39 lines
1.6 KiB
Python
39 lines
1.6 KiB
Python
import os
|
|
|
|
|
|
def handle_headers(frame, request, response):
|
|
# Send a 103 response.
|
|
resource_url = request.GET.first(b"resource-url").decode()
|
|
link_header_value = "<{}>; rel=preload; as=script".format(resource_url)
|
|
early_hints = [
|
|
(b":status", b"103"),
|
|
(b"link", link_header_value),
|
|
]
|
|
|
|
early_hints_policy = request.GET.first(b"early-hints-policy").decode()
|
|
# In this test handler "allowed" or "absent" are only valid policies because
|
|
# csp-document-disallow.html always sets CSP to disallow the preload.
|
|
# "disallowed" makes no observable changes in the test. Note that
|
|
# csp-basic.html covers disallowing preloads in Early Hints.
|
|
assert early_hints_policy == "allowed" or early_hints_policy == "absent"
|
|
|
|
if early_hints_policy == "allowed":
|
|
resource_origin = request.GET.first(b"resource-origin").decode()
|
|
csp_value = "script-src 'self' 'unsafe-inline' {}".format(resource_origin)
|
|
early_hints.append((b"content-security-policy", csp_value))
|
|
|
|
response.writer.write_raw_header_frame(headers=early_hints,
|
|
end_headers=True)
|
|
|
|
# Send the final response header.
|
|
response.status = 200
|
|
response.headers["content-type"] = "text/html"
|
|
response.write_status_headers()
|
|
|
|
|
|
def main(request, response):
|
|
current_dir = os.path.dirname(os.path.realpath(__file__))
|
|
file_path = os.path.join(current_dir, "csp-document-disallow.html")
|
|
with open(file_path, "r") as f:
|
|
test_content = f.read()
|
|
response.writer.write_data(item=test_content, last=True)
|