/** * Custom *.sjs specifically for the needs of * Bug 921493 - CSP: test allowlisting of scheme-relative sources */ function handleRequest(request, response) { Components.utils.importGlobalProperties(["URLSearchParams"]); let query = new URLSearchParams(request.queryString); let scheme = query.get("scheme"); let policy = query.get("policy"); let linkUrl = scheme + "://example.com/tests/dom/security/test/csp/file_scheme_relative_sources.js"; let html = "" + "" + "" + "test schemeless sources within CSP" + "" + " " + "
blocked
" + // try to load a scheme relative script "" + // have an inline script that reports back to the parent whether // the script got loaded or not from within the sandboxed iframe. "" + "" + ""; response.setHeader("Cache-Control", "no-cache", false); response.setHeader("Content-Type", "text/html", false); response.setHeader("Content-Security-Policy", policy, false); response.write(html); }