<html> | |
<head><title>Page that runs insecure content in an iframe with strict blocking</title></head> | |
<meta http-equiv="Content-Security-Policy" content="block-all-mixed-content"> | |
<body> | |
This page contains an iframe which loads contents over an http connection, | |
which would cause insecure content when this page is loaded over https, but | |
mixed content is strictly blocked with CSP.<br> | |
<iframe src="https://REPLACE_WITH_HOST_AND_PORT/ssl/iframe_with_insecure_content.html"/> | |
</body> | |
</html> |