The Tor Browser / annotate

content/base/test/file_CrossSiteXHR_server.sjs@deefc01c0e14 (annotated)

content/base/test/file_CrossSiteXHR_server.sjs

Thu, 15 Jan 2015 21:03:48 +0100

author
Michael Schloh von Bennewitz <michael@schloh.com>
date
Thu, 15 Jan 2015 21:03:48 +0100
branch
TOR_BUG_9701
changeset 11
deefc01c0e14
permissions
-rw-r--r--

Integrate friendly tips from Tor colleagues to make (or not) 4.5 alpha 3;
This includes removal of overloaded (but unused) methods, and addition of
a overlooked call to DataStruct::SetData(nsISupports, uint32_t, bool.)

michael@0 1 const CC = Components.Constructor;
michael@0 2 const BinaryInputStream = CC("@mozilla.org/binaryinputstream;1",
michael@0 3 "nsIBinaryInputStream",
michael@0 4 "setInputStream");
michael@0 5
michael@0 6 function handleRequest(request, response)
michael@0 7 {
michael@0 8 var query = {};
michael@0 9 request.queryString.split('&').forEach(function (val) {
michael@0 10 var [name, value] = val.split('=');
michael@0 11 query[name] = unescape(value);
michael@0 12 });
michael@0 13
michael@0 14 var isPreflight = request.method == "OPTIONS";
michael@0 15
michael@0 16 var bodyStream = new BinaryInputStream(request.bodyInputStream);
michael@0 17 var bodyBytes = [];
michael@0 18 while ((bodyAvail = bodyStream.available()) > 0)
michael@0 19 Array.prototype.push.apply(bodyBytes, bodyStream.readByteArray(bodyAvail));
michael@0 20
michael@0 21 var body = decodeURIComponent(
michael@0 22 escape(String.fromCharCode.apply(null, bodyBytes)));
michael@0 23
michael@0 24 // Check that request was correct
michael@0 25
michael@0 26 if (!isPreflight && query.body && body != query.body) {
michael@0 27 sendHttp500(response, "Wrong body. Expected " + query.body + " got " +
michael@0 28 body);
michael@0 29 return;
michael@0 30 }
michael@0 31
michael@0 32 if (!isPreflight && "headers" in query) {
michael@0 33 headers = eval(query.headers);
michael@0 34 for(headerName in headers) {
michael@0 35 // Content-Type is changed if there was a body
michael@0 36 if (!(headerName == "Content-Type" && body) &&
michael@0 37 request.getHeader(headerName) != headers[headerName]) {
michael@0 38 sendHttp500(response,
michael@0 39 "Header " + headerName + " had wrong value. Expected " +
michael@0 40 headers[headerName] + " got " + request.getHeader(headerName));
michael@0 41 return;
michael@0 42 }
michael@0 43 }
michael@0 44 }
michael@0 45
michael@0 46 if (isPreflight && "requestHeaders" in query &&
michael@0 47 request.getHeader("Access-Control-Request-Headers") != query.requestHeaders) {
michael@0 48 sendHttp500(response,
michael@0 49 "Access-Control-Request-Headers had wrong value. Expected " +
michael@0 50 query.requestHeaders + " got " +
michael@0 51 request.getHeader("Access-Control-Request-Headers"));
michael@0 52 return;
michael@0 53 }
michael@0 54
michael@0 55 if (isPreflight && "requestMethod" in query &&
michael@0 56 request.getHeader("Access-Control-Request-Method") != query.requestMethod) {
michael@0 57 sendHttp500(response,
michael@0 58 "Access-Control-Request-Method had wrong value. Expected " +
michael@0 59 query.requestMethod + " got " +
michael@0 60 request.getHeader("Access-Control-Request-Method"));
michael@0 61 return;
michael@0 62 }
michael@0 63
michael@0 64 if ("origin" in query && request.getHeader("Origin") != query.origin) {
michael@0 65 sendHttp500(response,
michael@0 66 "Origin had wrong value. Expected " + query.origin + " got " +
michael@0 67 request.getHeader("Origin"));
michael@0 68 return;
michael@0 69 }
michael@0 70
michael@0 71 if ("cookie" in query) {
michael@0 72 cookies = {};
michael@0 73 request.getHeader("Cookie").split(/ *; */).forEach(function (val) {
