| <!DOCTYPE html> |
| <head> |
| <title>Upgrade Insecure Requests: Form Submission.</title> |
| <script src="/js-test-resources/testharness.js"></script> |
| <script src="/js-test-resources/testharnessreport.js"></script> |
| </head> |
| <body> |
| <script> |
| async_test(t => { |
| var iframe = document.createElement('iframe'); |
| iframe.srcdoc = "<meta http-equiv='Content-Security-Policy' content='upgrade-insecure-requests'>" + |
| "<form action='http://127.0.0.1:8443/security/resources/post-origin-to-parent.html'></form>" + |
| "<script>document.querySelector('form').submit()</scr" + "ipt>"; |
| |
| window.addEventListener('message', t.step_func(e => { |
| if (e.source == iframe.contentWindow) { |
| assert_equals("https://127.0.0.1:8443", e.data.origin); |
| t.done(); |
| } |
| })); |
| |
| document.body.appendChild(iframe); |
| }, "Same-host form submissions are upgraded."); |
| |
| async_test(t => { |
| var iframe = document.createElement('iframe'); |
| iframe.srcdoc = "<meta http-equiv='Content-Security-Policy' content='upgrade-insecure-requests'>" + |
| "<form action='http://localhost:8443/security/resources/post-origin-to-parent.html'></form>" + |
| "<script>document.querySelector('form').submit()</scr" + "ipt>"; |
| |
| window.addEventListener('message', t.step_func(e => { |
| if (e.source == iframe.contentWindow) { |
| assert_equals("https://localhost:8443", e.data.origin); |
| t.done(); |
| } |
| })); |
| |
| document.body.appendChild(iframe); |
| }, "Cross-host form submissions are upgraded."); |
| </script> |
| </body> |