1 // custom *.sjs for Bug 1195172
2 // CSP: 'block-all-mixed-content'
6 "<html><head><meta charset=\"utf-8\">" +
7 "<title>Bug 1195172 - CSP should block font from cache</title>";
10 "<meta http-equiv=\"Content-Security-Policy\" content=\"font-src 'none'\">";
13 "<meta http-equiv=\"Content-Security-Policy\" content=\"font-src *\">";
18 " font-family: myFontTest;" +
19 " src: url(file_fontloader.woff);" +
22 " font-family: myFontTest;" +
26 const POST_HEAD_AND_BODY =
29 "<div> Just testing the font </div>" +
33 function handleRequest(request, response)
35 // avoid confusing cache behaviors
36 response.setHeader("Cache-Control", "no-cache", false);
38 var queryString = request.queryString;
40 if (queryString == "baseline") {
41 response.write(PRE_HEAD + POST_HEAD_AND_BODY);
44 if (queryString == "no-csp") {
45 response.write(PRE_HEAD + CSS + POST_HEAD_AND_BODY);
48 if (queryString == "csp-block") {
49 response.write(PRE_HEAD + CSP_BLOCK + CSS + POST_HEAD_AND_BODY);
52 if (queryString == "csp-allow") {
53 response.write(PRE_HEAD + CSP_ALLOW + CSS + POST_HEAD_AND_BODY);
56 // we should never get here, but just in case return something unexpected
57 response.write("do'h");