From 5f8de423f190bbb79a62f804151bc24824fa32d8 Mon Sep 17 00:00:00 2001 From: "Matt A. Tobin" Date: Fri, 2 Feb 2018 04:16:08 -0500 Subject: Add m-esr52 at 52.6.0 --- .../test/csp/file_scheme_relative_sources.sjs | 42 ++++++++++++++++++++++ 1 file changed, 42 insertions(+) create mode 100644 dom/security/test/csp/file_scheme_relative_sources.sjs (limited to 'dom/security/test/csp/file_scheme_relative_sources.sjs') diff --git a/dom/security/test/csp/file_scheme_relative_sources.sjs b/dom/security/test/csp/file_scheme_relative_sources.sjs new file mode 100644 index 000000000..8c4d62ca5 --- /dev/null +++ b/dom/security/test/csp/file_scheme_relative_sources.sjs @@ -0,0 +1,42 @@ +/** + * Custom *.sjs specifically for the needs of + * Bug 921493 - CSP: test whitelisting of scheme-relative sources + */ + +function handleRequest(request, response) +{ + Components.utils.importGlobalProperties(["URLSearchParams"]); + let query = new URLSearchParams(request.queryString); + + let scheme = query.get("scheme"); + let policy = query.get("policy"); + + let linkUrl = scheme + + "://example.com/tests/dom/security/test/csp/file_scheme_relative_sources.js"; + + let html = "" + + "" + + "" + + "test schemeless sources within CSP" + + "" + + " " + + "
blocked
" + + // try to load a scheme relative script + "" + + // have an inline script that reports back to the parent whether + // the script got loaded or not from within the sandboxed iframe. + "" + + "" + + ""; + + response.setHeader("Cache-Control", "no-cache", false); + response.setHeader("Content-Type", "text/html", false); + response.setHeader("Content-Security-Policy", policy, false); + + response.write(html); +} -- cgit v1.2.3