mirror of
https://github.com/mozilla/gecko-dev.git
synced 2024-11-01 06:35:42 +00:00
ff5a390d15
CLOSED TREE --HG-- rename : content/base/test/csp/file_csp_report.sjs => content/base/test/file_bug548193.sjs rename : content/base/test/csp/file_policyuri_async_fetch.html => content/base/test/file_bug558431.html rename : content/base/test/csp/file_policyuri_async_fetch.html^headers^ => content/base/test/file_bug558431.html^headers^ rename : content/base/test/csp/file_redirect_content.sjs => content/base/test/file_bug650386_content.sjs rename : content/base/test/csp/file_redirect_report.sjs => content/base/test/file_bug650386_report.sjs rename : content/base/test/csp/file_subframe_run_js_if_allowed.html => content/base/test/file_bug702439.html rename : content/base/test/csp/file_multi_policy_injection_bypass.html => content/base/test/file_bug717511.html rename : content/base/test/csp/file_multi_policy_injection_bypass.html^headers^ => content/base/test/file_bug717511.html^headers^ rename : content/base/test/csp/file_multi_policy_injection_bypass_2.html => content/base/test/file_bug717511_2.html rename : content/base/test/csp/file_multi_policy_injection_bypass_2.html^headers^ => content/base/test/file_bug717511_2.html^headers^ rename : content/base/test/csp/test_csp_report.html => content/base/test/test_bug548193.html rename : content/base/test/csp/test_policyuri_async_fetch.html => content/base/test/test_bug558431.html rename : content/base/test/csp/test_301_redirect.html => content/base/test/test_bug650386_redirect_301.html rename : content/base/test/csp/test_302_redirect.html => content/base/test/test_bug650386_redirect_302.html rename : content/base/test/csp/test_303_redirect.html => content/base/test/test_bug650386_redirect_303.html rename : content/base/test/csp/test_307_redirect.html => content/base/test/test_bug650386_redirect_307.html rename : content/base/test/csp/test_subframe_run_js_if_allowed.html => content/base/test/test_bug702439.html rename : content/base/test/csp/file_subframe_run_js_if_allowed.html^headers^ => content/base/test/test_bug702439.html^headers^ rename : content/base/test/csp/test_multi_policy_injection_bypass.html => content/base/test/test_bug717511.html
38 lines
1.5 KiB
JavaScript
38 lines
1.5 KiB
JavaScript
// SJS file for tests for bug650386, serves file_bug650386_content.html
|
|
// with a CSP that will trigger a violation and that will report it
|
|
// to file_bug650386_report.sjs
|
|
//
|
|
// This handles 301, 302, 303 and 307 redirects. The HTTP status code
|
|
// returned/type of redirect to do comes from the query string
|
|
// parameter passed in from the test_bug650386_* files and then also
|
|
// uses that value in the report-uri parameter of the CSP
|
|
function handleRequest(request, response) {
|
|
response.setHeader("Cache-Control", "no-cache", false);
|
|
|
|
// this gets used in the CSP as part of the report URI.
|
|
var redirect = request.queryString;
|
|
|
|
if (redirect < 301 || (redirect > 303 && redirect <= 306) || redirect > 307) {
|
|
// if we somehow got some bogus redirect code here,
|
|
// do a 302 redirect to the same URL as the report URI
|
|
// redirects to - this will fail the test.
|
|
var loc = "http://example.com/some/fake/path";
|
|
response.setStatusLine("1.1", 302, "Found");
|
|
response.setHeader("Location", loc, false);
|
|
return;
|
|
}
|
|
|
|
var csp = "default-src \'self\';report-uri http://mochi.test:8888/tests/content/base/test/file_bug650386_report.sjs?" + redirect;
|
|
|
|
response.setHeader("X-Content-Security-Policy", csp, false);
|
|
|
|
// the actual file content.
|
|
// this image load will (intentionally) fail due to the CSP policy of default-src: 'self'
|
|
// specified by the CSP string above.
|
|
var content = "<!DOCTYPE HTML><html><body><img src = \"http://some.other.domain.example.com\"></body></html>";
|
|
|
|
response.write(content);
|
|
|
|
return;
|
|
}
|