31 lines
1.3 KiB
HTML
31 lines
1.3 KiB
HTML
<html>
|
|
<head>
|
|
<title>Upgrade Insecure Requests: top-frame navigation inside iframe (upgrade expected)</title>
|
|
<script>
|
|
function iframe_onload() {
|
|
var iframe = document.getElementsByTagName("iframe")[0];
|
|
iframe.onload = null;
|
|
|
|
// Enable upgrade-insecure-requests dynamically.
|
|
var meta = document.createElement('meta');
|
|
meta.httpEquiv = "Content-Security-Policy";
|
|
meta.content = "upgrade-insecure-requests";
|
|
document.getElementsByTagName('head')[0].appendChild(meta);
|
|
|
|
// This is a bit of a hack. UPGRADE doesn't upgrade the port number,
|
|
// so we specify this non-existent URL ('http' over port https port). If
|
|
// UPGRADE doesn't work, it won't load. The expected behavior is that
|
|
// the url is upgraded and the page loads.
|
|
iframe.src =
|
|
"https://{{domains[www]}}:{{ports[https][0]}}/upgrade-insecure-requests/link-upgrade/resources/navigate-top-frame.sub.html?url=http://{{host}}:{{ports[https][0]}}/upgrade-insecure-requests/link-upgrade/resources/post-message-to-opener.sub.html%3Fmessage=iframe-top-navigation-upgrade-meta"
|
|
}
|
|
</script>
|
|
</head>
|
|
<body>
|
|
<iframe
|
|
sandbox = "allow-scripts allow-top-navigation"
|
|
src = "./resources/dummy.html"
|
|
onload = "iframe_onload()"
|
|
></iframe>
|
|
</body>
|
|
</html>
|