Add m-esr52 at 52.6.0

author: Matt A. Tobin <mattatobin@localhost.localdomain> 2018-02-02 04:16:08 -0500
committer: Matt A. Tobin <mattatobin@localhost.localdomain> 2018-02-02 04:16:08 -0500
commit: 5f8de423f190bbb79a62f804151bc24824fa32d8 (patch)
tree: 10027f336435511475e392454359edea8e25895d /dom/security/test/csp/file_upgrade_insecure_referrer_server.sjs
parent: 49ee0794b5d912db1f95dce6eb52d781dc210db5 (diff)
download: UXP-5f8de423f190bbb79a62f804151bc24824fa32d8.tar
UXP-5f8de423f190bbb79a62f804151bc24824fa32d8.tar.gz
UXP-5f8de423f190bbb79a62f804151bc24824fa32d8.tar.lz
UXP-5f8de423f190bbb79a62f804151bc24824fa32d8.tar.xz
UXP-5f8de423f190bbb79a62f804151bc24824fa32d8.zip
1 files changed, 56 insertions, 0 deletions
diff --git a/dom/security/test/csp/file_upgrade_insecure_referrer_server.sjs b/dom/security/test/csp/file_upgrade_insecure_referrer_server.sjs
new file mode 100644
index 000000000..be1e6da0c
--- /dev/null
+++ b/dom/security/test/csp/file_upgrade_insecure_referrer_server.sjs
@@ -0,0 +1,56 @@
+// Custom *.sjs file specifically for the needs of Bug:
+// Bug 1139297 - Implement CSP upgrade-insecure-requests directive
+
+// small red image
+const IMG_BYTES = atob(
+  "iVBORw0KGgoAAAANSUhEUgAAAAUAAAAFCAYAAACNbyblAAAAHElEQVQI12" +
+  "P4//8/w38GIAXDIBKE0DHxgljNBAAO9TXL0Y4OHwAAAABJRU5ErkJggg==");
+
+function handleRequest(request, response)
+{
+  // avoid confusing cache behaviors
+  response.setHeader("Cache-Control", "no-cache", false);
+  var queryString = request.queryString;
+
+  // (1) lets process the queryresult request async and
+  // wait till we have received the image request.
+  if (queryString == "queryresult") {
+    response.processAsync();
+    setObjectState("queryResult", response);
+    return;
+  }
+
+  // (2) Handle the image request and return the referrer
+  // result back to the stored queryresult request.
+  if (request.queryString == "img") {
+    response.setHeader("Content-Type", "image/png");
+    response.write(IMG_BYTES);
+
+    let referrer = "";
+    try {
+      referrer = request.getHeader("referer");
+    } catch (e) {
+      referrer = "";
+    }
+    // make sure the received image request was upgraded to https,
+    // otherwise we return not only the referrer but also indicate
+    // that the request was not upgraded to https. Note, that
+    // all upgrades happen in the browser before any non-secure
+    // request hits the wire.
+    referrer += (request.scheme == "https") ?
+                 "" : " but request is not https";
+
+    getObjectState("queryResult", function(queryResponse) {
+      if (!queryResponse) {
+        return;
+      }
+      queryResponse.write(referrer);
+      queryResponse.finish();
+    });
+    return;
+  }
+
+  // we should not get here ever, but just in case return
+  // something unexpected.
+  response.write("doh!");
+}
author	Matt A. Tobin <mattatobin@localhost.localdomain>	2018-02-02 04:16:08 -0500
committer	Matt A. Tobin <mattatobin@localhost.localdomain>	2018-02-02 04:16:08 -0500
commit	5f8de423f190bbb79a62f804151bc24824fa32d8 (patch)
tree	10027f336435511475e392454359edea8e25895d /dom/security/test/csp/file_upgrade_insecure_referrer_server.sjs
parent	49ee0794b5d912db1f95dce6eb52d781dc210db5 (diff)
download	UXP-5f8de423f190bbb79a62f804151bc24824fa32d8.tar UXP-5f8de423f190bbb79a62f804151bc24824fa32d8.tar.gz UXP-5f8de423f190bbb79a62f804151bc24824fa32d8.tar.lz UXP-5f8de423f190bbb79a62f804151bc24824fa32d8.tar.xz UXP-5f8de423f190bbb79a62f804151bc24824fa32d8.zip