diff options
Diffstat (limited to 'dom/security/test/https-first/file_redirect.sjs')
-rw-r--r-- | dom/security/test/https-first/file_redirect.sjs | 58 |
1 files changed, 58 insertions, 0 deletions
diff --git a/dom/security/test/https-first/file_redirect.sjs b/dom/security/test/https-first/file_redirect.sjs new file mode 100644 index 0000000000..2042bcbc88 --- /dev/null +++ b/dom/security/test/https-first/file_redirect.sjs @@ -0,0 +1,58 @@ +//https://bugzilla.mozilla.org/show_bug.cgi?id=1706351 + +// Step 1. Send request with redirect queryString (eg. file_redirect.sjs?302) +// Step 2. Server responds with corresponding redirect code to http://example.com/../file_redirect.sjs?check +// Step 3. Response from ?check indicates whether the redirected request was secure or not. + +const RESPONSE_ERROR = "unexpected-query"; + +// An onload postmessage to window opener +const RESPONSE_SECURE = ` + <html> + <body> + send onload message... + <script type="application/javascript"> + window.opener.postMessage({result: 'secure'}, '*'); + </script> + </body> + </html>`; + +const RESPONSE_INSECURE = ` + <html> + <body> + send onload message... + <script type="application/javascript"> + window.opener.postMessage({result: 'insecure'}, '*'); + </script> + </body> + </html>`; + +function handleRequest(request, response) { + response.setHeader("Cache-Control", "no-cache", false); + + const query = request.queryString; + + // Send redirect header + if ((query >= 301 && query <= 303) || query == 307) { + // needs to be a cross site redirect to http://example.com otherwise + // our upgrade downgrade endless loop break mechanism kicks in + const loc = + "http://test1.example.com/tests/dom/security/test/https-first/file_redirect.sjs?check"; + response.setStatusLine(request.httpVersion, query, "Found"); + response.setHeader("Location", loc, false); + return; + } + + // Check if scheme is http:// or https:// + if (query == "check") { + const secure = + request.scheme == "https" ? RESPONSE_SECURE : RESPONSE_INSECURE; + response.setStatusLine(request.httpVersion, 200, "OK"); + response.write(secure); + return; + } + + // This should not happen + response.setStatusLine(request.httpVersion, 500, "OK"); + response.write(RESPONSE_ERROR); +} |