<!DOCTYPE html>
<html>
<head>
<title>form-action-src-redirect-allowed-target-frame</title>
<meta http-equiv="Content-Security-Policy" content="form-action 'self'">
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
<script>
function OnDocumentLoaded() {
let test = async_test("form submission targetting a frame allowed after a redirect");
window.addEventListener("message", function(event) {
if (event.data == "DocumentNotBlocked") {
test.done();
}
});
let form = document.getElementById("form");
let final_url = "/content-security-policy/form-action/support/post-message-to-parent.sub.html?message=DocumentNotBlocked";
let redirect_url = "/common/redirect.py?location=";
form.action = redirect_url + encodeURIComponent(final_url);
let submit = document.getElementById("submit");
submit.click();
}
</script>
</head>
<body onload="OnDocumentLoaded();">
<form id="form" method="POST" target="frame">
<input type="submit" id="submit">
</form>
<iframe name="frame"></iframe>
</body>
</html>