Source code
Revision control
Copy as Markdown
Other Tools
<html>
<head>
<title>Upgrade Insecure Requests: top-frame navigation inside iframe (upgrade expected)</title>
<script>
function iframe_onload() {
var iframe = document.getElementsByTagName("iframe")[0];
iframe.onload = null;
// Enable upgrade-insecure-requests dynamically.
var meta = document.createElement('meta');
meta.httpEquiv = "Content-Security-Policy";
meta.content = "upgrade-insecure-requests";
document.getElementsByTagName('head')[0].appendChild(meta);
// This is a bit of a hack. UPGRADE doesn't upgrade the port number,
// so we specify this non-existent URL ('http' over port https port). If
// UPGRADE doesn't work, it won't load. The expected behavior is that
// the url is upgraded and the page loads.
iframe.src =
}
</script>
</head>
<body>
<iframe
sandbox = "allow-scripts allow-top-navigation"
src = "./resources/dummy.html"
onload = "iframe_onload()"
></iframe>
</body>
</html>