test_hsts-invalid-headers.sjs (1466B)
1 /* Any copyright is dedicated to the Public Domain. 2 * http://creativecommons.org/publicdomain/zero/1.0/ */ 3 "use strict"; 4 5 function handleRequest(request, response) { 6 response.setHeader("Content-Type", "text/plain; charset=utf-8", false); 7 8 let issue; 9 switch (request.queryString) { 10 case "badSyntax": 11 response.setHeader("Strict-Transport-Security", '"'); 12 issue = "is not syntactically correct."; 13 break; 14 case "noMaxAge": 15 response.setHeader("Strict-Transport-Security", "max-age444"); 16 issue = "does not include a max-age directive."; 17 break; 18 case "invalidIncludeSubDomains": 19 response.setHeader("Strict-Transport-Security", "includeSubDomains=abc"); 20 issue = "includes an invalid includeSubDomains directive."; 21 break; 22 case "invalidMaxAge": 23 response.setHeader("Strict-Transport-Security", "max-age=abc"); 24 issue = "includes an invalid max-age directive."; 25 break; 26 case "multipleIncludeSubDomains": 27 response.setHeader( 28 "Strict-Transport-Security", 29 "includeSubDomains; includeSubDomains" 30 ); 31 issue = "includes multiple includeSubDomains directives."; 32 break; 33 case "multipleMaxAge": 34 response.setHeader( 35 "Strict-Transport-Security", 36 "max-age=444; max-age=999" 37 ); 38 issue = "includes multiple max-age directives."; 39 break; 40 } 41 42 response.write("This page is served with a STS header that " + issue); 43 }