content/base/test/csp/file_csp_report.sjs@b8a032363ba2 (annotated)
content/base/test/csp/file_csp_report.sjs
Thu, 22 Jan 2015 13:21:57 +0100
- author
- Michael Schloh von Bennewitz <michael@schloh.com>
- date
- Thu, 22 Jan 2015 13:21:57 +0100
- branch
- TOR_BUG_9701
- changeset 15
- b8a032363ba2
- permissions
- -rw-r--r--
Incorporate requested changes from Mozilla in review:
https://bugzilla.mozilla.org/show_bug.cgi?id=1123480#c6
| michael@0 | 1 | // SJS file for CSP violation report test |
| michael@0 | 2 | // https://bugzilla.mozilla.org/show_bug.cgi?id=548193 |
| michael@0 | 3 | function handleRequest(request, response) |
| michael@0 | 4 | { |
| michael@0 | 5 | var query = {}; |
| michael@0 | 6 | request.queryString.split('&').forEach(function (val) { |
| michael@0 | 7 | var [name, value] = val.split('='); |
| michael@0 | 8 | query[name] = unescape(value); |
| michael@0 | 9 | }); |
| michael@0 | 10 | |
| michael@0 | 11 | response.setHeader("Content-Type", "text/html", false); |
| michael@0 | 12 | |
| michael@0 | 13 | // avoid confusing cache behaviors |
| michael@0 | 14 | response.setHeader("Cache-Control", "no-cache", false); |
| michael@0 | 15 | |
| michael@0 | 16 | // set CSP header |
| michael@0 | 17 | response.setHeader("X-Content-Security-Policy", |
| michael@0 | 18 | "allow 'self'; report-uri http://mochi.test:8888/csp-report.cgi", |
| michael@0 | 19 | false); |
| michael@0 | 20 | |
| michael@0 | 21 | // content which will trigger a violation report |
| michael@0 | 22 | response.write('<html><body>'); |
| michael@0 | 23 | response.write('<img src="http://example.org/tests/content/base/test/file_CSP.sjs?testid=img_bad&type=img/png"> </img>'); |
| michael@0 | 24 | response.write('</body></html>'); |
| michael@0 | 25 | } |
