dom/security/test/csp/file_upgrade_insecure_referrer_server.sjs


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56

// Custom *.sjs file specifically for the needs of Bug:
// Bug 1139297 - Implement CSP upgrade-insecure-requests directive

// small red image
const IMG_BYTES = atob(
  "iVBORw0KGgoAAAANSUhEUgAAAAUAAAAFCAYAAACNbyblAAAAHElEQVQI12" +
  "P4//8/w38GIAXDIBKE0DHxgljNBAAO9TXL0Y4OHwAAAABJRU5ErkJggg==");

function handleRequest(request, response)
{
  // avoid confusing cache behaviors
  response.setHeader("Cache-Control", "no-cache", false);
  var queryString = request.queryString;

  // (1) lets process the queryresult request async and
  // wait till we have received the image request.
  if (queryString == "queryresult") {
    response.processAsync();
    setObjectState("queryResult", response);
    return;
  }

  // (2) Handle the image request and return the referrer
  // result back to the stored queryresult request.
  if (request.queryString == "img") {
    response.setHeader("Content-Type", "image/png");
    response.write(IMG_BYTES);

    let referrer = "";
    try {
      referrer = request.getHeader("referer");
    } catch (e) {
      referrer = "";
    }
    // make sure the received image request was upgraded to https,
    // otherwise we return not only the referrer but also indicate
    // that the request was not upgraded to https. Note, that
    // all upgrades happen in the browser before any non-secure
    // request hits the wire.
    referrer += (request.scheme == "https") ?
                 "" : " but request is not https";

    getObjectState("queryResult", function(queryResponse) {
      if (!queryResponse) {
        return;
      }
      queryResponse.write(referrer);
      queryResponse.finish();
    });
    return;
  }

  // we should not get here ever, but just in case return
  // something unexpected.
  response.write("doh!");
}