diff options
Diffstat (limited to '')
-rw-r--r-- | dom/security/test/csp/file_redirects_page.sjs | 141 |
1 files changed, 141 insertions, 0 deletions
diff --git a/dom/security/test/csp/file_redirects_page.sjs b/dom/security/test/csp/file_redirects_page.sjs new file mode 100644 index 0000000000..31c951cc65 --- /dev/null +++ b/dom/security/test/csp/file_redirects_page.sjs @@ -0,0 +1,141 @@ +// SJS file for CSP redirect mochitests +// This file serves pages which can optionally specify a Content Security Policy +function handleRequest(request, response) { + var query = {}; + request.queryString.split("&").forEach(function (val) { + var [name, value] = val.split("="); + query[name] = unescape(value); + }); + + response.setHeader("Cache-Control", "no-cache", false); + response.setHeader("Content-Type", "text/html", false); + + var resource = "/tests/dom/security/test/csp/file_redirects_resource.sjs"; + + // CSP header value + response.setHeader( + "Content-Security-Policy", + "default-src 'self' blob: ; style-src 'self' 'unsafe-inline'", + false + ); + + // downloadable font that redirects to another site + if (query.testid == "font-src") { + var resp = + '<style type="text/css"> @font-face { font-family:' + + '"Redirecting Font"; src: url("' + + resource + + '?res=font&redir=other&id=font-src-redir")} #test{font-family:' + + '"Redirecting Font"}</style></head><body>' + + '<div id="test">test</div></body>'; + response.write(resp); + return; + } + + // iframe that redirects to another site + if (query.testid == "frame-src") { + response.write( + '<iframe src="' + + resource + + '?res=iframe&redir=other&id=frame-src-redir"></iframe>' + ); + return; + } + + // image that redirects to another site + if (query.testid == "img-src") { + response.write( + '<img src="' + resource + '?res=image&redir=other&id=img-src-redir" />' + ); + return; + } + + // video content that redirects to another site + if (query.testid == "media-src") { + response.write( + '<video src="' + + resource + + '?res=media&redir=other&id=media-src-redir"></video>' + ); + return; + } + + // object content that redirects to another site + if (query.testid == "object-src") { + response.write( + '<object type="text/html" data="' + + resource + + '?res=object&redir=other&id=object-src-redir"></object>' + ); + return; + } + + // external script that redirects to another site + if (query.testid == "script-src") { + response.write( + '<script src="' + + resource + + '?res=script&redir=other&id=script-src-redir"></script>' + ); + return; + } + + // external stylesheet that redirects to another site + if (query.testid == "style-src") { + response.write( + '<link rel="stylesheet" type="text/css" href="' + + resource + + '?res=style&redir=other&id=style-src-redir"></link>' + ); + return; + } + + // script that XHR's to a resource that redirects to another site + if (query.testid == "xhr-src") { + response.write('<script src="' + resource + '?res=xhr"></script>'); + return; + } + + // for bug949706 + if (query.testid == "img-src-from-css") { + // loads a stylesheet, which in turn loads an image that redirects. + response.write( + '<link rel="stylesheet" type="text/css" href="' + + resource + + '?res=cssLoader&id=img-src-redir-from-css">' + ); + return; + } + + if (query.testid == "from-worker") { + // loads a script; launches a worker; that worker uses importscript; which then gets redirected + // So it's: + // <script src="res=loadWorkerThatMakesRequests"> + // .. loads Worker("res=makeRequestsWorker") + // .. calls importScript("res=script") + // .. calls xhr("res=xhr-resp") + // .. calls fetch("res=xhr-resp") + response.write( + '<script src="' + + resource + + '?res=loadWorkerThatMakesRequests&id=from-worker"></script>' + ); + return; + } + + if (query.testid == "from-blob-worker") { + // loads a script; launches a worker; that worker uses importscript; which then gets redirected + // So it's: + // <script src="res=loadBlobWorkerThatMakesRequests"> + // .. loads Worker("res=makeRequestsWorker") + // .. calls importScript("res=script") + // .. calls xhr("res=xhr-resp") + // .. calls fetch("res=xhr-resp") + response.write( + '<script src="' + + resource + + '?res=loadBlobWorkerThatMakesRequests&id=from-blob-worker"></script>' + ); + return; + } +} |