(estark): Move this check into NavigationRequest and split it into (1)
+  // check report-only CSP, (2) upgrade request if needed, (3) check enforced
+  // CSP to match how frame-src works. https://crbug.com/713388
   if (render_frame->IsAllowedByCsp(CSPDirective::FormAction, url, is_redirect,
-                                   handle->source_location())) {
+                                   handle->source_location(),
+                                   CSPContext::CHECK_ALL_CSP)) {
     return NavigationThrottle::PROCEED;
   }