summaryrefslogtreecommitdiffstats
path: root/browser/base/content/test/about/xfo_iframe.sjs
blob: e8a6352ce038ab9fa22250cb9024257b58108099 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
/* Any copyright is dedicated to the Public Domain.
 * http://creativecommons.org/publicdomain/zero/1.0/ */

function handleRequest(request, response) {
  // let's enjoy the amazing XFO setting
  response.setHeader("X-Frame-Options", "SAMEORIGIN");

  // let's avoid caching issues
  response.setHeader("Pragma", "no-cache");
  response.setHeader("Cache-Control", "no-cache", false);

  // everything is fine - no needs to worry :)
  response.setStatusLine(request.httpVersion, 200);

  response.setHeader("Content-Type", "text/html", false);
  let txt =
    "<html><head><title>XFO page</title></head>" +
    "<body><h1>" +
    "XFO blocked page opened in new window!" +
    "</h1></body></html>";
  response.write(txt);

  let cookie = request.hasHeader("Cookie")
    ? request.getHeader("Cookie")
    : "<html><body>" +
      "<h2 id='strictCookie'>No same site strict cookie header</h2></body>" +
      "</html>";
  response.write(cookie);

  if (!request.hasHeader("Cookie")) {
    let strictCookie = `matchaCookie=creamy; Domain=.example.org; SameSite=Strict`;
    response.setHeader("Set-Cookie", strictCookie);
  }
}