// META: script=resources/util.js

async_test((t) => {
  // This test requires a navigation with a non-safe (i.e. non-GET) HTTP
  // response, which the Critical-CH spec says to ignore. The most
  // "straight-forward" way to do this in JS is by making a form with an
  // unsafe method (e.g. POST) method and submit it.

  // Build the form DOM element
  var form = document.createElement("form");
  form.setAttribute("method", "post");
  form.setAttribute("action", ECHO_URL);
  form.setAttribute("target", "popup"); //don't navigate away from the page running the test...
  document.body.appendChild(form);

  window.addEventListener('message', (e) => {
    t.step(()=>{assert_equals(e.data, "FAIL")});
    t.done();
  });

  var popup_window = window.open("/common/blank.html", "popup");
  assert_not_equals(popup_window, null, "Popup windows not allowed?");

  form.submit();
}, "Critical-CH unsafe method")

async_test((t) => {
  // This test requires a navigation with a non-safe (i.e. non-GET) HTTP
  // response, which the Critical-CH spec says to ignore. The most
  // "straight-forward" way to do this in JS is by making a form with an
  // unsafe method (e.g. POST) method and submit it.

  // Build the form DOM element
  var form = document.createElement("form");
  form.setAttribute("method", "post");
  form.setAttribute("action", ECHO_URL+"?multiple=true");
  form.setAttribute("target", "popup"); //don't navigate away from the page running the test...
  document.body.appendChild(form);

  window.addEventListener('message', (e) => {
    t.step(()=>{assert_equals(e.data, "FAIL")});
    t.done();
  });

  var popup_window = window.open("/common/blank.html", "popup");
  assert_not_equals(popup_window, null, "Popup windows not allowed?");

  form.submit();
}, "Critical-CH w/ multiple headers and unsafe method")