upgrade-insecure-requests-reporting.https.html (3282B)
1 <!doctype html> 2 <script src="/resources/testharness.js"></script> 3 <script src="/resources/testharnessreport.js"></script> 4 <script src="/common/security-features/resources/common.sub.js"></script> 5 <body></body> 6 <script> 7 function waitForViolation(el, effective_directive) { 8 return new Promise(resolve => { 9 el.addEventListener('securitypolicyviolation', e => { 10 if (e.effectiveDirective == effective_directive) 11 resolve(e); 12 }); 13 }); 14 } 15 16 async_test(t => { 17 var url = getRequestURLs("img-tag", 18 "same-http-downgrade", 19 "no-redirect").testUrl; 20 var i = document.createElement('img'); 21 var loaded = false; 22 var reported = false; 23 waitForViolation(window, "img-src") 24 .then(t.step_func(e => { 25 reported = true; 26 if (loaded) 27 t.done(); 28 })); 29 i.onload = t.step_func(_ => { 30 loaded = true; 31 if (reported) 32 t.done(); 33 }); 34 i.onerror = t.unreached_func(url + " should load successfully."); 35 i.src = url; 36 document.body.appendChild(i); 37 }, "Upgraded image is reported"); 38 39 async_test(t => { 40 var url = getRequestURLs("iframe-tag", 41 "same-http-downgrade", 42 "no-redirect").testUrl; 43 var i = document.createElement('iframe'); 44 var loaded = false; 45 var reported = false; 46 waitForViolation(window, "frame-src") 47 .then(t.step_func(e => { 48 reported = true; 49 if (loaded) 50 t.done(); 51 })); 52 window.addEventListener("message", t.step_func(e => { 53 if (e.source == i.contentWindow) { 54 i.remove(); 55 loaded = true; 56 if (reported) 57 t.done(); 58 } 59 })); 60 i.src = url; 61 document.body.appendChild(i); 62 }, "Upgraded iframe is reported"); 63 64 async_test(t => { 65 // Load an HTTPS iframe, then navigate it to an HTTP URL and check that the HTTP URL is both upgraded and reported. 66 var url = getRequestURLs("iframe-tag", 67 "same-https", 68 "no-redirect").testUrl; 69 var navigate_to = getRequestURLs("iframe-tag", 70 "cross-http-downgrade", 71 "no-redirect").testUrl; 72 var upgraded = new URL(navigate_to); 73 upgraded.protocol = "https"; 74 75 var i = document.createElement('iframe'); 76 var loaded = false; 77 var reported = false; 78 79 window.addEventListener("message", t.step_func(e => { 80 if (e.source == i.contentWindow) { 81 if (e.data.location == url) { 82 waitForViolation(window, "frame-src") 83 .then(t.step_func(e => { 84 reported = true; 85 if (loaded) 86 t.done(); 87 })); 88 i.contentWindow.location.href = navigate_to; 89 } else if (e.data.location == upgraded) { 90 loaded = true; 91 if (reported) 92 t.done(); 93 } 94 } 95 })); 96 i.src = url; 97 document.body.appendChild(i); 98 }, "Navigated iframe is upgraded and reported"); 99 </script> 100 </html>