iframe-upgrade-request-to-same-origin.sub.https.html (870B)
1 <!DOCTYPE html> 2 <link rel="author" title="Dominic Farolino" href="dom@chromium.org"> 3 <script src="/resources/testharness.js"></script> 4 <script src="/resources/testharnessreport.js"></script> 5 <body> 6 <iframe id="iframe"></iframe> 7 <script> 8 async_test(t => { 9 const iframe = document.querySelector('iframe'); 10 const insecure_origin = new URL(location.href).origin.replace("https", "http"); 11 iframe.src = insecure_origin + '/referrer-policy/generic/resources/referrer.py'; 12 13 addEventListener('message', t.step_func_done(msg => { 14 const referrer = msg.data; 15 assert_equals(referrer, location.href, 16 "The referrer header sent for the iframe request should not be redacted"); 17 })); 18 }, "If an insecure iframe request is upgraded to https to be same-origin, " + 19 "referrer policies that consider same-origin-ness should be applied correctly"); 20 </script> 21 </body>