The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/33153e2598026b19f247a2c6ee2362124b5aea4e

commit 33153e2598026b19f247a2c6ee2362124b5aea4e
Author: mkwst <mkwst@chromium.org>
Date: Thu Sep 01 10:11:46 2016

Fix a null-deref in Upgrade-Insecure-Request's handling of unique origins.

If a page is sandboxed into a unique origin, the current code which enforces
upgrading insecure requests will end up doing dereferencing the origin's
host. Unfortunately the origin has no host, and we end up doing a null-deref
on the StringImpl. Whoops.

This patch aligns our behavior with the spec's mandate to use the protected
resource's URL's host instead:
https://www.w3.org/TR/upgrade-insecure-requests/#delivery. It also changes
the 'isNull' check to an 'isEmpty' check to handle URLs without hosts, like
'data:'.

BUG= 643084 

Review-Url: https://codereview.chromium.org/2295153004
Cr-Commit-Position: refs/heads/master@{#415921}

[add] https://crrev.com/33153e2598026b19f247a2c6ee2362124b5aea4e/third_party/WebKit/LayoutTests/http/tests/security/upgrade-insecure-requests/sandbox-upgrade.https.php
[modify] https://crrev.com/33153e2598026b19f247a2c6ee2362124b5aea4e/third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.cpp
[modify] https://crrev.com/33153e2598026b19f247a2c6ee2362124b5aea4e/third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicyTest.cpp