| <!DOCTYPE html> |
| <head> |
| <title>Upgrade Insecure Requests: Form Submission.</title> |
| <script src="/resources/testharness.js"></script> |
| <script src="/resources/testharnessreport.js"></script> |
| </head> |
| <body> |
| <script> |
| async_test(t => { |
| var i = document.createElement('iframe'); |
| i.srcdoc = "<meta http-equiv='Content-Security-Policy' content='upgrade-insecure-requests'>" + |
| "<form action='http://127.0.0.1:8000/security/resources/post-origin-to-parent.html'></form>" + |
| "<script>document.querySelector('form').submit()</scr" + "ipt>"; |
| |
| window.addEventListener('message', t.step_func(e => { |
| if (e.source == i.contentWindow) { |
| assert_equals("http://127.0.0.1:8000", e.data.origin); |
| t.done(); |
| } |
| })); |
| |
| document.body.appendChild(i); |
| }, "Form submissions to 127.0.0.1 are not upgraded."); |
| |
| async_test(t => { |
| var i = document.createElement('iframe'); |
| i.srcdoc = "<meta http-equiv='Content-Security-Policy' content='upgrade-insecure-requests'>" + |
| "<form action='http://example.test:8443/security/resources/post-origin-to-parent.html'></form>" + |
| "<script>document.querySelector('form').submit()</scr" + "ipt>"; |
| |
| window.addEventListener('message', t.step_func(e => { |
| if (e.source == i.contentWindow) { |
| assert_equals("https://example.test:8443", e.data.origin); |
| t.done(); |
| } |
| })); |
| |
| document.body.appendChild(i); |
| }, "Cross-host form submissions are upgraded."); |
| </script> |
| </body> |