diff options
Diffstat (limited to 'testing/web-platform/tests/upgrade-insecure-requests/link-upgrade')
20 files changed, 177 insertions, 0 deletions
diff --git a/testing/web-platform/tests/upgrade-insecure-requests/link-upgrade/basic-link-no-upgrade.sub.html b/testing/web-platform/tests/upgrade-insecure-requests/link-upgrade/basic-link-no-upgrade.sub.html new file mode 100644 index 0000000000..c1a600f525 --- /dev/null +++ b/testing/web-platform/tests/upgrade-insecure-requests/link-upgrade/basic-link-no-upgrade.sub.html @@ -0,0 +1,19 @@ +<html> + <title>Upgrade Insecure Requests: link no upgrade.</title> + <head> + <script> + function click() { + document.getElementById("link").click(); + } + </script> + </head> + <body onload="click()"> + <!-- + This is a bit of a hack. UPGRADE doesn't upgrade the port number. So if + the url is upgraded, the url becomes invalid (https over the http port). + The expected behavior is that the url is not upgraded and the page loads. + --> + <a id="link" + href="http://{{domains[www]}}:{{ports[http][0]}}/upgrade-insecure-requests/link-upgrade/resources/post-message-to-opener.sub.html?message=basic-link-no-upgrade"> Click me </a> + </body> +</html> diff --git a/testing/web-platform/tests/upgrade-insecure-requests/link-upgrade/basic-link-no-upgrade.sub.html.headers b/testing/web-platform/tests/upgrade-insecure-requests/link-upgrade/basic-link-no-upgrade.sub.html.headers new file mode 100644 index 0000000000..602d9dc38d --- /dev/null +++ b/testing/web-platform/tests/upgrade-insecure-requests/link-upgrade/basic-link-no-upgrade.sub.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: upgrade-insecure-requests diff --git a/testing/web-platform/tests/upgrade-insecure-requests/link-upgrade/basic-link-upgrade.sub.html b/testing/web-platform/tests/upgrade-insecure-requests/link-upgrade/basic-link-upgrade.sub.html new file mode 100644 index 0000000000..ef41d3e9c7 --- /dev/null +++ b/testing/web-platform/tests/upgrade-insecure-requests/link-upgrade/basic-link-upgrade.sub.html @@ -0,0 +1,19 @@ +<html> + <title>Upgrade Insecure Requests: link upgrade.</title> + <head> + <script> + function click() { + document.getElementById("link").click(); + } + </script> + </head> + <body onload="click()"> + <!-- + This is a bit of a hack. UPGRADE doesn't upgrade the port number, so we + specify this non-existent URL ('http' over https port). If UPGRADE doesn't + work, it won't load. The expected behavior is that the url is upgraded and + the page loads. + --> + <a id="link" href="http://{{host}}:{{ports[https][0]}}/upgrade-insecure-requests/link-upgrade/resources/post-message-to-opener.sub.html?message=basic-link-upgrade"> Click me </a> + </body> +</html> diff --git a/testing/web-platform/tests/upgrade-insecure-requests/link-upgrade/basic-link-upgrade.sub.html.headers b/testing/web-platform/tests/upgrade-insecure-requests/link-upgrade/basic-link-upgrade.sub.html.headers new file mode 100644 index 0000000000..602d9dc38d --- /dev/null +++ b/testing/web-platform/tests/upgrade-insecure-requests/link-upgrade/basic-link-upgrade.sub.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: upgrade-insecure-requests diff --git a/testing/web-platform/tests/upgrade-insecure-requests/link-upgrade/iframe-link-upgrade.sub.html b/testing/web-platform/tests/upgrade-insecure-requests/link-upgrade/iframe-link-upgrade.sub.html new file mode 100644 index 0000000000..ed058b6154 --- /dev/null +++ b/testing/web-platform/tests/upgrade-insecure-requests/link-upgrade/iframe-link-upgrade.sub.html @@ -0,0 +1,11 @@ +<!