// SJS file for HTTPS-Only Mode mochitests
// Bug 1613063 - HTTPS Only Mode

const TOTAL_EXPECTED_REQUESTS = 11;

const IFRAME_CONTENT =
  "<!DOCTYPE HTML>" +
  "<html>" +
  "<head><meta charset='utf-8'>" +
  "<title>Bug 1613063 - HTTPS Only Mode</title>" +
  "</head>" +
  "<body>" +
  "<img src='http://example.com/tests/dom/security/test/https-only/file_upgrade_insecure_server.sjs?nested-img'></img>" +
  "</body>" +
  "</html>";

const expectedQueries = [
  "script",
  "style",
  "img",
  "iframe",
  "form",
  "xhr",
  "media",
  "object",
  "font",
  "img-redir",
  "nested-img",
];

function handleRequest(request, response) {
  // avoid confusing cache behaviors
  response.setHeader("Cache-Control", "no-cache", false);
  var queryString = request.queryString;

  // initialize server variables and save the object state
  // of the initial request, which returns async once the
  // server has processed all requests.
  if (queryString == "queryresult") {
    setState("totaltests", TOTAL_EXPECTED_REQUESTS.toString());
    setState("receivedQueries", "");
    response.processAsync();
    setObjectState("queryResult", response);
    return;
  }

  // handle img redirect (https->http)
  if (queryString == "redirect-image") {
    var newLocation =
      "http://example.com/tests/dom/security/test/https-only/file_upgrade_insecure_server.sjs?img-redir";
    response.setStatusLine("1.1", 302, "Found");
    response.setHeader("Location", newLocation, false);
    return;
  }

  // just in case error handling for unexpected queries
  if (!expectedQueries.includes(queryString)) {
    response.write("unexpected-response");
    return;
  }

  // make sure all the requested queries are indeed https
  queryString += request.scheme == "https" ? "-ok" : "-error";

  var receivedQueries = getState("receivedQueries");

  // images, scripts, etc. get queried twice, do not
  // confuse the server by storing the preload as
  // well as the actual load. If either the preload
  // or the actual load is not https, then we would
  // append "-error" in the array and the test would
  // fail at the end.
  if (receivedQueries.includes(queryString)) {
    return;
  }

  // append the result to the total query string array
  if (receivedQueries != "") {
    receivedQueries += ",";
  }
  receivedQueries += queryString;
  setState("receivedQueries", receivedQueries);

  // keep track of how many more requests the server
  // is expecting
  var totaltests = parseInt(getState("totaltests"));
  totaltests -= 1;
  setState("totaltests", totaltests.toString());

  // return content (img) for the nested iframe to test
  // that subresource requests within nested contexts
  // get upgraded as well. We also have to return
  // the iframe context in case of an error so we
  // can test both, using upgrade-insecure as well
  // as the base case of not using upgrade-insecure.
  if (queryString == "iframe-ok" || queryString == "iframe-error") {
    response.write(IFRAME_CONTENT);
  }

  // if we have received all the requests, we return
  // the result back.
  if (totaltests == 0) {
    getObjectState("queryResult", function (queryResponse) {
      if (!queryResponse) {
        return;
      }
      receivedQueries = getState("receivedQueries");
      queryResponse.write(receivedQueries);
      queryResponse.finish();
    });
  }
}