The Tor Browser / file comparison
comparison: content/base/test/file_CrossSiteXHR_server.sjs
content/base/test/file_CrossSiteXHR_server.sjs
- changeset 0
- 6474c204b198
equal
deleted
inserted
replaced
| -1:000000000000 | 0:f8a852692caf |
|---|---|
| 1 const CC = Components.Constructor; | |
| 2 const BinaryInputStream = CC("@mozilla.org/binaryinputstream;1", | |
| 3 "nsIBinaryInputStream", | |
| 4 "setInputStream"); | |
| 5 | |
| 6 function handleRequest(request, response) | |
| 7 { | |
| 8 var query = {}; | |
| 9 request.queryString.split('&').forEach(function (val) { | |
| 10 var [name, value] = val.split('='); | |
| 11 query[name] = unescape(value); | |
| 12 }); | |
| 13 | |
| 14 var isPreflight = request.method == "OPTIONS"; | |
| 15 | |
| 16 var bodyStream = new BinaryInputStream(request.bodyInputStream); | |
| 17 var bodyBytes = []; | |
| 18 while ((bodyAvail = bodyStream.available()) > 0) | |
| 19 Array.prototype.push.apply(bodyBytes, bodyStream.readByteArray(bodyAvail)); | |
| 20 | |
| 21 var body = decodeURIComponent( | |
| 22 escape(String.fromCharCode.apply(null, bodyBytes))); | |
| 23 | |
| 24 // Check that request was correct | |
| 25 | |
| 26 if (!isPreflight && query.body && body != query.body) { | |
| 27 sendHttp500(response, "Wrong body. Expected " + query.body + " got " + | |
| 28 body); | |
| 29 return; | |
| 30 } | |
| 31 | |
| 32 if (!isPreflight && "headers" in query) { | |
| 33 headers = eval(query.headers); | |
| 34 for(headerName in headers) { | |
| 35 // Content-Type is changed if there was a body | |
| 36 if (!(headerName == "Content-Type" && body) && | |
| 37 request.getHeader(headerName) != headers[headerName]) { | |
| 38 sendHttp500(response, | |
| 39 "Header " + headerName + " had wrong value. Expected " + | |
| 40 headers[headerName] + " got " + request.getHeader(headerName)); | |
| 41 return; | |
| 42 } | |
| 43 } | |
| 44 } | |
| 45 | |
| 46 if (isPreflight && "requestHeaders" in query && | |
| 47 request.getHeader("Access-Control-Request-Headers") != query.requestHeaders) { | |
| 48 sendHttp500(response, | |
| 49 "Access-Control-Request-Headers had wrong value. Expected " + | |
| 50 query.requestHeaders + " got " + | |
| 51 request.getHeader("Access-Control-Request-Headers")); | |
| 52 return; | |
| 53 } | |
| 54 | |
| 55 if (isPreflight && "requestMethod" in query && | |
| 56 request.getHeader("Access-Control-Request-Method") != query.requestMethod) { | |
| 57 sendHttp500(response, | |
| 58 "Access-Control-Request-Method had wrong value. Expected " + | |
| 59 query.requestMethod + " got " + | |
| 60 request.getHeader("Access-Control-Request-Method")); | |
| 61 return; | |
| 62 } | |
| 63 | |
| 64 if ("origin" in query && request.getHeader("Origin") != query.origin) { | |
| 65 sendHttp500(response, | |
| 66 "Origin had wrong value. Expected " + query.origin + " got " + | |
| 67 request.getHeader("Origin")); | |
| 68 return; | |
| 69 } | |
| 70 | |
| 71 if ("cookie" in query) { | |
| 72 cookies = {}; | |
| 73 request.getHeader("Cookie").split(/ *; */).forEach(function (val) { | |
| 74 var [name, value] = val.split('='); | |
| 75 cookies[name] = unescape(value); | |
| 76 }); | |
