The Tor Browser / file diff

diff: content/base/test/csp/file_CSP_frameancestors.sjs

content/base/test/csp/file_CSP_frameancestors.sjs

changeset 0
6474c204b198
     1.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
     1.2 +++ b/content/base/test/csp/file_CSP_frameancestors.sjs	Wed Dec 31 06:09:35 2014 +0100
     1.3 @@ -0,0 +1,54 @@
     1.4 +// SJS file for CSP frame ancestor mochitests
     1.5 +function handleRequest(request, response)
     1.6 +{
     1.7 +  var query = {};
     1.8 +  request.queryString.split('&').forEach(function (val) {
     1.9 +    var [name, value] = val.split('=');
    1.10 +    query[name] = unescape(value);
    1.11 +  });
    1.12 +
    1.13 +  var isPreflight = request.method == "OPTIONS";
    1.14 +
    1.15 +
    1.16 +  //avoid confusing cache behaviors
    1.17 +  response.setHeader("Cache-Control", "no-cache", false);
    1.18 +
    1.19 +  // grab the desired policy from the query, and then serve a page
    1.20 +  if (query['csp'])
    1.21 +    response.setHeader("X-Content-Security-Policy", 
    1.22 +                        unescape(query['csp']),
    1.23 +                        false);
    1.24 +  if (query['scriptedreport']) {
    1.25 +    // spit back a script that records that the page loaded
    1.26 +    response.setHeader("Content-Type", "text/javascript", false);
    1.27 +    if (query['double'])
    1.28 +      response.write('window.parent.parent.parent.postMessage({call: "frameLoaded", testname: "' + query['scriptedreport'] + '", uri: "window.location.toString()"}, "*");');
    1.29 +    else
    1.30 +      response.write('window.parent.parent.postMessage({call: "frameLoaded", testname: "' + query['scriptedreport'] + '", uri: "window.location.toString()"}, "*");');
    1.31 +  } else if (query['internalframe']) {
    1.32 +    // spit back an internal iframe (one that might be blocked)
    1.33 +    response.setHeader("Content-Type", "text/html", false);
    1.34 +    response.write('<html><head>');
    1.35 +    if (query['double'])
    1.36 +      response.write('<script src="file_CSP_frameancestors.sjs?double=1&scriptedreport=' + query['testid'] + '"></script>');
    1.37 +    else 
    1.38 +      response.write('<script src="file_CSP_frameancestors.sjs?scriptedreport=' + query['testid'] + '"></script>');
    1.39 +    response.write('</head><body>');
    1.40 +    response.write(unescape(query['internalframe']));
    1.41 +    response.write('</body></html>');
    1.42 +  } else if (query['externalframe']) {
    1.43 +    // spit back an internal iframe (one that won't be blocked, and probably
    1.44 +    // has no CSP)
    1.45 +    response.setHeader("Content-Type", "text/html", false);
    1.46 +    response.write('<html><head>');
    1.47 +    response.write('</head><body>');
    1.48 +    response.write(unescape(query['externalframe']));
    1.49 +    response.write('</body></html>');
    1.50 +  } else {
    1.51 +    // default case: error.
    1.52 +    response.setHeader("Content-Type", "text/html", false);
    1.53 +    response.write('<html><body>');
    1.54 +    response.write("ERROR: not sure what to serve.");
    1.55 +    response.write('</body></html>');
    1.56 +  }
    1.57 +}

Mercurial Repository: The Tor Browser

Europalab SCM Repository Server

mercurial