PlzNavigate: Enforce 'form-action' CSP on the browser-side.

third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/form-action-src-default-ignored-with-redirect.html

Index: third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/form-action-src-default-ignored-with-redirect.html
diff --git a/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/form-action-src-default-ignored-with-redirect.html b/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/form-action-src-default-ignored-with-redirect.html
new file mode 100644
index 0000000000000000000000000000000000000000..a37df22d1e9bd8a6c1281b48bf356f650ce06fe0
--- /dev/null
+++ b/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/form-action-src-default-ignored-with-redirect.html
@@ -0,0 +1,34 @@
+<!DOCTYPE html>
+<html>
+<head>
+<meta http-equiv="Content-Security-Policy" content="default-src 'none'; script-src 'unsafe-inline'">
+<script>
+  if (window.testRunner) {
+    testRunner.dumpAsText();
+    testRunner.waitUntilDone();
+    testRunner.clearBackForwardList();
+    testRunner.dumpBackForwardList();
+  }
+  window.addEventListener('load', function() {
+    setTimeout(function() {
+      document.getElementById('submit').click();
+    }, 0);
+  });
+</script>
+</head>
+<body>
+  <form
+    action="/resources/redirection-response.php?status=302&target=/navigation/resources/form-target.pl"
+    id='theform'
+    method='post'>
+    <input type='text' name='fieldname' value='fieldvalue'>
+    <input type='submit' id='submit' value='submit'>
+  </form>
+
+  <p>
+    Tests that 'form-action' doesn't fallback on 'default-src', even when
+    there is a redirect. If this test passes, you will see a page indicating
+    a form was POSTed.
+  </p>
+</body>
+</html>