search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Bug 1685822 [wpt PR 27117] - [Import Maps] Add tests for rejecting multiple import...
[gecko.git] / dom / security / test / csp / file_upgrade_insecure_reporting_server.sjs
blobb1f9440964a7258ff5291a1db414b07becf9aa95
1 // Custom *.sjs specifically for the needs of Bug
2 // Bug 1139297 - Implement CSP upgrade-insecure-requests directive
3
4 Components.utils.import("resource://gre/modules/NetUtil.jsm");
5
6 // small red image
7 const IMG_BYTES = atob(
8   "iVBORw0KGgoAAAANSUhEUgAAAAUAAAAFCAYAAACNbyblAAAAHElEQVQI12" +
9   "P4//8/w38GIAXDIBKE0DHxgljNBAAO9TXL0Y4OHwAAAABJRU5ErkJggg==");
10
11 const REPORT_URI = "https://example.com/tests/dom/security/test/csp/file_upgrade_insecure_reporting_server.sjs?report";
12 const POLICY = "upgrade-insecure-requests; default-src https: 'unsafe-inline'";
13 const POLICY_RO = "default-src https: 'unsafe-inline'; report-uri " + REPORT_URI;
14
15 function loadHTMLFromFile(path) {
16   // Load the HTML to return in the response from file.
17   // Since it's relative to the cwd of the test runner, we start there and
18   // append to get to the actual path of the file.
19   var testHTMLFile =
20     Components.classes["@mozilla.org/file/directory_service;1"].
21     getService(Components.interfaces.nsIProperties).
22     get("CurWorkD", Components.interfaces.nsIFile);
23   var dirs = path.split("/");
24   for (var i = 0; i < dirs.length; i++) {
25     testHTMLFile.append(dirs[i]);
26   }
27   var testHTMLFileStream =
28     Components.classes["@mozilla.org/network/file-input-stream;1"].
29     createInstance(Components.interfaces.nsIFileInputStream);
30   testHTMLFileStream.init(testHTMLFile, -1, 0, 0);
31   var testHTML = NetUtil.readInputStreamToString(testHTMLFileStream, testHTMLFileStream.available());
32   return testHTML;
33 }
34
35
36 function handleRequest(request, response)
37 {
38   // avoid confusing cache behaviors
39   response.setHeader("Cache-Control", "no-cache", false);
40
41   // (1) Store the query that will report back whether the violation report was received
42   if (request.queryString == "queryresult") {
43     response.processAsync();
44     setObjectState("queryResult", response);
45     return;
46   }
47
48   // (2) We load a page using a CSP and a report only CSP
49   if (request.queryString == "toplevel") {
50     response.setHeader("Content-Security-Policy", POLICY, false);
51     response.setHeader("Content-Security-Policy-Report-Only", POLICY_RO, false);
52     response.setHeader("Content-Type", "text/html", false);
53     response.write(loadHTMLFromFile("tests/dom/security/test/csp/file_upgrade_insecure_reporting.html"));
54         return;
55   }
56
57   // (3) Return the image back to the client
58   if (request.queryString == "img") {
59     response.setHeader("Content-Type", "image/png");
60     response.write(IMG_BYTES);
61     return;
62   }
63
64   // (4) Finally we receive the report, let's return the request from (1)
65   // signaling that we received the report correctly
66   if (request.queryString == "report") {
67     getObjectState("queryResult", function(queryResponse) {
68       if (!queryResponse) {
69         return;
70       }
71       queryResponse.write("report-ok");
72       queryResponse.finish();
73     });
74     return;
75   }
76
77   // we should never get here, but just in case ...
78   response.setHeader("Content-Type", "text/plain");
79   response.write("doh!");
80 }