summaryrefslogtreecommitdiffstats
path: root/dom/security/test/csp/worker.sjs
blob: 9176b62cb5a8b9dd9029a1245dd7f5bcee355ca1 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
const SJS = "http://mochi.test:8888/tests/dom/security/test/csp/worker.sjs";

function createFetchWorker(url) {
  return `fetch("${url}");`;
}

function createXHRWorker(url) {
  return `
    try {
      var xhr = new XMLHttpRequest();
      xhr.open("GET", "${url}");
      xhr.send();
    } catch(ex) {}
  `;
}

function createImportScriptsWorker(url) {
  return `
    try {
      importScripts("${url}");
    } catch(ex) {}
  `;
}

function createChildWorkerURL(params) {
  let url = SJS + "?" + params.toString();
  return `new Worker("${url}");`;
}

function createChildWorkerBlob(params) {
  let url = SJS + "?" + params.toString();
  return `
    try {
      var xhr = new XMLHttpRequest();
      xhr.open("GET", "${url}");
      xhr.responseType = "blob";
      xhr.send();
      xhr.onload = () => {
        new Worker(URL.createObjectURL(xhr.response));};
    } catch(ex) {}
  `;
}

function handleRequest(request, response) {
  let params = new URLSearchParams(request.queryString);

  let id = params.get("id");
  let base = unescape(params.get("base"));
  let child = params.has("child") ? params.get("child") : "";

  //avoid confusing cache behaviors
  response.setHeader("Cache-Control", "no-cache", false);
  response.setHeader("Content-Type", "application/javascript");

  // Deliver the CSP policy encoded in the URL
  if (params.has("csp")) {
    response.setHeader(
      "Content-Security-Policy",
      unescape(params.get("csp")),
      false
    );
  }

  if (child) {
    let childCsp = params.has("childCsp") ? params.get("childCsp") : "";
    params.delete("csp");
    params.delete("child");
    params.delete("childCsp");
    params.append("csp", childCsp);

    switch (child) {
      case "blob":
        response.write(createChildWorkerBlob(params));
        break;

      case "url":
        response.write(createChildWorkerURL(params));
        break;

      default:
        response.setStatusLine(request.httpVersion, 400, "Bad request");
        break;
    }

    return;
  }

  if (params.has("action")) {
    switch (params.get("action")) {
      case "fetch":
        response.write(createFetchWorker(base + "?id=" + id));
        break;

      case "xhr":
        response.write(createXHRWorker(base + "?id=" + id));
        break;

      case "importScripts":
        response.write(createImportScriptsWorker(base + "?id=" + id));
        break;

      default:
        response.setStatusLine(request.httpVersion, 400, "Bad request");
        break;
    }

    return;
  }

  response.write("I don't know action ");
}