blob: ced2d0787b90afdabfd14986478ff4c52c2611cd (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
|
// SJS file for CSP redirect mochitests
// This file serves pages which can optionally specify a Content Security Policy
function handleRequest(request, response)
{
var query = {};
request.queryString.split('&').forEach(function (val) {
var [name, value] = val.split('=');
query[name] = unescape(value);
});
response.setHeader("Cache-Control", "no-cache", false);
response.setHeader("Content-Type", "text/html", false);
var resource = "/tests/dom/security/test/csp/file_redirects_resource.sjs";
// CSP header value
response.setHeader("Content-Security-Policy",
"default-src 'self' blob: ; style-src 'self' 'unsafe-inline'", false);
// downloadable font that redirects to another site
if (query["testid"] == "font-src") {
var resp = '<style type="text/css"> @font-face { font-family:' +
'"Redirecting Font"; src: url("' + resource +
'?res=font&redir=other&id=font-src-redir")} #test{font-family:' +
'"Redirecting Font"}</style></head><body>' +
'<div id="test">test</div></body>';
response.write(resp);
return;
}
// iframe that redirects to another site
if (query["testid"] == "frame-src") {
response.write('<iframe src="'+resource+'?res=iframe&redir=other&id=frame-src-redir"></iframe>');
return;
}
// image that redirects to another site
if (query["testid"] == "img-src") {
response.write('<img src="'+resource+'?res=image&redir=other&id=img-src-redir" />');
return;
}
// video content that redirects to another site
if (query["testid"] == "media-src") {
response.write('<video src="'+resource+'?res=media&redir=other&id=media-src-redir"></video>');
return;
}
// object content that redirects to another site
if (query["testid"] == "object-src") {
response.write('<object type="text/html" data="'+resource+'?res=object&redir=other&id=object-src-redir"></object>');
return;
}
// external script that redirects to another site
if (query["testid"] == "script-src") {
response.write('<script src="'+resource+'?res=script&redir=other&id=script-src-redir"></script>');
return;
}
// external stylesheet that redirects to another site
if (query["testid"] == "style-src") {
response.write('<link rel="stylesheet" type="text/css" href="'+resource+'?res=style&redir=other&id=style-src-redir"></link>');
return;
}
// script that XHR's to a resource that redirects to another site
if (query["testid"] == "xhr-src") {
response.write('<script src="'+resource+'?res=xhr"></script>');
return;
}
// for bug949706
if (query["testid"] == "img-src-from-css") {
// loads a stylesheet, which in turn loads an image that redirects.
response.write('<link rel="stylesheet" type="text/css" href="'+resource+'?res=cssLoader&id=img-src-redir-from-css">');
return;
}
if (query["testid"] == "from-worker") {
// loads a script; launches a worker; that worker uses importscript; which then gets redirected
// So it's:
// <script src="res=loadWorkerThatMakesRequests">
// .. loads Worker("res=makeRequestsWorker")
// .. calls importScript("res=script")
// .. calls xhr("res=xhr-resp")
// .. calls fetch("res=xhr-resp")
response.write('<script src="'+resource+'?res=loadWorkerThatMakesRequests&id=from-worker"></script>');
return;
}
if (query["testid"] == "from-blob-worker") {
// loads a script; launches a worker; that worker uses importscript; which then gets redirected
// So it's:
// <script src="res=loadBlobWorkerThatMakesRequests">
// .. loads Worker("res=makeRequestsWorker")
// .. calls importScript("res=script")
// .. calls xhr("res=xhr-resp")
// .. calls fetch("res=xhr-resp")
response.write('<script src="'+resource+'?res=loadBlobWorkerThatMakesRequests&id=from-blob-worker"></script>');
return;
}
}
|
