// SJS file for CSP redirect mochitests
// This file serves pages which can optionally specify a Content Security Policy
function handleRequest(request, response) {
var query = {};
request.queryString.split("&").forEach(function (val) {
var [name, value] = val.split("=");
query[name] = unescape(value);
});
response.setHeader("Cache-Control", "no-cache", false);
response.setHeader("Content-Type", "text/html", false);
var resource = "/tests/dom/security/test/csp/file_redirects_resource.sjs";
// CSP header value
response.setHeader(
"Content-Security-Policy",
"default-src 'self' blob: ; style-src 'self' 'unsafe-inline'",
false
);
// downloadable font that redirects to another site
if (query.testid == "font-src") {
var resp =
'' +
'
test
';
response.write(resp);
return;
}
// iframe that redirects to another site
if (query.testid == "frame-src") {
response.write(
''
);
return;
}
// image that redirects to another site
if (query.testid == "img-src") {
response.write(
''
);
return;
}
// video content that redirects to another site
if (query.testid == "media-src") {
response.write(
''
);
return;
}
// object content that redirects to another site
if (query.testid == "object-src") {
response.write(
''
);
return;
}
// external script that redirects to another site
if (query.testid == "script-src") {
response.write(
''
);
return;
}
// external stylesheet that redirects to another site
if (query.testid == "style-src") {
response.write(
''
);
return;
}
// script that XHR's to a resource that redirects to another site
if (query.testid == "xhr-src") {
response.write('');
return;
}
// for bug949706
if (query.testid == "img-src-from-css") {
// loads a stylesheet, which in turn loads an image that redirects.
response.write(
''
);
return;
}
if (query.testid == "from-worker") {
// loads a script; launches a worker; that worker uses importscript; which then gets redirected
// So it's:
// '
);
return;
}
if (query.testid == "from-blob-worker") {
// loads a script; launches a worker; that worker uses importscript; which then gets redirected
// So it's:
// '
);
}
}