// SJS file for X-Frame-Options mochitests function handleRequest(request, response) { var query = {}; var BOUNDARY = "BOUNDARYOMG3984"; request.queryString.split("&").forEach(function (val) { var [name, value] = val.split("="); query[name] = unescape(value); }); if (query.multipart == "1") { response.setHeader( "Content-Type", "multipart/x-mixed-replace;boundary=" + BOUNDARY, false ); response.setHeader("Cache-Control", "no-cache", false); response.setStatusLine(request.httpVersion, 200, "OK"); response.write("--" + BOUNDARY + "\r\n"); response.write("Content-Type: text/html\r\n\r\n"); } else { response.setHeader("Content-Type", "text/html", false); response.setHeader("Cache-Control", "no-cache", false); } var testHeaders = { deny: "DENY", sameorigin: "SAMEORIGIN", sameorigin2: "SAMEORIGIN, SAMEORIGIN", sameorigin3: "SAMEORIGIN,SAMEORIGIN , SAMEORIGIN", mixedpolicy: "DENY,SAMEORIGIN", /* added for bug 836132 */ afa: "ALLOW-FROM http://mochi.test:8888/", afd: "ALLOW-FROM http://example.com/", afa1: "ALLOW-FROM http://mochi.test:8888", afd1: "ALLOW-FROM:example.com", afd2: "ALLOW-FROM: example.com", afd3: "ALLOW-FROM example.com", afd4: "ALLOW-FROM:http://example.com", afd5: "ALLOW-FROM: http://example.com", afd6: "ALLOW-FROM http://example.com", afd7: "ALLOW-FROM:mochi.test:8888", afd8: "ALLOW-FROM: mochi.test:8888", afd9: "ALLOW-FROM:http://mochi.test:8888", afd10: "ALLOW-FROM: http://mochi.test:8888", afd11: "ALLOW-FROM mochi.test:8888", afd12: "ALLOW-FROM", afd13: "ALLOW-FROM ", afd14: "ALLOW-FROM:", }; if (testHeaders.hasOwnProperty(query.xfo)) { response.setHeader("X-Frame-Options", testHeaders[query.xfo], false); } // from the test harness we'll be checking for the presence of this element // to test if the page loaded response.write('