chromium/src/third_party/blink/web_tests/http/tests/security/upgrade-insecure-requests/iframe-upgrade.https.html - manifest_repos/chromium_src - Git at Google

 <!DOCTYPE html>
 <head>
 <title>Upgrade Insecure Requests: IFrames.</title>
 <script src="/resources/testharness.js"></script>
 <script src="/resources/testharnessreport.js"></script>

 <meta http-equiv="Content-Security-Policy" content="upgrade-insecure-requests">
 </head>
 <body>
 <script>
 async_test(t => {
     var i = document.createElement('iframe');

     i.src = "http://127.0.0.1:8000/security/resources/post-origin-to-parent.html";

     window.addEventListener('message', t.step_func(e => {
         if (e.source == i.contentWindow) {
             assert_equals("http://127.0.0.1:8000", e.data.origin);
             t.done();
         }
     }));
     document.body.appendChild(i);
 }, "127.0.0.1 frames are not upgraded.");

 async_test(t => {
     var i = document.createElement('iframe');

     // This is a bit of a hack. UPGRADE doesn't upgrade the port number, so we
     // specify this non-existent URL ('http' over port 8443). If UPGRADE doesn't
     // work, it won't load.
     i.src = "http://example.test:8443/security/resources/post-origin-to-parent.html";

     window.addEventListener('message', t.step_func(e => {
         if (e.source == i.contentWindow) {
             assert_equals("https://example.test:8443", e.data.origin);
             t.done();
         }
     }));
     document.body.appendChild(i);
 }, "Cross-host frames are upgraded.");

 async_test(t => {
     var i = document.createElement('iframe');
     i.srcdoc = "<a href='http://127.0.0.1:8000/security/resources/post-origin-to-parent.html'>Navigate!</a>" +
                "<script>document.querySelector('a').click()</scr" + "ipt>";

     window.addEventListener('message', t.step_func(e => {
         if (e.source == i.contentWindow) {
             assert_equals("http://127.0.0.1:8000", e.data.origin);
             t.done();
         }
     }));

     document.body.appendChild(i);
 }, "Upgrade policy cascades to nested, same-host frames, but 127.0.0.1 is not upgraded.");

 async_test(t => {
     var i = document.createElement('iframe');
     i.srcdoc = "<a href='http://example.test:8443/security/resources/post-origin-to-parent.html'>Navigate!</a>" +
                "<script>document.querySelector('a').click()</scr" + "ipt>";

     window.addEventListener('message', t.step_func(e => {
         if (e.source == i.contentWindow) {
             assert_equals("https://example.test:8443", e.data.origin);
             t.done();
         }
     }));

     document.body.appendChild(i);
 }, "Upgrade policy cascades to nested, cross-host frames.");
 </script>
 </body>
	<!DOCTYPE html>
	<head>
	<title>Upgrade Insecure Requests: IFrames.</title>
	<script src="/resources/testharness.js"></script>
	<script src="/resources/testharnessreport.js"></script>

	<meta http-equiv="Content-Security-Policy" content="upgrade-insecure-requests">
	</head>
	<body>
	<script>
	async_test(t => {
	var i = document.createElement('iframe');

	i.src = "http://127.0.0.1:8000/security/resources/post-origin-to-parent.html";

	window.addEventListener('message', t.step_func(e => {
	if (e.source == i.contentWindow) {
	assert_equals("http://127.0.0.1:8000", e.data.origin);
	t.done();
	}
	}));
	document.body.appendChild(i);
	}, "127.0.0.1 frames are not upgraded.");

	async_test(t => {
	var i = document.createElement('iframe');

	// This is a bit of a hack. UPGRADE doesn't upgrade the port number, so we
	// specify this non-existent URL ('http' over port 8443). If UPGRADE doesn't
	// work, it won't load.
	i.src = "http://example.test:8443/security/resources/post-origin-to-parent.html";

	window.addEventListener('message', t.step_func(e => {
	if (e.source == i.contentWindow) {
	assert_equals("https://example.test:8443", e.data.origin);
	t.done();
	}
	}));
	document.body.appendChild(i);
	}, "Cross-host frames are upgraded.");

	async_test(t => {
	var i = document.createElement('iframe');
	i.srcdoc = "<a href='http://127.0.0.1:8000/security/resources/post-origin-to-parent.html'>Navigate!</a>" +
	"<script>document.querySelector('a').click()</scr" + "ipt>";

	window.addEventListener('message', t.step_func(e => {
	if (e.source == i.contentWindow) {
	assert_equals("http://127.0.0.1:8000", e.data.origin);
	t.done();
	}
	}));

	document.body.appendChild(i);
	}, "Upgrade policy cascades to nested, same-host frames, but 127.0.0.1 is not upgraded.");

	async_test(t => {
	var i = document.createElement('iframe');
	i.srcdoc = "<a href='http://example.test:8443/security/resources/post-origin-to-parent.html'>Navigate!</a>" +
	"<script>document.querySelector('a').click()</scr" + "ipt>";

	window.addEventListener('message', t.step_func(e => {
	if (e.source == i.contentWindow) {
	assert_equals("https://example.test:8443", e.data.origin);
	t.done();
	}
	}));

	document.body.appendChild(i);
	}, "Upgrade policy cascades to nested, cross-host frames.");
	</script>
	</body>