dom/security/test/csp/file_upgrade_insecure_loopback_server.sjs


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22

// Custom *.sjs file specifically for the needs of Bug:
// Bug 1447784 - Implement CSP upgrade-insecure-requests directive

function handleRequest(request, response) {
  response.setHeader("Access-Control-Allow-Headers", "content-type", false);
  response.setHeader("Access-Control-Allow-Methods", "GET", false);
  response.setHeader("Access-Control-Allow-Origin", "*", false);

  // avoid confusing cache behaviors
  response.setHeader("Cache-Control", "no-cache", false);

  // perform sanity check and make sure that all requests get upgraded to use https
  if (request.scheme !== "https") {
    response.write("request-not-https");
    return;
  } else {
    response.write("request-is-https");
  }

  // we should not get here, but just in case return something unexpected
  response.write("d'oh");
}