blob: 0ce9cc75ec75d4d17ede39c8b788fa0927a38e01 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
|
// SJS file for CSP redirect mochitests
// This file serves pages which can optionally specify a Content Security Policy
function handleRequest(request, response) {
var query = {};
request.queryString.split("&").forEach(function (val) {
var [name, value] = val.split("=");
query[name] = unescape(value);
});
response.setHeader("Cache-Control", "no-cache", false);
response.setHeader("Content-Type", "text/html", false);
var resource = "/tests/dom/security/test/csp/file_redirects_resource.sjs";
// CSP header value
response.setHeader(
"Content-Security-Policy",
"default-src 'self' blob: ; style-src 'self' 'unsafe-inline'",
false
);
// downloadable font that redirects to another site
if (query.testid == "font-src") {
var resp =
'<style type="text/css"> @font-face { font-family:' +
'"Redirecting Font"; src: url("' +
resource +
'?res=font&redir=other&id=font-src-redir")} #test{font-family:' +
'"Redirecting Font"}</style></head><body>' +
'<div id="test">test</div></body>';
response.write(resp);
return;
}
// iframe that redirects to another site
if (query.testid == "frame-src") {
response.write(
'<iframe src="' +
resource +
'?res=iframe&redir=other&id=frame-src-redir"></iframe>'
);
return;
}
// image that redirects to another site
if (query.testid == "img-src") {
response.write(
'<img src="' + resource + '?res=image&redir=other&id=img-src-redir" />'
);
return;
}
// video content that redirects to another site
if (query.testid == "media-src") {
response.write(
'<video src="' +
resource +
'?res=media&redir=other&id=media-src-redir"></video>'
);
return;
}
// object content that redirects to another site
if (query.testid == "object-src") {
response.write(
'<object type="text/html" data="' +
resource +
'?res=object&redir=other&id=object-src-redir"></object>'
);
return;
}
// external script that redirects to another site
if (query.testid == "script-src") {
response.write(
'<script src="' +
resource +
'?res=script&redir=other&id=script-src-redir"></script>'
);
return;
}
// external stylesheet that redirects to another site
if (query.testid == "style-src") {
response.write(
'<link rel="stylesheet" type="text/css" href="' +
resource +
'?res=style&redir=other&id=style-src-redir"></link>'
);
return;
}
// script that XHR's to a resource that redirects to another site
if (query.testid == "xhr-src") {
response.write('<script src="' + resource + '?res=xhr"></script>');
return;
}
// for bug949706
if (query.testid == "img-src-from-css") {
// loads a stylesheet, which in turn loads an image that redirects.
response.write(
'<link rel="stylesheet" type="text/css" href="' +
resource +
'?res=cssLoader&id=img-src-redir-from-css">'
);
return;
}
if (query.testid == "from-worker") {
// loads a script; launches a worker; that worker uses importscript; which then gets redirected
// So it's:
// <script src="res=loadWorkerThatMakesRequests">
// .. loads Worker("res=makeRequestsWorker")
// .. calls importScript("res=script")
// .. calls xhr("res=xhr-resp")
// .. calls fetch("res=xhr-resp")
response.write(
'<script src="' +
resource +
'?res=loadWorkerThatMakesRequests&id=from-worker"></script>'
);
return;
}
if (query.testid == "from-blob-worker") {
// loads a script; launches a worker; that worker uses importscript; which then gets redirected
// So it's:
// <script src="res=loadBlobWorkerThatMakesRequests">
// .. loads Worker("res=makeRequestsWorker")
// .. calls importScript("res=script")
// .. calls xhr("res=xhr-resp")
// .. calls fetch("res=xhr-resp")
response.write(
'<script src="' +
resource +
'?res=loadBlobWorkerThatMakesRequests&id=from-blob-worker"></script>'
);
}
}
|
