summaryrefslogtreecommitdiffstats
path: root/dom/security/test/csp/file_require_sri_meta.sjs
diff options
context:
space:
mode:
Diffstat (limited to 'dom/security/test/csp/file_require_sri_meta.sjs')
-rw-r--r--dom/security/test/csp/file_require_sri_meta.sjs54
1 files changed, 54 insertions, 0 deletions
diff --git a/dom/security/test/csp/file_require_sri_meta.sjs b/dom/security/test/csp/file_require_sri_meta.sjs
new file mode 100644
index 000000000..acaf742db
--- /dev/null
+++ b/dom/security/test/csp/file_require_sri_meta.sjs
@@ -0,0 +1,54 @@
+// custom *.sjs for Bug 1277557
+// META CSP: require-sri-for script;
+
+const PRE_INTEGRITY =
+ "<!DOCTYPE HTML>" +
+ "<html><head><meta charset=\"utf-8\">" +
+ "<title>Bug 1277557 - CSP require-sri-for does not block when CSP is in meta tag</title>" +
+ "<meta http-equiv=\"Content-Security-Policy\" content=\"require-sri-for script; script-src 'unsafe-inline' *\">" +
+ "</head>" +
+ "<body>" +
+ "<script id=\"testscript\"" +
+ // Using math.random() to avoid confusing cache behaviors within the test
+ " src=\"http://mochi.test:8888/tests/dom/security/test/csp/file_require_sri_meta.js?" + Math.random() + "\"";
+
+const WRONG_INTEGRITY =
+ " integrity=\"sha384-oqVuAfXRKap7fdgcCY5uykM6+R9GqQ8K/uxy9rx7HNQlGYl1kPzQho1wx4JwY8wC\"";
+
+const CORRECT_INEGRITY =
+ " integrity=\"sha384-PkcuZQHmjBQKRyv1v3x0X8qFmXiSyFyYIP+f9SU86XWvRneifdNCPg2cYFWBuKsF\"";
+
+const POST_INTEGRITY =
+ " onload=\"window.parent.postMessage({result: 'script-loaded'}, '*');\"" +
+ " onerror=\"window.parent.postMessage({result: 'script-blocked'}, '*');\"" +
+ "></script>" +
+ "</body>" +
+ "</html>";
+
+function handleRequest(request, response)
+{
+ // avoid confusing cache behaviors
+ response.setHeader("Cache-Control", "no-cache", false);
+ response.setHeader("Content-Type", "text/html", false);
+
+ var queryString = request.queryString;
+
+ if (queryString === "no-sri") {
+ response.write(PRE_INTEGRITY + POST_INTEGRITY);
+ return;
+ }
+
+ if (queryString === "wrong-sri") {
+ response.write(PRE_INTEGRITY + WRONG_INTEGRITY + POST_INTEGRITY);
+ return;
+ }
+
+ if (queryString === "correct-sri") {
+ response.write(PRE_INTEGRITY + CORRECT_INEGRITY + POST_INTEGRITY);
+ return;
+ }
+
+ // we should never get here, but just in case
+ // return something unexpected
+ response.write("do'h");
+}
generated by cgit v1.2.3 (git 2.25.1) at 2024-09-08 04:15:20 +0000