Upgrade insecure requests: Pipe navigational hosts down into nested documents.

Source/core/dom/SecurityContext.h

Index: Source/core/dom/SecurityContext.h
diff --git a/Source/core/dom/SecurityContext.h b/Source/core/dom/SecurityContext.h
index 7631aa8d0a4a236ec8c0ee86f2217b1561abf5db..6538a4fe91ed4ec068bc57b292c8c9a4aeee605e 100644
--- a/Source/core/dom/SecurityContext.h
+++ b/Source/core/dom/SecurityContext.h
@@ -28,8 +28,10 @@
 #define SecurityContext_h
 
 #include "core/dom/SandboxFlags.h"
+#include "wtf/HashSet.h"
 #include "wtf/PassRefPtr.h"
 #include "wtf/RefPtr.h"
+#include "wtf/text/StringHash.h"
 #include "wtf/text/WTFString.h"
 
 namespace blink {
@@ -40,6 +42,8 @@ class KURL;
 
 class SecurityContext {
 public:
+    using InsecureNavigationsSet = HashSet<unsigned, WTF::AlreadyHashed>;
+
     // The ordering here is important: 'Upgrade' overrides 'DoNotUpgrade'.
     enum InsecureRequestsPolicy {
         InsecureRequestsDoNotUpgrade = 0,
@@ -67,6 +71,10 @@ public:
     void setInsecureRequestsPolicy(InsecureRequestsPolicy policy) { m_insecureRequestsPolicy = policy; }
     InsecureRequestsPolicy insecureRequestsPolicy() const { return m_insecureRequestsPolicy; }
 
+    void addInsecureNavigationUpgrade(const String& host) { m_insecureNavigationsToUpgrade.add(host.impl()->hash()); }
+    void addInsecureNavigationUpgrade(unsigned hashedHost) { m_insecureNavigationsToUpgrade.add(hashedHost); }
+    InsecureNavigationsSet* insecureNavigationsToUpgrade() { return &m_insecureNavigationsToUpgrade; }
+
 protected:
     SecurityContext();
     virtual ~SecurityContext();
@@ -85,6 +93,7 @@ private:
 
     bool m_hostedInReservedIPRange;
     InsecureRequestsPolicy m_insecureRequestsPolicy;
+    InsecureNavigationsSet m_insecureNavigationsToUpgrade;
 };
 
 } // namespace blink