1 files changed, 58 insertions, 0 deletions

diff --git a/dom/security/test/https-only/file_iframe_test.sjs b/dom/security/test/https-only/file_iframe_test.sjs
new file mode 100644
index 0000000000..611870c87c
--- /dev/null
+++ b/dom/security/test/https-only/file_iframe_test.sjs
@@ -0,0 +1,58 @@
+// Bug 1658264 - HTTPS-Only and iFrames
+// see browser_iframe_test.js
+
+const IFRAME_CONTENT = `
+<!DOCTYPE HTML>
+<html>
+  <head><meta charset="utf-8"></head>
+  <body>Helo Friend!</body>
+</html>`;
+const DOCUMENT_CONTENT = q => `
+<!DOCTYPE HTML>
+<html>
+  <head><meta charset="utf-8"></head>
+  <body>
+    <iframe src="http://example.com/browser/dom/security/test/https-only/file_iframe_test.sjs?com-${q}"></iframe>
+    <iframe src="http://example.org/browser/dom/security/test/https-only/file_iframe_test.sjs?org-${q}"></iframe>
+  </body>
+</html>`;
+
+function handleRequest(request, response) {
+  // avoid confusing cache behaviors
+  response.setHeader("Cache-Control", "no-cache", false);
+  let queryString = request.queryString;
+  const queryScheme = request.scheme;
+
+  // Setup the state with an empty string and return "ok"
+  if (queryString == "setup") {
+    setState("receivedQueries", "");
+    response.write("ok");
+    return;
+  }
+
+  let receivedQueries = getState("receivedQueries");
+
+  // Return result-string
+  if (queryString == "results") {
+    response.write(receivedQueries);
+    return;
+  }
+
+  // Add semicolon to seperate strings
+  if (receivedQueries !== "") {
+    receivedQueries += ";";
+  }
+
+  // Requests from iFrames start with com or org
+  if (queryString.startsWith("com-") || queryString.startsWith("org-")) {
+    receivedQueries += queryString;
+    setState("receivedQueries", `${receivedQueries}-${queryScheme}`);
+    response.write(IFRAME_CONTENT);
+    return;
+  }
+
+  // Everything else has to be a top-level request
+  receivedQueries += `top-${queryString}`;
+  setState("receivedQueries", `${receivedQueries}-${queryScheme}`);
+  response.write(DOCUMENT_CONTENT(queryString));
+}