summaryrefslogtreecommitdiffstats
path: root/dom/security/test/csp/file_testserver.sjs
diff options
context:
space:
mode:
Diffstat (limited to 'dom/security/test/csp/file_testserver.sjs')
-rw-r--r--dom/security/test/csp/file_testserver.sjs66
1 files changed, 66 insertions, 0 deletions
diff --git a/dom/security/test/csp/file_testserver.sjs b/dom/security/test/csp/file_testserver.sjs
new file mode 100644
index 0000000000..77f9562218
--- /dev/null
+++ b/dom/security/test/csp/file_testserver.sjs
@@ -0,0 +1,66 @@
+// SJS file for CSP mochitests
+"use strict";
+const { NetUtil } = ChromeUtils.importESModule(
+ "resource://gre/modules/NetUtil.sys.mjs"
+);
+
+function loadHTMLFromFile(path) {
+ // Load the HTML to return in the response from file.
+ // Since it's relative to the cwd of the test runner, we start there and
+ // append to get to the actual path of the file.
+ const testHTMLFile = Cc["@mozilla.org/file/directory_service;1"]
+ .getService(Ci.nsIProperties)
+ .get("CurWorkD", Ci.nsIFile);
+
+ const testHTMLFileStream = Cc[
+ "@mozilla.org/network/file-input-stream;1"
+ ].createInstance(Ci.nsIFileInputStream);
+
+ path
+ .split("/")
+ .filter(path => path)
+ .reduce((file, path) => {
+ testHTMLFile.append(path);
+ return testHTMLFile;
+ }, testHTMLFile);
+ testHTMLFileStream.init(testHTMLFile, -1, 0, 0);
+ const isAvailable = testHTMLFileStream.available();
+ return NetUtil.readInputStreamToString(testHTMLFileStream, isAvailable);
+}
+
+function handleRequest(request, response) {
+ const query = new URLSearchParams(request.queryString);
+
+ // avoid confusing cache behaviors
+ response.setHeader("Cache-Control", "no-cache", false);
+
+ // Deliver the CSP policy encoded in the URL
+ if (query.has("csp")) {
+ response.setHeader("Content-Security-Policy", query.get("csp"), false);
+ }
+
+ // Deliver the CSP report-only policy encoded in the URI
+ if (query.has("cspRO")) {
+ response.setHeader(
+ "Content-Security-Policy-Report-Only",
+ query.get("cspRO"),
+ false
+ );
+ }
+
+ // Deliver the CORS header in the URL
+ if (query.has("cors")) {
+ response.setHeader("Access-Control-Allow-Origin", query.get("cors"), false);
+ }
+
+ // Send HTML to test allowed/blocked behaviors
+ let type = "text/html";
+ if (query.has("type")) {
+ type = query.get("type");
+ }
+
+ response.setHeader("Content-Type", type, false);
+ if (query.has("file")) {
+ response.write(loadHTMLFromFile(query.get("file")));
+ }
+}
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-22 09:00:15 +0000