content/base/test/csp/file_CSP_frameancestors.sjs@6474c204b198 (annotated)
content/base/test/csp/file_CSP_frameancestors.sjs
Wed, 31 Dec 2014 06:09:35 +0100
- author
- Michael Schloh von Bennewitz <michael@schloh.com>
- date
- Wed, 31 Dec 2014 06:09:35 +0100
- changeset 0
- 6474c204b198
- permissions
- -rw-r--r--
Cloned upstream origin tor-browser at tor-browser-31.3.0esr-4.5-1-build1
revision ID fc1c9ff7c1b2defdbc039f12214767608f46423f for hacking purpose.
| michael@0 | 1 | // SJS file for CSP frame ancestor mochitests |
| michael@0 | 2 | function handleRequest(request, response) |
| michael@0 | 3 | { |
| michael@0 | 4 | var query = {}; |
| michael@0 | 5 | request.queryString.split('&').forEach(function (val) { |
| michael@0 | 6 | var [name, value] = val.split('='); |
| michael@0 | 7 | query[name] = unescape(value); |
| michael@0 | 8 | }); |
| michael@0 | 9 | |
| michael@0 | 10 | var isPreflight = request.method == "OPTIONS"; |
| michael@0 | 11 | |
| michael@0 | 12 | |
| michael@0 | 13 | //avoid confusing cache behaviors |
| michael@0 | 14 | response.setHeader("Cache-Control", "no-cache", false); |
| michael@0 | 15 | |
| michael@0 | 16 | // grab the desired policy from the query, and then serve a page |
| michael@0 | 17 | if (query['csp']) |
| michael@0 | 18 | response.setHeader("X-Content-Security-Policy", |
| michael@0 | 19 | unescape(query['csp']), |
| michael@0 | 20 | false); |
| michael@0 | 21 | if (query['scriptedreport']) { |
| michael@0 | 22 | // spit back a script that records that the page loaded |
| michael@0 | 23 | response.setHeader("Content-Type", "text/javascript", false); |
| michael@0 | 24 | if (query['double']) |
| michael@0 | 25 | response.write('window.parent.parent.parent.postMessage({call: "frameLoaded", testname: "' + query['scriptedreport'] + '", uri: "window.location.toString()"}, "*");'); |
| michael@0 | 26 | else |
| michael@0 | 27 | response.write('window.parent.parent.postMessage({call: "frameLoaded", testname: "' + query['scriptedreport'] + '", uri: "window.location.toString()"}, "*");'); |
| michael@0 | 28 | } else if (query['internalframe']) { |
| michael@0 | 29 | // spit back an internal iframe (one that might be blocked) |
| michael@0 | 30 | response.setHeader("Content-Type", "text/html", false); |
| michael@0 | 31 | response.write('<html><head>'); |
| michael@0 | 32 | if (query['double']) |
| michael@0 | 33 | response.write('<script src="file_CSP_frameancestors.sjs?double=1&scriptedreport=' + query['testid'] + '"></script>'); |
| michael@0 | 34 | else |
| michael@0 | 35 | response.write('<script src="file_CSP_frameancestors.sjs?scriptedreport=' + query['testid'] + '"></script>'); |
| michael@0 | 36 | response.write('</head><body>'); |
| michael@0 | 37 | response.write(unescape(query['internalframe'])); |
| michael@0 | 38 | response.write('</body></html>'); |
| michael@0 | 39 | } else if (query['externalframe']) { |
| michael@0 | 40 | // spit back an internal iframe (one that won't be blocked, and probably |
| michael@0 | 41 | // has no CSP) |
| michael@0 | 42 | response.setHeader("Content-Type", "text/html", false); |
| michael@0 | 43 | response.write('<html><head>'); |
| michael@0 | 44 | response.write('</head><body>'); |
| michael@0 | 45 | response.write(unescape(query['externalframe'])); |
| michael@0 | 46 | response.write('</body></html>'); |
| michael@0 | 47 | } else { |
| michael@0 | 48 | // default case: error. |
| michael@0 | 49 | response.setHeader("Content-Type", "text/html", false); |
| michael@0 | 50 | response.write('<html><body>'); |
| michael@0 | 51 | response.write("ERROR: not sure what to serve."); |
| michael@0 | 52 | response.write('</body></html>'); |
| michael@0 | 53 | } |
| michael@0 | 54 | } |