| 77 | |
| 78 query.cookie.split(",").forEach(function (val) { | |
| 79 var [name, value] = val.split('='); | |
| 80 if (cookies[name] != value) { | |
| 81 sendHttp500(response, | |
| 82 "Cookie " + name + " had wrong value. Expected " + value + | |
| 83 " got " + cookies[name]); | |
| 84 return; | |
| 85 } | |
| 86 }); | |
| 87 } | |
| 88 | |
| 89 if ("noCookie" in query && request.hasHeader("Cookie")) { | |
| 90 sendHttp500(response, | |
| 91 "Got cookies when didn't expect to: " + request.getHeader("Cookie")); | |
| 92 return; | |
| 93 } | |
| 94 | |
| 95 // Send response | |
| 96 | |
| 97 if (query.hop) { | |
| 98 query.hop = parseInt(query.hop, 10); | |
| 99 hops = eval(query.hops); | |
| 100 query.allowOrigin = hops[query.hop-1].allowOrigin; | |
| 101 query.allowHeaders = hops[query.hop-1].allowHeaders; | |
| 102 } | |
| 103 | |
| 104 if (!isPreflight && query.status) { | |
| 105 response.setStatusLine(null, query.status, query.statusMessage); | |
| 106 } | |
| 107 if (isPreflight && query.preflightStatus) { | |
| 108 response.setStatusLine(null, query.preflightStatus, "preflight status"); | |
| 109 } | |
| 110 | |
| 111 if (query.allowOrigin && (!isPreflight || !query.noAllowPreflight)) | |
| 112 response.setHeader("Access-Control-Allow-Origin", query.allowOrigin); | |
| 113 | |
| 114 if (query.allowCred) | |
| 115 response.setHeader("Access-Control-Allow-Credentials", "true"); | |
| 116 | |
| 117 if (query.setCookie) | |
| 118 response.setHeader("Set-Cookie", query.setCookie + "; path=/"); | |
| 119 | |
| 120 if (isPreflight) { | |
| 121 if (query.allowHeaders) | |
| 122 response.setHeader("Access-Control-Allow-Headers", query.allowHeaders); | |
| 123 | |
| 124 if (query.allowMethods) | |
| 125 response.setHeader("Access-Control-Allow-Methods", query.allowMethods); | |
| 126 } | |
| 127 else { | |
| 128 if (query.responseHeaders) { | |
| 129 let responseHeaders = eval(query.responseHeaders); | |
| 130 for (let responseHeader in responseHeaders) { | |
| 131 response.setHeader(responseHeader, responseHeaders[responseHeader]); | |
| 132 } | |
| 133 } | |
| 134 | |
| 135 if (query.exposeHeaders) | |
| 136 response.setHeader("Access-Control-Expose-Headers", query.exposeHeaders); | |
| 137 } | |
| 138 | |
| 139 if (query.hop && query.hop < hops.length) { | |
| 140 newURL = hops[query.hop].server + | |
| 141 "/tests/content/base/test/file_CrossSiteXHR_server.sjs?" + | |
| 142 "hop=" + (query.hop + 1) + "&hops=" + query.hops; | |
| 143 response.setStatusLine(null, 307, "redirect"); | |
| 144 response.setHeader("Location", newURL); | |
| 145 | |
| 146 return; | |
| 147 } | |
| 148 | |
| 149 // Send response body | |
| 150 if (!isPreflight && request.method != "HEAD") { | |
| 151 response.setHeader("Content-Type", "application/xml", false); | |
| 152 response.write("<res>hello pass</res>\n"); | |
| 153 } | |
| 154 if (isPreflight && "preflightBody" in query) { | |
| 155 response.setHeader("Content-Type", "text/plain", false); | |
| 156 response.write(query.preflightBody); | |
| 157 } | |
| 158 } | |
| 159 | |
| 160 function sendHttp500(response, text) { | |
| 161 response.setStatusLine(null, 500, text); | |
| 162 } |
