summaryrefslogtreecommitdiffstats
path: root/dom/security/test/cors/file_CrossSiteXHR_server.sjs
diff options
context:
space:
mode:
Diffstat (limited to 'dom/security/test/cors/file_CrossSiteXHR_server.sjs')
-rw-r--r--dom/security/test/cors/file_CrossSiteXHR_server.sjs230
1 files changed, 230 insertions, 0 deletions
diff --git a/dom/security/test/cors/file_CrossSiteXHR_server.sjs b/dom/security/test/cors/file_CrossSiteXHR_server.sjs
new file mode 100644
index 0000000000..a3129de75f
--- /dev/null
+++ b/dom/security/test/cors/file_CrossSiteXHR_server.sjs
@@ -0,0 +1,230 @@
+const CC = Components.Constructor;
+const BinaryInputStream = CC(
+ "@mozilla.org/binaryinputstream;1",
+ "nsIBinaryInputStream",
+ "setInputStream"
+);
+Services.prefs.setBoolPref("security.allow_eval_with_system_principal", true);
+
+// eslint-disable-next-line complexity
+function handleRequest(request, response) {
+ var query = {};
+ request.queryString.split("&").forEach(function (val) {
+ var [name, value] = val.split("=");
+ query[name] = unescape(value);
+ });
+
+ var isPreflight = request.method == "OPTIONS";
+
+ var bodyStream = new BinaryInputStream(request.bodyInputStream);
+ var bodyBytes = [];
+ while ((bodyAvail = bodyStream.available()) > 0) {
+ Array.prototype.push.apply(bodyBytes, bodyStream.readByteArray(bodyAvail));
+ }
+
+ var body = decodeURIComponent(
+ escape(String.fromCharCode.apply(null, bodyBytes))
+ );
+
+ if (query.hop) {
+ query.hop = parseInt(query.hop, 10);
+ hops = JSON.parse(query.hops);
+ var curHop = hops[query.hop - 1];
+ query.allowOrigin = curHop.allowOrigin;
+ query.allowHeaders = curHop.allowHeaders;
+ query.allowMethods = curHop.allowMethods;
+ query.allowCred = curHop.allowCred;
+ query.noAllowPreflight = curHop.noAllowPreflight;
+ if (curHop.setCookie) {
+ query.setCookie = unescape(curHop.setCookie);
+ }
+ if (curHop.cookie) {
+ query.cookie = unescape(curHop.cookie);
+ }
+ query.noCookie = curHop.noCookie;
+ }
+
+ // Check that request was correct
+
+ if (!isPreflight && query.body && body != query.body) {
+ sendHttp500(
+ response,
+ "Wrong body. Expected " + query.body + " got " + body
+ );
+ return;
+ }
+
+ if (!isPreflight && "headers" in query) {
+ headers = JSON.parse(query.headers);
+ for (headerName in headers) {
+ // Content-Type is changed if there was a body
+ if (
+ !(headerName == "Content-Type" && body) &&
+ (!request.hasHeader(headerName) ||
+ request.getHeader(headerName) != headers[headerName])
+ ) {
+ var actual = request.hasHeader(headerName)
+ ? request.getHeader(headerName)
+ : "<missing header>";
+ sendHttp500(
+ response,
+ "Header " +
+ headerName +
+ " had wrong value. Expected " +
+ headers[headerName] +
+ " got " +
+ actual
+ );
+ return;
+ }
+ }
+ }
+
+ if (
+ isPreflight &&
+ "requestHeaders" in query &&
+ request.getHeader("Access-Control-Request-Headers") != query.requestHeaders
+ ) {
+ sendHttp500(
+ response,
+ "Access-Control-Request-Headers had wrong value. Expected " +
+ query.requestHeaders +
+ " got " +
+ request.getHeader("Access-Control-Request-Headers")
+ );
+ return;
+ }
+
+ if (
+ isPreflight &&
+ "requestMethod" in query &&
+ request.getHeader("Access-Control-Request-Method") != query.requestMethod
