toolkit/components/httpsonlyerror/tests/browser/file_upgrade_insecure_server.sjs


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108

// Serverside Javascript for browser_exception.js
// Bug 1625156 - Error page for HTTPS Only Mode

const expectedQueries = ["content", "img", "iframe", "xhr", "nestedimg"];
const TOTAL_EXPECTED_REQUESTS = expectedQueries.length;

const CONTENT = path => `
<!DOCTYPE HTML>
<html>
  <head>
    <meta charset='utf-8'>
  </head>
  <body>
    <p>Insecure website</p>
    <script type="application/javascript">
      var myXHR = new XMLHttpRequest();
      myXHR.open("GET", "${path}file_upgrade_insecure_server.sjs?xhr");
      myXHR.send(null);
    </script>
    <img src='${path}file_upgrade_insecure_server.sjs?img'></img>
    <iframe src="${path}file_upgrade_insecure_server.sjs?iframe"></iframe>
  </body>
</html>`;

const IFRAME_CONTENT = path => `
<!DOCTYPE HTML>
<html>
  <head>
    <meta charset='utf-8'>
  </head>
  <body>
    <p>Nested insecure website</p>
    <img src='${path}file_upgrade_insecure_server.sjs?nestedimg'></img>
  </body>
</html>`;

function handleRequest(request, response) {
  // avoid confusing cache behaviors
  response.setHeader("Cache-Control", "no-cache", false);
  var queryString = request.queryString;

  // initialize server variables and save the object state
  // of the initial request, which returns async once the
  // server has processed all requests.
  if (queryString.startsWith("queryresult")) {
    response.processAsync();
    setState("totaltests", TOTAL_EXPECTED_REQUESTS.toString());
    setState("receivedQueries", "");
    setState("rootPath", /=(.+)/.exec(queryString)[1]);
    setObjectState("queryResult", response);
    return;
  }

  // just in case error handling for unexpected queries
  if (!expectedQueries.includes(queryString)) {
    response.write("unexpected-response");
    return;
  }

  // make sure all the requested queries are indeed http
  const testResult =
    queryString + (request.scheme == "http" ? "-ok" : "-error");

  var receivedQueries = getState("receivedQueries");

  // images, scripts, etc. get queried twice, do not
  // confuse the server by storing the preload as
  // well as the actual load. If either the preload
  // or the actual load is not https, then we would
  // append "-error" in the array and the test would
  // fail at the end.
  if (receivedQueries.includes(testResult)) {
    return;
  }

  // append the result to the total query string array
  if (receivedQueries != "") {
    receivedQueries += ",";
  }
  receivedQueries += testResult;
  setState("receivedQueries", receivedQueries);

  // keep track of how many more requests the server
  // is expecting
  var totaltests = parseInt(getState("totaltests"));
  totaltests -= 1;
  setState("totaltests", totaltests.toString());

  // Respond with html content
  if (queryString == "content") {
    response.write(CONTENT(getState("rootPath")));
  } else if (queryString == "iframe") {
    response.write(IFRAME_CONTENT(getState("rootPath")));
  }

  // if we have received all the requests, we return
  // the result back.
  if (totaltests == 0) {
    getObjectState("queryResult", function (queryResponse) {
      if (!queryResponse) {
        return;
      }
      var receivedQueries = getState("receivedQueries");
      queryResponse.write(receivedQueries);
      queryResponse.finish();
    });
  }
}