// SJS file for CSP redirect mochitests
// This file serves pages which can optionally specify a Content Security Policy
function handleRequest(request, response)
{
var query = {};
request.queryString.split('&').forEach(function (val) {
var [name, value] = val.split('=');
query[name] = unescape(value);
});
response.setHeader("Cache-Control", "no-cache", false);
response.setHeader("Content-Type", "text/html", false);
var resource = "/tests/dom/security/test/csp/file_redirects_resource.sjs";
// CSP header value
response.setHeader("Content-Security-Policy",
"default-src 'self' blob: ; style-src 'self' 'unsafe-inline'", false);
// downloadable font that redirects to another site
if (query["testid"] == "font-src") {
var resp = '
' +
'
test
';
response.write(resp);
return;
}
// iframe that redirects to another site
if (query["testid"] == "frame-src") {
response.write('');
return;
}
// image that redirects to another site
if (query["testid"] == "img-src") {
response.write('');
return;
}
// video content that redirects to another site
if (query["testid"] == "media-src") {
response.write('');
return;
}
// object content that redirects to another site
if (query["testid"] == "object-src") {
response.write('');
return;
}
// external script that redirects to another site
if (query["testid"] == "script-src") {
response.write('');
return;
}
// external stylesheet that redirects to another site
if (query["testid"] == "style-src") {
response.write('');
return;
}
// script that XHR's to a resource that redirects to another site
if (query["testid"] == "xhr-src") {
response.write('');
return;
}
// for bug949706
if (query["testid"] == "img-src-from-css") {
// loads a stylesheet, which in turn loads an image that redirects.
response.write('');
return;
}
if (query["testid"] == "from-worker") {
// loads a script; launches a worker; that worker uses importscript; which then gets redirected
// So it's:
// ');
return;
}
if (query["testid"] == "from-blob-worker") {
// loads a script; launches a worker; that worker uses importscript; which then gets redirected
// So it's:
// ');
return;
}
}