summaryrefslogtreecommitdiffstats
path: root/dom/security/test/csp/file_upgrade_insecure_referrer.sjs
diff options
context:
space:
mode:
Diffstat (limited to 'dom/security/test/csp/file_upgrade_insecure_referrer.sjs')
-rw-r--r--dom/security/test/csp/file_upgrade_insecure_referrer.sjs55
1 files changed, 55 insertions, 0 deletions
diff --git a/dom/security/test/csp/file_upgrade_insecure_referrer.sjs b/dom/security/test/csp/file_upgrade_insecure_referrer.sjs
new file mode 100644
index 000000000..e149afa4b
--- /dev/null
+++ b/dom/security/test/csp/file_upgrade_insecure_referrer.sjs
@@ -0,0 +1,55 @@
+// special *.sjs specifically customized for the needs of
+// Bug 1139297 and Bug 663570
+
+const PRE_HEAD =
+ "<!DOCTYPE HTML>" +
+ "<html>" +
+ "<head>";
+
+ const POST_HEAD =
+ "<meta charset='utf-8'>" +
+ "<title>Bug 1139297 - Implement CSP upgrade-insecure-requests directive</title>" +
+ "</head>" +
+ "<body>" +
+ "<img id='testimage' src='http://example.com/tests/dom/security/test/csp/file_upgrade_insecure_referrer_server.sjs?img'></img>" +
+ "</body>" +
+ "</html>";
+
+const PRE_CSP = "upgrade-insecure-requests; default-src https:; ";
+const CSP_REFERRER_ORIGIN = "referrer origin";
+const CSP_REFEFFER_NO_REFERRER = "referrer no-referrer";
+
+function handleRequest(request, response)
+{
+ // avoid confusing cache behaviors
+ response.setHeader("Cache-Control", "no-cache", false);
+ var queryString = request.queryString;
+
+ if (queryString === "test1") {
+ response.setHeader("Content-Security-Policy", PRE_CSP + CSP_REFERRER_ORIGIN, false);
+ response.write(PRE_HEAD + POST_HEAD);
+ return;
+ }
+
+ if (queryString === "test2") {
+ response.setHeader("Content-Security-Policy", PRE_CSP + CSP_REFEFFER_NO_REFERRER, false);
+ response.write(PRE_HEAD + POST_HEAD);
+ return;
+ }
+
+ if (queryString === "test3") {
+ var metacsp = "<meta http-equiv=\"Content-Security-Policy\" content = \"" + PRE_CSP + CSP_REFERRER_ORIGIN + "\" >";
+ response.write(PRE_HEAD + metacsp + POST_HEAD);
+ return;
+ }
+
+ if (queryString === "test4") {
+ var metacsp = "<meta http-equiv=\"Content-Security-Policy\" content = \"" + PRE_CSP + CSP_REFEFFER_NO_REFERRER + "\" >";
+ response.write(PRE_HEAD + metacsp + POST_HEAD);
+ return;
+ }
+
+ // we should never get here, but just in case return
+ // something unexpected
+ response.write("do'h");
+}
generated by cgit v1.2.3 (git 2.25.1) at 2025-01-16 11:34:07 +0000