| <!DOCTYPE html> |
| <html> |
| <head> |
| <meta http-equiv="Content-Security-Policy" content="upgrade-insecure-requests"> |
| <script> |
| if (window.testRunner) { |
| testRunner.waitUntilDone(); |
| testRunner.dumpAsText(); |
| testRunner.setCanOpenWindows(); |
| testRunner.setCloseRemainingWindowsWhenComplete(true); |
| } |
| |
| window.addEventListener("message", function (e) { |
| if (window.opener) |
| window.opener.postMessage('done', '*'); |
| }, false); |
| </script> |
| </head> |
| <body> |
| <div> |
| <p>The following window is loaded using 'http', and should not be upgraded because it is going to a different |
| origin. This should generate a '400 - Bad Request'. |
| <script> |
| window.open("http://localhost:8443/security/contentSecurityPolicy/upgrade-insecure-requests/resources/nested-nested-window.html"); |
| </script> |
| </p> |
| <div> |
| <div> |
| <p>The following script is loaded using 'http', but it should be upgraded to 'https' due to the |
| 'upgrade-insecure-requests' header.</p> |
| <script src="http://127.0.0.1:8443/security/contentSecurityPolicy/resources/alert-pass.js"></script> |
| <div> |
| <div> |
| <p>The following document is loaded using 'http', but should be upgraded because it is an origin we have previously upgraded.</p> |
| <script> |
| window.open("http://127.0.0.1:8443/security/contentSecurityPolicy/upgrade-insecure-requests/resources/nested-nested-window.html"); |
| </script> |
| <div> |
| </body> |
| </html> |