tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

file_restrictedEventSource.sjs (2699B)

      1 function handleRequest(request, response) {
      2   if (
      3     (request.queryString == "test=user1_xhr" &&
      4       request.hasHeader("Authorization") &&
      5       request.getHeader("Authorization") == "Basic dXNlciAxOnBhc3N3b3JkIDE=") ||
      6     (request.queryString == "test=user1_evtsrc" &&
      7       request.hasHeader("Authorization") &&
      8       request.getHeader("Authorization") == "Basic dXNlciAxOnBhc3N3b3JkIDE=")
      9   ) {
     10     response.setStatusLine(null, 200, "OK");
     11     response.setHeader("Content-Type", "text/event-stream", false);
     12     response.setHeader(
     13       "Access-Control-Allow-Origin",
     14       "http://mochi.test:8888",
     15       false
     16     );
     17     response.setHeader("Access-Control-Allow-Credentials", "true", false);
     18     response.setHeader("Cache-Control", "no-cache, must-revalidate", false);
     19     if (request.queryString == "test=user1_xhr") {
     20       response.setHeader("Set-Cookie", "test=5c", false);
     21     }
     22     response.write("event: message\ndata: 1\n\n");
     23   } else if (
     24     (request.queryString == "test=user2_xhr" &&
     25       request.hasHeader("Authorization") &&
     26       request.getHeader("Authorization") == "Basic dXNlciAyOnBhc3N3b3JkIDI=") ||
     27     (request.queryString == "test=user2_evtsrc" &&
     28       request.hasHeader("Authorization") &&
     29       request.getHeader("Authorization") == "Basic dXNlciAyOnBhc3N3b3JkIDI=" &&
     30       request.hasHeader("Cookie") &&
     31       request.getHeader("Cookie") == "test=5d")
     32   ) {
     33     response.setStatusLine(null, 200, "OK");
     34     response.setHeader("Content-Type", "text/event-stream", false);
     35     response.setHeader(
     36       "Access-Control-Allow-Origin",
     37       "http://mochi.test:8888",
     38       false
     39     );
     40     response.setHeader("Access-Control-Allow-Credentials", "true", false);
     41     response.setHeader("Cache-Control", "no-cache, must-revalidate", false);
     42     if (request.queryString == "test=user2_xhr") {
     43       response.setHeader("Set-Cookie", "test=5d", false);
     44     }
     45     response.write("event: message\ndata: 1\n\n");
     46   } else if (
     47     request.queryString == "test=user1_xhr" ||
     48     request.queryString == "test=user2_xhr"
     49   ) {
     50     response.setStatusLine(null, 401, "Unauthorized");
     51     response.setHeader("WWW-Authenticate", 'basic realm="restricted"', false);
     52     response.setHeader(
     53       "Access-Control-Allow-Origin",
     54       "http://mochi.test:8888",
     55       false
     56     );
     57     response.setHeader("Access-Control-Allow-Credentials", "true", false);
     58     response.write("Unauthorized");
     59   } else {
     60     response.setStatusLine(null, 403, "Forbidden");
     61     response.setHeader(
     62       "Access-Control-Allow-Origin",
     63       "http://mochi.test:8888",
     64       false
     65     );
     66     response.setHeader("Access-Control-Allow-Credentials", "true", false);
     67     response.write("Forbidden");
     68   }
     69 }