blob: f53ed8498fd929d123fbe1127c7ded78a0b82d67 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
|
/* Any copyright is dedicated to the Public Domain.
* http://creativecommons.org/publicdomain/zero/1.0/ */
function handleRequest(request, response) {
// let's enjoy the amazing CSP setting
response.setHeader(
"Content-Security-Policy",
"frame-ancestors 'self'",
false
);
// let's avoid caching issues
response.setHeader("Pragma", "no-cache");
response.setHeader("Cache-Control", "no-cache", false);
// everything is fine - no needs to worry :)
response.setStatusLine(request.httpVersion, 200);
response.setHeader("Content-Type", "text/html", false);
let txt = "<html><body><h1>CSP Page opened in new window!</h1></body></html>";
response.write(txt);
let cookie = request.hasHeader("Cookie")
? request.getHeader("Cookie")
: "<html><body>" +
"<h2 id='strictCookie'>No same site strict cookie header</h2>" +
"</body></html>";
response.write(cookie);
if (!request.hasHeader("Cookie")) {
let strictCookie = `matchaCookie=green; Domain=.example.org; SameSite=Strict`;
response.setHeader("Set-Cookie", strictCookie);
}
}
|
