1 files changed, 34 insertions, 0 deletions

diff --git a/testing/web-platform/tests/content-security-policy/form-action/form-action-src-redirect-allowed-target-frame.sub.html b/testing/web-platform/tests/content-security-policy/form-action/form-action-src-redirect-allowed-target-frame.sub.html
new file mode 100644
index 0000000000..6afd4459b0
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/form-action/form-action-src-redirect-allowed-target-frame.sub.html
@@ -0,0 +1,34 @@
+<!DOCTYPE html>
+<html>
+<head>
+  <title>form-action-src-redirect-allowed-target-frame</title>
+  <meta http-equiv="Content-Security-Policy" content="form-action 'self'">
+  <script src="/resources/testharness.js"></script>
+  <script src="/resources/testharnessreport.js"></script>
+  <script>
+    function OnDocumentLoaded() {
+      let test = async_test("form submission targetting a frame allowed after a redirect");
+      window.addEventListener("message", function(event) {
+        if (event.data == "DocumentNotBlocked") {
+          test.done();
+        }
+      });
+
+      let form = document.getElementById("form");
+      let final_url = "/content-security-policy/form-action/support/post-message-to-parent.sub.html?message=DocumentNotBlocked";
+      let redirect_url = "/common/redirect.py?location=";
+      form.action = redirect_url + encodeURIComponent(final_url);
+
+      let submit = document.getElementById("submit");
+      submit.click();
+    }
+  </script>
+</head>
+<body onload="OnDocumentLoaded();">
+  <form id="form" method="POST" target="frame">
+    <input type="submit" id="submit">
+  </form>
+  <iframe name="frame"></iframe>
+</body>
+</html>
+