1 files changed, 31 insertions, 0 deletions

diff --git a/testing/web-platform/tests/upgrade-insecure-requests/link-upgrade/iframe-top-navigation-upgrade-meta.sub.html b/testing/web-platform/tests/upgrade-insecure-requests/link-upgrade/iframe-top-navigation-upgrade-meta.sub.html
new file mode 100644
index 0000000000..e43050eb5b
--- /dev/null
+++ b/testing/web-platform/tests/upgrade-insecure-requests/link-upgrade/iframe-top-navigation-upgrade-meta.sub.html
@@ -0,0 +1,31 @@
+<html>
+  <head>
+    <title>Upgrade Insecure Requests: top-frame navigation inside iframe (upgrade expected)</title>
+    <script>
+      function iframe_onload() {
+        var iframe = document.getElementsByTagName("iframe")[0];
+        iframe.onload = null;
+
+        // Enable upgrade-insecure-requests dynamically.
+        var meta = document.createElement('meta');
+        meta.httpEquiv = "Content-Security-Policy";
+        meta.content = "upgrade-insecure-requests";
+        document.getElementsByTagName('head')[0].appendChild(meta);
+
+        // This is a bit of a hack. UPGRADE doesn't upgrade the port number,
+        // so we specify this non-existent URL ('http' over port https port). If
+        // UPGRADE doesn't work, it won't load. The expected behavior is that
+        // the url is upgraded and the page loads.
+        iframe.src =
+          "https://{{domains[www]}}:{{ports[https][0]}}/upgrade-insecure-requests/link-upgrade/resources/navigate-top-frame.sub.html?url=http://{{host}}:{{ports[https][0]}}/upgrade-insecure-requests/link-upgrade/resources/post-message-to-opener.sub.html%3Fmessage=iframe-top-navigation-upgrade-meta"
+      }
+    </script>
+  </head>
+  <body>
+    <iframe
+      sandbox = "allow-scripts allow-top-navigation"
+      src = "./resources/dummy.html"
+      onload = "iframe_onload()"
+    ></iframe>
+  </body>
+</html>