michael@0: // SJS file for CSP violation report test
michael@0: // https://bugzilla.mozilla.org/show_bug.cgi?id=548193
michael@0: function handleRequest(request, response)
michael@0: {
michael@0:   var query = {};
michael@0:   request.queryString.split('&').forEach(function (val) {
michael@0:     var [name, value] = val.split('=');
michael@0:     query[name] = unescape(value);
michael@0:   });
michael@0: 
michael@0:   response.setHeader("Content-Type", "text/html", false);
michael@0: 
michael@0:   // avoid confusing cache behaviors
michael@0:   response.setHeader("Cache-Control", "no-cache", false);
michael@0: 
michael@0:   // set CSP header
michael@0:   response.setHeader("X-Content-Security-Policy",
michael@0:                      "allow 'self'; report-uri http://mochi.test:8888/csp-report.cgi",
michael@0:                      false);
michael@0: 
michael@0:   // content which will trigger a violation report
michael@0:   response.write('<html><body>');
michael@0:   response.write('<img src="http://example.org/tests/content/base/test/file_CSP.sjs?testid=img_bad&type=img/png"> </img>');
michael@0:   response.write('</body></html>');
michael@0: }