-- + This document has set "Content-Security-Policy: upgrade-insecure-requests". It + contains an iframe. This iframe clicks on a link to the same host. The link + must be upgraded. + + This is a bit of a hack. UPGRADE doesn't upgrade the port number. So if + the url is not upgraded, the url is invalid (http over the https port). + The expected behavior is that the url is upgraded and the page loads. +--> +<iframe src= "./resources/click-on-link.sub.html?url=http://{{host}}:{{ports[https][0]}}/upgrade-insecure-requests/link-upgrade/resources/post-message-to-opener.sub.html%3Fmessage=iframe-link-upgrade"> +</iframe> diff --git a/testing/web-platform/tests/upgrade-insecure-requests/link-upgrade/iframe-link-upgrade.sub.html.headers b/testing/web-platform/tests/upgrade-insecure-requests/link-upgrade/iframe-link-upgrade.sub.html.headers new file mode 100644 index 0000000000..602d9dc38d --- /dev/null +++ b/testing/web-platform/tests/upgrade-insecure-requests/link-upgrade/iframe-link-upgrade.sub.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: upgrade-insecure-requests diff --git a/testing/web-platform/tests/upgrade-insecure-requests/link-upgrade/iframe-top-navigation-no-upgrade-1.sub.html b/testing/web-platform/tests/upgrade-insecure-requests/link-upgrade/iframe-top-navigation-no-upgrade-1.sub.html new file mode 100644 index 0000000000..1b514e2da7 --- /dev/null +++ b/testing/web-platform/tests/upgrade-insecure-requests/link-upgrade/iframe-top-navigation-no-upgrade-1.sub.html @@ -0,0 +1,16 @@ +<html> + <head> + <title>Upgrade Insecure Requests: top-frame navigation inside iframe (no upgrade expected)</title> + </head> + <body> + <!-- + This is a bit of a hack. UPGRADE doesn't upgrade the port number. So if the + url is upgraded, the url becomes invalid (https over the http port). The + expected behavior is that the url is not upgraded and the page loads. + --> + <iframe + sandbox="allow-scripts allow-top-navigation" + src="https://{{domains[www]}}:{{ports[https][0]}}/upgrade-insecure-requests/link-upgrade/resources/navigate-top-frame.sub.html?url=http://{{domains[www]}}:{{ports[http][1]}}/upgrade-insecure-requests/link-upgrade/resources/post-message-to-opener.sub.html%3Fmessage=iframe-top-navigation-no-upgrade-1" + ></iframe> + </body> +</html> diff --git a/testing/web-platform/tests/upgrade-insecure-requests/link-upgrade/iframe-top-navigation-no-upgrade-1.sub.html.headers b/testing/web-platform/tests/upgrade-insecure-requests/link-upgrade/iframe-top-navigation-no-upgrade-1.sub.html.headers new file mode 100644 index 0000000000..602d9dc38d --- /dev/null +++ b/testing/web-platform/tests/upgrade-insecure-requests/link-upgrade/iframe-top-navigation-no-upgrade-1.sub.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: upgrade-insecure-requests diff --git a/testing/web-platform/tests/upgrade-insecure-requests/link-upgrade/iframe-top-navigation-no-upgrade-2.sub.html b/testing/web-platform/tests/upgrade-insecure-requests/link-upgrade/iframe-top-navigation-no-upgrade-2.sub.html new file mode 100644 index 0000000000..386a86fdbd --- /dev/null +++ b/testing/web-platform/tests/upgrade-insecure-requests/link-upgrade/iframe-top-navigation-no-upgrade-2.sub.html @@ -0,0 +1,16 @@ +<html> + <head> + <title>Upgrade Insecure Requests: top-frame navigation inside iframe (no upgrade expected)</title> + </head> + <body> + <!-- + This is a bit of a hack. UPGRADE doesn't upgrade the port number. So if the + url is upgraded, the url becomes invalid (https over the http port). The + expected behavior is that the url is not upgraded and the page loads. + --> + <iframe + sandbox="allow-scripts allow-top-navigation" + src="https://{{domains[www]}}:{{ports[https][0]}}/upgrade-insecure-requests/link-upgrade/resources/navigate-top-frame-upgrade.sub.html?url=http://{{host}}:{{ports[http][0]}}/upgrade-insecure-requests/link-upgrade/resources/post-message-to-opener.sub.html%3Fmessage=iframe-top-navigation-no-upgrade-2" + ></iframe> + </body> +</html> diff --git a/testing/web-platform/tests/upgrade-insecure-requests/link-upgrade/iframe-top-navigation-upgrade-1.sub.html b/testing/web-platform/tests/upgrade-insecure-requests/link-upgrade/iframe-top-navigation-upgrade-1.sub.html new file mode 100644 index 0000000000..13c76e82c8 --- /dev/null +++ b/testing/web-platform/tests/upgrade-insecure-requests/link-upgrade/iframe-top-navigation-upgrade-1.sub.html @@ -0,0 +1,17 @@ +<html> + <head> + <title>Upgrade Insecure Requests: top-frame navigation inside iframe (upgrade expected)</title> + </head> + <body> + <!