<!DOCTYPE html>
<head>
<title>Upgrade Insecure Requests: Form Submission.</title>
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
</head>
<body>
<script>
async_test(t => {
var i = document.createElement('iframe');
i.srcdoc = "<meta http-equiv='Content-Security-Policy' content='upgrade-insecure-requests'>" +
"<form action='http://127.0.0.1:8000/security/resources/post-origin-to-parent.html'></form>" +
"<script>document.querySelector('form').submit()</scr" + "ipt>";
window.addEventListener('message', t.step_func(e => {
if (e.source == i.contentWindow) {
assert_equals("http://127.0.0.1:8000", e.data.origin);
t.done();
}
}));
document.body.appendChild(i);
}, "Form submissions to 127.0.0.1 are not upgraded.");
async_test(t => {
var i = document.createElement('iframe');
i.srcdoc = "<meta http-equiv='Content-Security-Policy' content='upgrade-insecure-requests'>" +
"<form action='http://example.test:8443/security/resources/post-origin-to-parent.html'></form>" +
"<script>document.querySelector('form').submit()</scr" + "ipt>";
window.addEventListener('message', t.step_func(e => {
if (e.source == i.contentWindow) {
assert_equals("https://example.test:8443", e.data.origin);
t.done();
}
}));
document.body.appendChild(i);
}, "Cross-host form submissions are upgraded.");
</script>
</body>
Codebase Browser
chromium