LayoutTests/http/tests/security/contentSecurityPolicy/upgrade-insecure-requests/form-upgrade.html - WebKit - Git at Google

 <!DOCTYPE html>
 <head>
 <title>Upgrade Insecure Requests: Form Submission.</title>
 <script src="/js-test-resources/testharness.js"></script>
 <script src="/js-test-resources/testharnessreport.js"></script>
 </head>
 <body>
 <script>
 async_test(t => {
     var iframe = document.createElement('iframe');
     iframe.srcdoc = "<meta http-equiv='Content-Security-Policy' content='upgrade-insecure-requests'>" +
                "<form action='http://127.0.0.1:8443/security/resources/post-origin-to-parent.html'></form>" +
                "<script>document.querySelector('form').submit()</scr" + "ipt>";

     window.addEventListener('message', t.step_func(e => {
         if (e.source == iframe.contentWindow) {
             assert_equals("https://127.0.0.1:8443", e.data.origin);
             t.done();
         }
     }));

     document.body.appendChild(iframe);
 }, "Same-host form submissions are upgraded.");

 async_test(t => {
     var iframe = document.createElement('iframe');
     iframe.srcdoc = "<meta http-equiv='Content-Security-Policy' content='upgrade-insecure-requests'>" +
                "<form action='http://localhost:8443/security/resources/post-origin-to-parent.html'></form>" +
                "<script>document.querySelector('form').submit()</scr" + "ipt>";

     window.addEventListener('message', t.step_func(e => {
         if (e.source == iframe.contentWindow) {
             assert_equals("https://localhost:8443", e.data.origin);
             t.done();
         }
     }));

     document.body.appendChild(iframe);
 }, "Cross-host form submissions are upgraded.");
 </script>
 </body>
	<!DOCTYPE html>
	<head>
	<title>Upgrade Insecure Requests: Form Submission.</title>
	<script src="/js-test-resources/testharness.js"></script>
	<script src="/js-test-resources/testharnessreport.js"></script>
	</head>
	<body>
	<script>
	async_test(t => {
	var iframe = document.createElement('iframe');
	iframe.srcdoc = "<meta http-equiv='Content-Security-Policy' content='upgrade-insecure-requests'>" +
	"<form action='http://127.0.0.1:8443/security/resources/post-origin-to-parent.html'></form>" +
	"<script>document.querySelector('form').submit()</scr" + "ipt>";

	window.addEventListener('message', t.step_func(e => {
	if (e.source == iframe.contentWindow) {
	assert_equals("https://127.0.0.1:8443", e.data.origin);
	t.done();
	}
	}));

	document.body.appendChild(iframe);
	}, "Same-host form submissions are upgraded.");

	async_test(t => {
	var iframe = document.createElement('iframe');
	iframe.srcdoc = "<meta http-equiv='Content-Security-Policy' content='upgrade-insecure-requests'>" +
	"<form action='http://localhost:8443/security/resources/post-origin-to-parent.html'></form>" +
	"<script>document.querySelector('form').submit()</scr" + "ipt>";

	window.addEventListener('message', t.step_func(e => {
	if (e.source == iframe.contentWindow) {
	assert_equals("https://localhost:8443", e.data.origin);
	t.done();
	}
	}));

	document.body.appendChild(iframe);
	}, "Cross-host form submissions are upgraded.");
	</script>
	</body>