iframe-top-navigation-upgrade-meta.sub.html (1356B)
1 <html> 2 <head> 3 <title>Upgrade Insecure Requests: top-frame navigation inside iframe (upgrade expected)</title> 4 <script> 5 function iframe_onload() { 6 var iframe = document.getElementsByTagName("iframe")[0]; 7 iframe.onload = null; 8 9 // Enable upgrade-insecure-requests dynamically. 10 var meta = document.createElement('meta'); 11 meta.httpEquiv = "Content-Security-Policy"; 12 meta.content = "upgrade-insecure-requests"; 13 document.getElementsByTagName('head')[0].appendChild(meta); 14 15 // This is a bit of a hack. UPGRADE doesn't upgrade the port number, 16 // so we specify this non-existent URL ('http' over port https port). If 17 // UPGRADE doesn't work, it won't load. The expected behavior is that 18 // the url is upgraded and the page loads. 19 iframe.src = 20 "https://{{domains[www]}}:{{ports[https][0]}}/upgrade-insecure-requests/link-upgrade/resources/navigate-top-frame.sub.html?url=http://{{host}}:{{ports[https][0]}}/upgrade-insecure-requests/link-upgrade/resources/post-message-to-opener.sub.html%3Fmessage=iframe-top-navigation-upgrade-meta" 21 } 22 </script> 23 </head> 24 <body> 25 <iframe 26 sandbox = "allow-scripts allow-top-navigation" 27 src = "./resources/dummy.html" 28 onload = "iframe_onload()" 29 ></iframe> 30 </body> 31 </html>