-- + This is a bit of a hack. UPGRADE doesn't upgrade the port number, so we + specify this non-existent URL ('http' over https port). If UPGRADE doesn't + work, it won't load. The expected behavior is that the url is upgraded and + the page loads. + --> + <iframe + sandbox="allow-scripts allow-top-navigation" + src="https://{{domains[www]}}:{{ports[https][0]}}/upgrade-insecure-requests/link-upgrade/resources/navigate-top-frame.sub.html?url=http://{{host}}:{{ports[https][0]}}/upgrade-insecure-requests/link-upgrade/resources/post-message-to-opener.sub.html%3Fmessage=iframe-top-navigation-upgrade-1" + ></iframe> + </body> +</html> diff --git a/testing/web-platform/tests/upgrade-insecure-requests/link-upgrade/iframe-top-navigation-upgrade-1.sub.html.headers b/testing/web-platform/tests/upgrade-insecure-requests/link-upgrade/iframe-top-navigation-upgrade-1.sub.html.headers new file mode 100644 index 0000000000..602d9dc38d --- /dev/null +++ b/testing/web-platform/tests/upgrade-insecure-requests/link-upgrade/iframe-top-navigation-upgrade-1.sub.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: upgrade-insecure-requests diff --git a/testing/web-platform/tests/upgrade-insecure-requests/link-upgrade/iframe-top-navigation-upgrade-2.sub.html b/testing/web-platform/tests/upgrade-insecure-requests/link-upgrade/iframe-top-navigation-upgrade-2.sub.html new file mode 100644 index 0000000000..651d76d93b --- /dev/null +++ b/testing/web-platform/tests/upgrade-insecure-requests/link-upgrade/iframe-top-navigation-upgrade-2.sub.html @@ -0,0 +1,17 @@ +<html> + <head> + <title>Upgrade Insecure Requests: top-frame navigation inside iframe (upgrade expected)</title> + </head> + <body> + <!-- + This is a bit of a hack. UPGRADE doesn't upgrade the port number, so we + specify this non-existent URL ('http' over https port). If UPGRADE doesn't + work, it won't load. The expected behavior is that the url is upgraded and + the page loads. + --> + <iframe + sandbox="allow-scripts allow-top-navigation" + src="https://{{domains[www]}}:{{ports[https][0]}}/upgrade-insecure-requests/link-upgrade/resources/navigate-top-frame-upgrade.sub.html?url=http://{{domains[www]}}:{{ports[https][0]}}/upgrade-insecure-requests/link-upgrade/resources/post-message-to-opener.sub.html%3Fmessage=iframe-top-navigation-upgrade-2" + ></iframe> + </body> +</html> diff --git a/testing/web-platform/tests/upgrade-insecure-requests/link-upgrade/iframe-top-navigation-upgrade-2.sub.html.headers b/testing/web-platform/tests/upgrade-insecure-requests/link-upgrade/iframe-top-navigation-upgrade-2.sub.html.headers new file mode 100644 index 0000000000..602d9dc38d --- /dev/null +++ b/testing/web-platform/tests/upgrade-insecure-requests/link-upgrade/iframe-top-navigation-upgrade-2.sub.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: upgrade-insecure-requests diff --git a/testing/web-platform/tests/upgrade-insecure-requests/link-upgrade/iframe-top-navigation-upgrade-meta.sub.html b/testing/web-platform/tests/upgrade-insecure-requests/link-upgrade/iframe-top-navigation-upgrade-meta.sub.html new file mode 100644 index 0000000000..e43050eb5b --- /dev/null +++ b/testing/web-platform/tests/upgrade-insecure-requests/link-upgrade/iframe-top-navigation-upgrade-meta.sub.html @@ -0,0 +1,31 @@ +<html> + <head> + <title>Upgrade Insecure Requests: top-frame navigation inside iframe (upgrade expected)</title> + <script> + function iframe_onload() { + var iframe = document.getElementsByTagName("iframe")[0]; + iframe.onload = null; + + // Enable upgrade-insecure-requests dynamically. + var meta = document.createElement('meta'); + meta.httpEquiv = "Content-Security-Policy"; + meta.content = "upgrade-insecure-requests"; + document.getElementsByTagName('head')[0].appendChild(meta); + + // This is a bit of a hack. UPGRADE doesn't upgrade the port number, + // so we specify this non-existent URL ('http' over port https port). If + // UPGRADE doesn't work, it won't load. The expected behavior is that + // the url is upgraded and the page loads. + iframe.src = + "https://{{domains[www]}}:{{ports[https][0]}}/upgrade-insecure-requests/link-upgrade/resources/navigate-top-frame.sub.html?url=http://{{host}}:{{ports[https][0]}}/upgrade-insecure-requests/link-upgrade/resources/post-message-to-opener.sub.html%3Fmessage=iframe-top-navigation-upgrade-meta" + } + </script> + </head> + <body> + <iframe + sandbox = "allow-scripts allow-top-navigation" + src = "./resources/dummy.html" + onload = "iframe_onload()" + ></iframe> + </body> +</html> diff --git a/testing/web-platform/tests/upgrade-insecure-requests/link-upgrade/resources/click-on-link.sub.html b/testing/web-platform/tests/upgrade-insecure-requests/link-upgrade/resources/click-on-link.sub.html new file mode 100644 index 0000000000..d2899c8873 --- /dev/null +++ b/testing/web-platform/tests/upgrade-insecure-requests/link-upgrade/resources/click-on-link.sub.html @@ -0,0 +1,10 @@ +<body> + coucou + <a href="{{GET[url]}}">Click me</a> +</body> + +<script> + window.addEventListener("load", function() { + document.getElementsByTagName("a")[0].click(); + }) +</script> diff --git a/testing/web-platform/tests/upgrade-insecure-requests/link-upgrade/resources/dummy.html b/testing/web-platform/tests/upgrade-insecure-requests/link-upgrade/resources/dummy.html new file mode 100644 index 0000000000..1c56b51665 --- /dev/null +++ b/testing/web-platform/tests/upgrade-insecure-requests/link-upgrade/resources/dummy.html @@ -0,0 +1 @@ +I am not an interesting file... diff --git a/testing/web-platform/tests/upgrade-insecure-requests/link-upgrade/resources/navigate-top-frame-upgrade.sub.html b/testing/web-platform/tests/upgrade-insecure-requests/link-upgrade/resources/navigate-top-frame-upgrade.sub.html new file mode 100644 index 0000000000..35332900d1 --- /dev/null +++ b/testing/web-platform/tests/upgrade-insecure-requests/link-upgrade/resources/navigate-top-frame-upgrade.sub.html @@ -0,0 +1,5 @@ +<script> + window.addEventListener("load", function() { + window.top.location.href = "{{GET[url]}}"; + }) +</script> diff --git a/testing/web-platform/tests/upgrade-insecure-requests/link-upgrade/resources/navigate-top-frame-upgrade.sub.html.headers b/testing/web-platform/tests/upgrade-insecure-requests/link-upgrade/resources/navigate-top-frame-upgrade.sub.html.headers new file mode 100644 index 0000000000..602d9dc38d --- /dev/null +++ b/testing/web-platform/tests/upgrade-insecure-requests/link-upgrade/resources/navigate-top-frame-upgrade.sub.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: upgrade-insecure-requests diff --git a/testing/web-platform/tests/upgrade-insecure-requests/link-upgrade/resources/navigate-top-frame.sub.html b/testing/web-platform/tests/upgrade-insecure-requests/link-upgrade/resources/navigate-top-frame.sub.html new file mode 100644 index 0000000000..35332900d1 --- /dev/null +++ b/testing/web-platform/tests/upgrade-insecure-requests/link-upgrade/resources/navigate-top-frame.sub.html @@ -0,0 +1,5 @@ +<script> + window.addEventListener("load", function() { + window.top.location.href = "{{GET[url]}}"; + }) +</script> diff --git a/testing/web-platform/tests/upgrade-insecure-requests/link-upgrade/resources/post-message-to-opener.sub.html b/testing/web-platform/tests/upgrade-insecure-requests/link-upgrade/resources/post-message-to-opener.sub.html new file mode 100644 index 0000000000..5cf2df5732 --- /dev/null +++ b/testing/web-platform/tests/upgrade-insecure-requests/link-upgrade/resources/post-message-to-opener.sub.html @@ -0,0 +1,3 @@ +<script> + top.opener.postMessage("{{GET[message]}}", "*"); +</script> |