1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
|
// Custom *.sjs file specifically for the needs of Bug:
// Bug 1139297 - Implement CSP upgrade-insecure-requests directive
function handleRequest(request, response)
{
// avoid confusing cache behaviors
response.setHeader("Cache-Control", "no-cache", false);
// perform sanity check and make sure that all requests get upgraded to use https
if (request.scheme !== "https") {
response.write("request not https");
return;
}
var queryString = request.queryString;
// TEST 1
if (queryString === "test1") {
var newLocation =
"http://test1.example.com/tests/dom/security/test/csp/file_upgrade_insecure_cors_server.sjs?redir-test1";
response.setStatusLine("1.1", 302, "Found");
response.setHeader("Location", newLocation, false);
return;
}
if (queryString === "redir-test1") {
response.write("test1-no-cors-ok");
return;
}
// TEST 2
if (queryString === "test2") {
var newLocation =
"http://test1.example.com:443/tests/dom/security/test/csp/file_upgrade_insecure_cors_server.sjs?redir-test2";
response.setStatusLine("1.1", 302, "Found");
response.setHeader("Location", newLocation, false);
return;
}
if (queryString === "redir-test2") {
response.write("test2-no-cors-diffport-ok");
return;
}
// TEST 3
response.setHeader("Access-Control-Allow-Headers", "content-type", false);
response.setHeader("Access-Control-Allow-Methods", "POST, GET", false);
response.setHeader("Access-Control-Allow-Origin", "*", false);
if (queryString === "test3") {
var newLocation =
"http://test1.example.com/tests/dom/security/test/csp/file_upgrade_insecure_cors_server.sjs?redir-test3";
response.setStatusLine("1.1", 302, "Found");
response.setHeader("Location", newLocation, false);
return;
}
if (queryString === "redir-test3") {
response.write("test3-cors-ok");
return;
}
// we should not get here, but just in case return something unexpected
response.write("d'oh");
}
|