1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000
1.2 +++ b/content/base/test/csp/file_csp_report.sjs Wed Dec 31 06:09:35 2014 +0100
1.3 @@ -0,0 +1,25 @@
1.4 +// SJS file for CSP violation report test
1.5 +// https://bugzilla.mozilla.org/show_bug.cgi?id=548193
1.6 +function handleRequest(request, response)
1.7 +{
1.8 + var query = {};
1.9 + request.queryString.split('&').forEach(function (val) {
1.10 + var [name, value] = val.split('=');
1.11 + query[name] = unescape(value);
1.12 + });
1.13 +
1.14 + response.setHeader("Content-Type", "text/html", false);
1.15 +
1.16 + // avoid confusing cache behaviors
1.17 + response.setHeader("Cache-Control", "no-cache", false);
1.18 +
1.19 + // set CSP header
1.20 + response.setHeader("X-Content-Security-Policy",
1.21 + "allow 'self'; report-uri http://mochi.test:8888/csp-report.cgi",
1.22 + false);
1.23 +
1.24 + // content which will trigger a violation report
1.25 + response.write('<html><body>');
1.26 + response.write('<img src="http://example.org/tests/content/base/test/file_CSP.sjs?testid=img_bad&type=img/png"> </img>');
1.27 + response.write('</body></html>');
1.28 +}