+ ) {
+ sendHttp500(
+ response,
+ "Access-Control-Request-Method had wrong value. Expected " +
+ query.requestMethod +
+ " got " +
+ request.getHeader("Access-Control-Request-Method")
+ );
+ return;
+ }
+
+ if ("origin" in query && request.getHeader("Origin") != query.origin) {
+ sendHttp500(
+ response,
+ "Origin had wrong value. Expected " +
+ query.origin +
+ " got " +
+ request.getHeader("Origin")
+ );
+ return;
+ }
+
+ if ("cookie" in query) {
+ cookies = {};
+ request
+ .getHeader("Cookie")
+ .split(/ *; */)
+ .forEach(function (val) {
+ var [name, value] = val.split("=");
+ cookies[name] = unescape(value);
+ });
+
+ query.cookie.split(",").forEach(function (val) {
+ var [name, value] = val.split("=");
+ if (cookies[name] != value) {
+ sendHttp500(
+ response,
+ "Cookie " +
+ name +
+ " had wrong value. Expected " +
+ value +
+ " got " +
+ cookies[name]
+ );
+ }
+ });
+ }
+
+ if (query.noCookie && request.hasHeader("Cookie")) {
+ sendHttp500(
+ response,
+ "Got cookies when didn't expect to: " + request.getHeader("Cookie")
+ );
+ return;
+ }
+
+ // Send response
+
+ if (!isPreflight && query.status) {
+ response.setStatusLine(null, query.status, query.statusMessage);
+ }
+ if (isPreflight && query.preflightStatus) {
+ response.setStatusLine(null, query.preflightStatus, "preflight status");
+ }
+
+ if (query.allowOrigin && (!isPreflight || !query.noAllowPreflight)) {
+ response.setHeader("Access-Control-Allow-Origin", query.allowOrigin);
+ }
+
+ if (query.allowCred) {
+ response.setHeader("Access-Control-Allow-Credentials", "true");
+ }
+
+ if (query.setCookie) {
+ response.setHeader("Set-Cookie", query.setCookie + "; path=/");
+ }
+
+ if (isPreflight) {
+ if (query.allowHeaders) {
+ response.setHeader("Access-Control-Allow-Headers", query.allowHeaders);
+ }
+
+ if (query.allowMethods) {
+ response.setHeader("Access-Control-Allow-Methods", query.allowMethods);
+ }
+ } else {
+ if (query.responseHeaders) {
+ let responseHeaders = JSON.parse(query.responseHeaders);
+ for (let responseHeader in responseHeaders) {
+ response.setHeader(responseHeader, responseHeaders[responseHeader]);
+ }
+ }
+
+ if (query.exposeHeaders) {
+ response.setHeader("Access-Control-Expose-Headers", query.exposeHeaders);
+ }
+ }
+
+ if (!isPreflight && query.hop && query.hop < hops.length) {
+ newURL =
+ hops[query.hop].server +
+ "/tests/dom/security/test/cors/file_CrossSiteXHR_server.sjs?" +
+ "hop=" +
+ (query.hop + 1) +
+ "&hops=" +
+ escape(query.hops);
+ if ("headers" in query) {
+ newURL += "&headers=" + escape(query.headers);
+ }
+ response.setStatusLine(null, 307, "redirect");
+ response.setHeader("Location", newURL);
+
+ return;
+ }
+
+ // Send response body
+ if (!isPreflight && request.method != "HEAD") {
+ response.setHeader("Content-Type", "application/xml", false);
+ response.write("<res>hello pass</res>\n");
+ }
+ if (isPreflight && "preflightBody" in query) {
+ response.setHeader("Content-Type", "text/plain", false);
+ response.write(query.preflightBody);
+ }
+}
+
+function sendHttp500(response, text) {
+ response.setStatusLine(null, 500, text);
+}
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-16 21:03:00 +0000