From c1315412cc21a85fb779bef0d87dadde751cfe71 Mon Sep 17 00:00:00 2001 From: janekptacijarabaci Date: Thu, 21 Jun 2018 20:57:09 +0200 Subject: Bug 1469150 - CSP: Scripts with valid nonce get blocked if URL redirects https://bugzilla.mozilla.org/show_bug.cgi?id=1469150 --- ...dom_security_test_csp_file_nonce_redirector.sjs | 25 ++++++++++++++++++++++ 1 file changed, 25 insertions(+) create mode 100644 dom/security/test/csp/dom_security_test_csp_file_nonce_redirector.sjs (limited to 'dom/security/test/csp/dom_security_test_csp_file_nonce_redirector.sjs') diff --git a/dom/security/test/csp/dom_security_test_csp_file_nonce_redirector.sjs b/dom/security/test/csp/dom_security_test_csp_file_nonce_redirector.sjs new file mode 100644 index 000000000..21a8f4e9c --- /dev/null +++ b/dom/security/test/csp/dom_security_test_csp_file_nonce_redirector.sjs @@ -0,0 +1,25 @@ +// custom *.sjs file for +// Bug 1469150:Scripts with valid nonce get blocked if URL redirects. + +const URL_PATH = "example.com/tests/dom/security/test/csp/"; + +function handleRequest(request, response) { + response.setHeader("Cache-Control", "no-cache", false); + let queryStr = request.queryString; + + if (queryStr === "redirect") { + response.setStatusLine("1.1", 302, "Found"); + response.setHeader("Location", + "https://" + URL_PATH + "file_nonce_redirector.sjs?load", false); + return; + } + + if (queryStr === "load") { + response.setHeader("Content-Type", "application/javascript", false); + response.write("console.log('script loaded');"); + return; + } + + // we should never get here - return something unexpected + response.write("d'oh"); +} -- cgit v1.2.3