file_upgrade_insecure_report_only.html (1042B)
1 <!DOCTYPE HTML> 2 <html> 3 <head> 4 <meta charset="utf-8"> 5 <title>Bug 1832249 - Consider report-only flag when upgrading insecure requests</title> 6 </head> 7 <body> 8 <img id="testimage"></img> 9 10 <script> 11 let route; 12 if (new URL(document.location).searchParams.get("reportonly")) { 13 route = "reportonly"; 14 } 15 else if (new URL(document.location).searchParams.get("enforce")) { 16 route = "enforce"; 17 } 18 var myImg = document.getElementById("testimage"); 19 // we need to test http functionality here, so we need to load an http url 20 /* eslint-disable @microsoft/sdl/no-insecure-url */ 21 myImg.src = 22 `http://example.com/tests/dom/security/test/csp/file_upgrade_insecure_report_only_server.sjs?img-${route}`; 23 /* eslint-enable @microsoft/sdl/no-insecure-url */ 24 myImg.onload = function(e) { 25 window.parent.postMessage({result: `${route}-img-ok`}, "*"); 26 }; 27 myImg.onerror = function(e) { 28 window.parent.postMessage({result: `${route}-img-error`}, "*"); 29 }; 30 </script> 31 32 </body> 33 </html>