michael@0 74 var [name, value] = val.split('=');
michael@0 75 cookies[name] = unescape(value);
michael@0 76 });
michael@0 77
michael@0 78 query.cookie.split(",").forEach(function (val) {
michael@0 79 var [name, value] = val.split('=');
michael@0 80 if (cookies[name] != value) {
michael@0 81 sendHttp500(response,
michael@0 82 "Cookie " + name + " had wrong value. Expected " + value +
michael@0 83 " got " + cookies[name]);
michael@0 84 return;
michael@0 85 }
michael@0 86 });
michael@0 87 }
michael@0 88
michael@0 89 if ("noCookie" in query && request.hasHeader("Cookie")) {
michael@0 90 sendHttp500(response,
michael@0 91 "Got cookies when didn't expect to: " + request.getHeader("Cookie"));
michael@0 92 return;
michael@0 93 }
michael@0 94
michael@0 95 // Send response
michael@0 96
michael@0 97 if (query.hop) {
michael@0 98 query.hop = parseInt(query.hop, 10);
michael@0 99 hops = eval(query.hops);
michael@0 100 query.allowOrigin = hops[query.hop-1].allowOrigin;
michael@0 101 query.allowHeaders = hops[query.hop-1].allowHeaders;
michael@0 102 }
michael@0 103
michael@0 104 if (!isPreflight && query.status) {
michael@0 105 response.setStatusLine(null, query.status, query.statusMessage);
michael@0 106 }
michael@0 107 if (isPreflight && query.preflightStatus) {
michael@0 108 response.setStatusLine(null, query.preflightStatus, "preflight status");
michael@0 109 }
michael@0 110
michael@0 111 if (query.allowOrigin && (!isPreflight || !query.noAllowPreflight))
michael@0 112 response.setHeader("Access-Control-Allow-Origin", query.allowOrigin);
michael@0 113
michael@0 114 if (query.allowCred)
michael@0 115 response.setHeader("Access-Control-Allow-Credentials", "true");
michael@0 116
michael@0 117 if (query.setCookie)
michael@0 118 response.setHeader("Set-Cookie", query.setCookie + "; path=/");
michael@0 119
michael@0 120 if (isPreflight) {
michael@0 121 if (query.allowHeaders)
michael@0 122 response.setHeader("Access-Control-Allow-Headers", query.allowHeaders);
michael@0 123
michael@0 124 if (query.allowMethods)
michael@0 125 response.setHeader("Access-Control-Allow-Methods", query.allowMethods);
michael@0 126 }
michael@0 127 else {
michael@0 128 if (query.responseHeaders) {
michael@0 129 let responseHeaders = eval(query.responseHeaders);
michael@0 130 for (let responseHeader in responseHeaders) {
michael@0 131 response.setHeader(responseHeader, responseHeaders[responseHeader]);
michael@0 132 }
michael@0 133 }
michael@0 134
michael@0 135 if (query.exposeHeaders)
michael@0 136 response.setHeader("Access-Control-Expose-Headers", query.exposeHeaders);
michael@0 137 }
michael@0 138
michael@0 139 if (query.hop && query.hop < hops.length) {
michael@0 140 newURL = hops[query.hop].server +
michael@0 141 "/tests/content/base/test/file_CrossSiteXHR_server.sjs?" +
michael@0 142 "hop=" + (query.hop + 1) + "&hops=" + query.hops;
michael@0 143 response.setStatusLine(null, 307, "redirect");
michael@0 144 response.setHeader("Location", newURL);
michael@0 145
michael@0 146 return;
michael@0 147 }
michael@0 148
michael@0 149 // Send response body
michael@0 150 if (!isPreflight && request.method != "HEAD") {
michael@0 151 response.setHeader("Content-Type", "application/xml", false);
michael@0 152 response.write("<res>hello pass</res>\n");
michael@0 153 }
michael@0 154 if (isPreflight && "preflightBody" in query) {
michael@0 155 response.setHeader("Content-Type", "text/plain", false);
michael@0 156 response.write(query.preflightBody);
michael@0 157 }
michael@0 158 }
michael@0 159
michael@0 160 function sendHttp500(response, text) {
michael@0 161 response.setStatusLine(null, 500, text);
michael@0 162 }

Mercurial Repository: The Tor Browser

Europalab SCM Repository Server

mercurial