Chrome Version: (copy from chrome://version)
OS: (e.g. Win7, OSX 10.9.5, etc...)

What steps will reproduce the problem?
(1) Enable top-document-isolation
(2) Navigate to a PWA with a mixed content iframe e.g. https://marsh-band.glitch.me/
(3) Install PWA
(4) Open PWA

What is the expected result?
Mixed content inside the iframe should have been blocked

What happens instead?
Mixed content inside the iframe is not blocked

The good news is that we will show the location bar with the security indicator showing the site is not secure.

This is happening because we only set the Strict Mixed Content Checking preference for the main frame when the app is launched. We need to set it for all frames inside a Desktop PWA.