michael@0: // SJS file for CSP frame ancestor mochitests
michael@0: function handleRequest(request, response)
michael@0: {
michael@0:   var query = {};
michael@0:   request.queryString.split('&').forEach(function (val) {
michael@0:     var [name, value] = val.split('=');
michael@0:     query[name] = unescape(value);
michael@0:   });
michael@0: 
michael@0:   var isPreflight = request.method == "OPTIONS";
michael@0: 
michael@0: 
michael@0:   //avoid confusing cache behaviors
michael@0:   response.setHeader("Cache-Control", "no-cache", false);
michael@0: 
michael@0:   // grab the desired policy from the query, and then serve a page
michael@0:   if (query['csp'])
michael@0:     response.setHeader("Content-Security-Policy",
michael@0:                         unescape(query['csp']),
michael@0:                         false);
michael@0:   if (query['scriptedreport']) {
michael@0:     // spit back a script that records that the page loaded
michael@0:     response.setHeader("Content-Type", "text/javascript", false);
michael@0:     if (query['double'])
michael@0:       response.write('window.parent.parent.parent.postMessage({call: "frameLoaded", testname: "' + query['scriptedreport'] + '", uri: "window.location.toString()"}, "*");');
michael@0:     else
michael@0:       response.write('window.parent.parent.postMessage({call: "frameLoaded", testname: "' + query['scriptedreport'] + '", uri: "window.location.toString()"}, "*");');
michael@0:   } else if (query['internalframe']) {
michael@0:     // spit back an internal iframe (one that might be blocked)
michael@0:     response.setHeader("Content-Type", "text/html", false);
michael@0:     response.write('<html><head>');
michael@0:     if (query['double'])
michael@0:       response.write('<script src="file_CSP_frameancestors_spec_compliant.sjs?double=1&scriptedreport=' + query['testid'] + '"></script>');
michael@0:     else
michael@0:       response.write('<script src="file_CSP_frameancestors_spec_compliant.sjs?scriptedreport=' + query['testid'] + '"></script>');
michael@0:     response.write('</head><body>');
michael@0:     response.write(unescape(query['internalframe']));
michael@0:     response.write('</body></html>');
michael@0:   } else if (query['externalframe']) {
michael@0:     // spit back an internal iframe (one that won't be blocked, and probably
michael@0:     // has no CSP)
michael@0:     response.setHeader("Content-Type", "text/html", false);
michael@0:     response.write('<html><head>');
michael@0:     response.write('</head><body>');
michael@0:     response.write(unescape(query['externalframe']));
michael@0:     response.write('</body></html>');
michael@0:   } else {
michael@0:     // default case: error.
michael@0:     response.setHeader("Content-Type", "text/html", false);
michael@0:     response.write('<html><body>');
michael@0:     response.write("ERROR: not sure what to serve.");
michael@0:     response.write('</body></html>');
michael@0:   }
michael@0: }