chromium/src/third_party/blink/web_tests/http/tests/security/upgrade-insecure-requests/form-upgrade.html - manifest_repos/chromium_src - Git at Google

 <!DOCTYPE html>
 <head>
 <title>Upgrade Insecure Requests: Form Submission.</title>
 <script src="/resources/testharness.js"></script>
 <script src="/resources/testharnessreport.js"></script>
 </head>
 <body>
 <script>
 async_test(t => {
     var i = document.createElement('iframe');
     i.srcdoc = "<meta http-equiv='Content-Security-Policy' content='upgrade-insecure-requests'>" +
                "<form action='http://127.0.0.1:8000/security/resources/post-origin-to-parent.html'></form>" +
                "<script>document.querySelector('form').submit()</scr" + "ipt>";

     window.addEventListener('message', t.step_func(e => {
         if (e.source == i.contentWindow) {
             assert_equals("http://127.0.0.1:8000", e.data.origin);
             t.done();
         }
     }));

     document.body.appendChild(i);
 }, "Form submissions to 127.0.0.1 are not upgraded.");

 async_test(t => {
     var i = document.createElement('iframe');
     i.srcdoc = "<meta http-equiv='Content-Security-Policy' content='upgrade-insecure-requests'>" +
                "<form action='http://example.test:8443/security/resources/post-origin-to-parent.html'></form>" +
                "<script>document.querySelector('form').submit()</scr" + "ipt>";

     window.addEventListener('message', t.step_func(e => {
         if (e.source == i.contentWindow) {
             assert_equals("https://example.test:8443", e.data.origin);
             t.done();
         }
     }));

     document.body.appendChild(i);
 }, "Cross-host form submissions are upgraded.");
 </script>
 </body>
	<!DOCTYPE html>
	<head>
	<title>Upgrade Insecure Requests: Form Submission.</title>
	<script src="/resources/testharness.js"></script>
	<script src="/resources/testharnessreport.js"></script>
	</head>
	<body>
	<script>
	async_test(t => {
	var i = document.createElement('iframe');
	i.srcdoc = "<meta http-equiv='Content-Security-Policy' content='upgrade-insecure-requests'>" +
	"<form action='http://127.0.0.1:8000/security/resources/post-origin-to-parent.html'></form>" +
	"<script>document.querySelector('form').submit()</scr" + "ipt>";

	window.addEventListener('message', t.step_func(e => {
	if (e.source == i.contentWindow) {
	assert_equals("http://127.0.0.1:8000", e.data.origin);
	t.done();
	}
	}));

	document.body.appendChild(i);
	}, "Form submissions to 127.0.0.1 are not upgraded.");

	async_test(t => {
	var i = document.createElement('iframe');
	i.srcdoc = "<meta http-equiv='Content-Security-Policy' content='upgrade-insecure-requests'>" +
	"<form action='http://example.test:8443/security/resources/post-origin-to-parent.html'></form>" +
	"<script>document.querySelector('form').submit()</scr" + "ipt>";

	window.addEventListener('message', t.step_func(e => {
	if (e.source == i.contentWindow) {
	assert_equals("https://example.test:8443", e.data.origin);
	t.done();
	}
	}));

	document.body.appendChild(i);
	}, "Cross-host form submissions are upgraded.");
	</script>
	</body>