The Tor Browser / file comparison
comparison: content/base/test/csp/file_CSP_frameancestors.sjs
content/base/test/csp/file_CSP_frameancestors.sjs
- branch
- TOR_BUG_9701
- changeset 15
- b8a032363ba2
equal
deleted
inserted
replaced
| -1:000000000000 | 0:9e601d9c0a73 |
|---|---|
| 1 // SJS file for CSP frame ancestor mochitests | |
| 2 function handleRequest(request, response) | |
| 3 { | |
| 4 var query = {}; | |
| 5 request.queryString.split('&').forEach(function (val) { | |
| 6 var [name, value] = val.split('='); | |
| 7 query[name] = unescape(value); | |
| 8 }); | |
| 9 | |
| 10 var isPreflight = request.method == "OPTIONS"; | |
| 11 | |
| 12 | |
| 13 //avoid confusing cache behaviors | |
| 14 response.setHeader("Cache-Control", "no-cache", false); | |
| 15 | |
| 16 // grab the desired policy from the query, and then serve a page | |
| 17 if (query['csp']) | |
| 18 response.setHeader("X-Content-Security-Policy", | |
| 19 unescape(query['csp']), | |
| 20 false); | |
| 21 if (query['scriptedreport']) { | |
| 22 // spit back a script that records that the page loaded | |
| 23 response.setHeader("Content-Type", "text/javascript", false); | |
| 24 if (query['double']) | |
| 25 response.write('window.parent.parent.parent.postMessage({call: "frameLoaded", testname: "' + query['scriptedreport'] + '", uri: "window.location.toString()"}, "*");'); | |
| 26 else | |
| 27 response.write('window.parent.parent.postMessage({call: "frameLoaded", testname: "' + query['scriptedreport'] + '", uri: "window.location.toString()"}, "*");'); | |
| 28 } else if (query['internalframe']) { | |
| 29 // spit back an internal iframe (one that might be blocked) | |
| 30 response.setHeader("Content-Type", "text/html", false); | |
| 31 response.write('<html><head>'); | |
| 32 if (query['double']) | |
| 33 response.write('<script src="file_CSP_frameancestors.sjs?double=1&scriptedreport=' + query['testid'] + '"></script>'); | |
| 34 else | |
| 35 response.write('<script src="file_CSP_frameancestors.sjs?scriptedreport=' + query['testid'] + '"></script>'); | |
| 36 response.write('</head><body>'); | |
| 37 response.write(unescape(query['internalframe'])); | |
| 38 response.write('</body></html>'); | |
| 39 } else if (query['externalframe']) { | |
| 40 // spit back an internal iframe (one that won't be blocked, and probably | |
| 41 // has no CSP) | |
| 42 response.setHeader("Content-Type", "text/html", false); | |
| 43 response.write('<html><head>'); | |
| 44 response.write('</head><body>'); | |
| 45 response.write(unescape(query['externalframe'])); | |
| 46 response.write('</body></html>'); | |
| 47 } else { | |
| 48 // default case: error. | |
| 49 response.setHeader("Content-Type", "text/html", false); | |
| 50 response.write('<html><body>'); | |
| 51 response.write("ERROR: not sure what to serve."); | |
| 52 response.write('</body></html>'); | |
| 53 } | |
| 54 } |
