content/base/test/csp/file_csp_report.sjs@6474c204b198 (annotated)
content/base/test/csp/file_csp_report.sjs
Wed, 31 Dec 2014 06:09:35 +0100
- author
- Michael Schloh von Bennewitz <michael@schloh.com>
- date
- Wed, 31 Dec 2014 06:09:35 +0100
- changeset 0
- 6474c204b198
- permissions
- -rw-r--r--
Cloned upstream origin tor-browser at tor-browser-31.3.0esr-4.5-1-build1
revision ID fc1c9ff7c1b2defdbc039f12214767608f46423f for hacking purpose.
| michael@0 | 1 | // SJS file for CSP violation report test |
| michael@0 | 2 | // https://bugzilla.mozilla.org/show_bug.cgi?id=548193 |
| michael@0 | 3 | function handleRequest(request, response) |
| michael@0 | 4 | { |
| michael@0 | 5 | var query = {}; |
| michael@0 | 6 | request.queryString.split('&').forEach(function (val) { |
| michael@0 | 7 | var [name, value] = val.split('='); |
| michael@0 | 8 | query[name] = unescape(value); |
| michael@0 | 9 | }); |
| michael@0 | 10 | |
| michael@0 | 11 | response.setHeader("Content-Type", "text/html", false); |
| michael@0 | 12 | |
| michael@0 | 13 | // avoid confusing cache behaviors |
| michael@0 | 14 | response.setHeader("Cache-Control", "no-cache", false); |
| michael@0 | 15 | |
| michael@0 | 16 | // set CSP header |
| michael@0 | 17 | response.setHeader("X-Content-Security-Policy", |
| michael@0 | 18 | "allow 'self'; report-uri http://mochi.test:8888/csp-report.cgi", |
| michael@0 | 19 | false); |
| michael@0 | 20 | |
| michael@0 | 21 | // content which will trigger a violation report |
| michael@0 | 22 | response.write('<html><body>'); |
| michael@0 | 23 | response.write('<img src="http://example.org/tests/content/base/test/file_CSP.sjs?testid=img_bad&type=img/png"> </img>'); |
| michael@0 | 24 | response.write('</body></html>'); |
| michael@0 | 25 | } |
