chromium/third_party/blink/web_tests/http/tests/security/contentSecurityPolicy/1.1/form-action-leak-path-on-redirect.html

<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Security-Policy" content="form-action 127.0.0.1:8000/resources/redirection-response.php">
<script>
    if (window.testRunner) {
        testRunner.dumpAsText();
        testRunner.waitUntilDone();
        testRunner.clearBackForwardList();
        testRunner.dumpBackForwardList();
    }

    window.addEventListener('load', function() {
        setTimeout(function() {
            document.getElementById('submit').click();
        }, 0);
    });
</script>
</head>
<body>
    <form
      action="/resources/redirection-response.php?status=302&target=/navigation/resources/form-target.pl"
      id='theform'
      method='post'>
        <input type='text' name='fieldname' value='fieldvalue'>
        <input type='submit' id='submit' value='submit'>
    </form>

    <p>Tests that on a redirect, the form-action directive doesn't force the
       path to match the one of the source-expression. If this test passes, you
       will see a page indicating a form was POSTed. </p>
</body>
</html>