diff options
| author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-07 19:33:14 +0000 |
|---|---|---|
| committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-07 19:33:14 +0000 |
| commit | 36d22d82aa202bb199967e9512281e9a53db42c9 (patch) | |
| tree | 105e8c98ddea1c1e4784a60a5a6410fa416be2de /dom/security/test/csp/file_fontloader.sjs | |
| parent | Initial commit. (diff) | |
| download | firefox-esr-upstream.tar.xz firefox-esr-upstream.zip | |
Adding upstream version 115.7.0esr.upstream/115.7.0esrupstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'dom/security/test/csp/file_fontloader.sjs')
| -rw-r--r-- | dom/security/test/csp/file_fontloader.sjs | 57 |
1 files changed, 57 insertions, 0 deletions
diff --git a/dom/security/test/csp/file_fontloader.sjs b/dom/security/test/csp/file_fontloader.sjs new file mode 100644 index 0000000000..b9b5e602fe --- /dev/null +++ b/dom/security/test/csp/file_fontloader.sjs @@ -0,0 +1,57 @@ +// custom *.sjs for Bug 1195172 +// CSP: 'block-all-mixed-content' + +const PRE_HEAD = + "<!DOCTYPE HTML>" + + '<html><head><meta charset="utf-8">' + + "<title>Bug 1195172 - CSP should block font from cache</title>"; + +const CSP_BLOCK = + '<meta http-equiv="Content-Security-Policy" content="font-src \'none\'">'; + +const CSP_ALLOW = + '<meta http-equiv="Content-Security-Policy" content="font-src *">'; + +const CSS = + "<style>" + + " @font-face {" + + " font-family: myFontTest;" + + " src: url(file_fontloader.woff);" + + " }" + + " div {" + + " font-family: myFontTest;" + + " }" + + "</style>"; + +const POST_HEAD_AND_BODY = + "</head>" + + "<body>" + + "<div> Just testing the font </div>" + + "</body>" + + "</html>"; + +function handleRequest(request, response) { + // avoid confusing cache behaviors + response.setHeader("Cache-Control", "no-cache", false); + + var queryString = request.queryString; + + if (queryString == "baseline") { + response.write(PRE_HEAD + POST_HEAD_AND_BODY); + return; + } + if (queryString == "no-csp") { + response.write(PRE_HEAD + CSS + POST_HEAD_AND_BODY); + return; + } + if (queryString == "csp-block") { + response.write(PRE_HEAD + CSP_BLOCK + CSS + POST_HEAD_AND_BODY); + return; + } + if (queryString == "csp-allow") { + response.write(PRE_HEAD + CSP_ALLOW + CSS + POST_HEAD_AND_BODY); + return; + } + // we should never get here, but just in case return something unexpected + response.write("do'h"); +} |