const CC = Components.Constructor; const BinaryInputStream = CC( "@mozilla.org/binaryinputstream;1", "nsIBinaryInputStream", "setInputStream" ); Services.prefs.setBoolPref("security.allow_eval_with_system_principal", true); // eslint-disable-next-line complexity function handleRequest(request, response) { var query = {}; request.queryString.split("&").forEach(function (val) { var [name, value] = val.split("="); query[name] = unescape(value); }); var isPreflight = request.method == "OPTIONS"; var bodyStream = new BinaryInputStream(request.bodyInputStream); var bodyBytes = []; while ((bodyAvail = bodyStream.available()) > 0) { Array.prototype.push.apply(bodyBytes, bodyStream.readByteArray(bodyAvail)); } var body = decodeURIComponent( escape(String.fromCharCode.apply(null, bodyBytes)) ); if (query.hop) { query.hop = parseInt(query.hop, 10); hops = JSON.parse(query.hops); var curHop = hops[query.hop - 1]; query.allowOrigin = curHop.allowOrigin; query.allowHeaders = curHop.allowHeaders; query.allowMethods = curHop.allowMethods; query.allowCred = curHop.allowCred; query.noAllowPreflight = curHop.noAllowPreflight; if (curHop.setCookie) { query.setCookie = unescape(curHop.setCookie); } if (curHop.cookie) { query.cookie = unescape(curHop.cookie); } query.noCookie = curHop.noCookie; } // Check that request was correct if (!isPreflight && query.body && body != query.body) { sendHttp500( response, "Wrong body. Expected " + query.body + " got " + body ); return; } if (!isPreflight && "headers" in query) { headers = JSON.parse(query.headers); for (headerName in headers) { // Content-Type is changed if there was a body if ( !(headerName == "Content-Type" && body) && (!request.hasHeader(headerName) || request.getHeader(headerName) != headers[headerName]) ) { var actual = request.hasHeader(headerName) ? request.getHeader(headerName) : ""; sendHttp500( response, "Header " + headerName + " had wrong value. Expected " + headers[headerName] + " got " + actual ); return; } } } if ( isPreflight && "requestHeaders" in query && request.getHeader("Access-Control-Request-Headers") != query.requestHeaders ) { sendHttp500( response, "Access-Control-Request-Headers had wrong value. Expected " + query.requestHeaders + " got " + request.getHeader("Access-Control-Request-Headers") ); return; } if ( isPreflight && "requestMethod" in query && request.getHeader("Access-Control-Request-Method") != query.requestMethod ) { sendHttp500( response, "Access-Control-Request-Method had wrong value. Expected " + query.requestMethod + " got " + request.getHeader("Access-Control-Request-Method") ); return; } if ("origin" in query && request.getHeader("Origin") != query.origin) { sendHttp500( response, "Origin had wrong value. Expected " + query.origin + " got " + request.getHeader("Origin") ); return; } if ("cookie" in query) { cookies = {}; request .getHeader("Cookie") .split(/ *; */) .forEach(function (val) { var [name, value] = val.split("="); cookies[name] = unescape(value); }); query.cookie.split(",").forEach(function (val) { var [name, value] = val.split("="); if (cookies[name] != value) { sendHttp500( response, "Cookie " + name + " had wrong value. Expected " + value + " got " + cookies[name] ); return; } }); } if (query.noCookie && request.hasHeader("Cookie")) { sendHttp500( response, "Got cookies when didn't expect to: " + request.getHeader("Cookie") ); return; } // Send response if (!isPreflight && query.status) { response.setStatusLine(null, query.status, query.statusMessage); } if (isPreflight && query.preflightStatus) { response.setStatusLine(null, query.preflightStatus, "preflight status"); } if (query.allowOrigin && (!isPreflight || !query.noAllowPreflight)) { response.setHeader("Access-Control-Allow-Origin", query.allowOrigin); } if (query.allowCred) { response.setHeader("Access-Control-Allow-Credentials", "true"); } if (query.setCookie) { response.setHeader("Set-Cookie", query.setCookie + "; path=/"); } if (isPreflight) { if (query.allowHeaders) { response.setHeader("Access-Control-Allow-Headers", query.allowHeaders); } if (query.allowMethods) { response.setHeader("Access-Control-Allow-Methods", query.allowMethods); } } else { if (query.responseHeaders) { let responseHeaders = JSON.parse(query.responseHeaders); for (let responseHeader in responseHeaders) { response.setHeader(responseHeader, responseHeaders[responseHeader]); } } if (query.exposeHeaders) { response.setHeader("Access-Control-Expose-Headers", query.exposeHeaders); } } if (!isPreflight && query.hop && query.hop < hops.length) { newURL = hops[query.hop].server + "/tests/dom/security/test/cors/file_CrossSiteXHR_server.sjs?" + "hop=" + (query.hop + 1) + "&hops=" + escape(query.hops); if ("headers" in query) { newURL += "&headers=" + escape(query.headers); } response.setStatusLine(null, 307, "redirect"); response.setHeader("Location", newURL); return; } // Send response body if (!isPreflight && request.method != "HEAD") { response.setHeader("Content-Type", "application/xml", false); response.write("hello pass\n"); } if (isPreflight && "preflightBody" in query) { response.setHeader("Content-Type", "text/plain", false); response.write(query.preflightBody); } } function sendHttp500(response, text) { response.setStatusLine(null, 500, text); }