1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
|
const SJS = "http://mochi.test:8888/tests/dom/security/test/csp/worker.sjs";
function createFetchWorker(url) {
return `fetch("${url}");`;
}
function createXHRWorker(url) {
return `
try {
var xhr = new XMLHttpRequest();
xhr.open("GET", "${url}");
xhr.send();
} catch(ex) {}
`;
}
function createImportScriptsWorker(url) {
return `
try {
importScripts("${url}");
} catch(ex) {}
`;
}
function createChildWorkerURL(params) {
let url = SJS + "?" + params.toString();
return `new Worker("${url}");`;
}
function createChildWorkerBlob(params) {
let url = SJS + "?" + params.toString();
return `
try {
var xhr = new XMLHttpRequest();
xhr.open("GET", "${url}");
xhr.responseType = "blob";
xhr.send();
xhr.onload = () => {
new Worker(URL.createObjectURL(xhr.response));};
} catch(ex) {}
`;
}
function handleRequest(request, response) {
let params = new URLSearchParams(request.queryString);
let id = params.get("id");
let base = unescape(params.get("base"));
let child = params.has("child") ? params.get("child") : "";
//avoid confusing cache behaviors
response.setHeader("Cache-Control", "no-cache", false);
response.setHeader("Content-Type", "application/javascript");
// Deliver the CSP policy encoded in the URL
if (params.has("csp")) {
response.setHeader(
"Content-Security-Policy",
unescape(params.get("csp")),
false
);
}
if (child) {
let childCsp = params.has("childCsp") ? params.get("childCsp") : "";
params.delete("csp");
params.delete("child");
params.delete("childCsp");
params.append("csp", childCsp);
switch (child) {
case "blob":
response.write(createChildWorkerBlob(params));
break;
case "url":
response.write(createChildWorkerURL(params));
break;
default:
response.setStatusLine(request.httpVersion, 400, "Bad request");
break;
}
return;
}
if (params.has("action")) {
switch (params.get("action")) {
case "fetch":
response.write(createFetchWorker(base + "?id=" + id));
break;
case "xhr":
response.write(createXHRWorker(base + "?id=" + id));
break;
case "importScripts":
response.write(createImportScriptsWorker(base + "?id=" + id));
break;
default:
response.setStatusLine(request.httpVersion, 400, "Bad request");
break;
}
return;
}
response.write("I don't know action ");
}
|