tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

file_x-frame-options_page.sjs (2212B)

      1 // SJS file for X-Frame-Options mochitests
      2 function handleRequest(request, response) {
      3   var query = {};
      4   var BOUNDARY = "BOUNDARYOMG3984";
      5   request.queryString.split("&").forEach(function (val) {
      6     var [name, value] = val.split("=");
      7     query[name] = unescape(value);
      8   });
      9 
     10   if (query.multipart == "1") {
     11     response.setHeader(
     12       "Content-Type",
     13       "multipart/x-mixed-replace;boundary=" + BOUNDARY,
     14       false
     15     );
     16     response.setHeader("Cache-Control", "no-cache", false);
     17     response.setStatusLine(request.httpVersion, 200, "OK");
     18     response.write("--" + BOUNDARY + "\r\n");
     19     response.write("Content-Type: text/html\r\n\r\n");
     20   } else {
     21     response.setHeader("Content-Type", "text/html", false);
     22     response.setHeader("Cache-Control", "no-cache", false);
     23   }
     24 
     25   var testHeaders = {
     26     deny: "DENY",
     27     sameorigin: "SAMEORIGIN",
     28     sameorigin2: "SAMEORIGIN, SAMEORIGIN",
     29     sameorigin3: "SAMEORIGIN,SAMEORIGIN , SAMEORIGIN",
     30     mixedpolicy: "DENY,SAMEORIGIN",
     31 
     32     /* added for bug 836132 */
     33     afa: "ALLOW-FROM http://mochi.test:8888/",
     34     afd: "ALLOW-FROM http://example.com/",
     35     afa1: "ALLOW-FROM http://mochi.test:8888",
     36     afd1: "ALLOW-FROM:example.com",
     37     afd2: "ALLOW-FROM: example.com",
     38     afd3: "ALLOW-FROM example.com",
     39     afd4: "ALLOW-FROM:http://example.com",
     40     afd5: "ALLOW-FROM: http://example.com",
     41     afd6: "ALLOW-FROM http://example.com",
     42     afd7: "ALLOW-FROM:mochi.test:8888",
     43     afd8: "ALLOW-FROM: mochi.test:8888",
     44     afd9: "ALLOW-FROM:http://mochi.test:8888",
     45     afd10: "ALLOW-FROM: http://mochi.test:8888",
     46     afd11: "ALLOW-FROM mochi.test:8888",
     47     afd12: "ALLOW-FROM",
     48     afd13: "ALLOW-FROM ",
     49     afd14: "ALLOW-FROM:",
     50   };
     51 
     52   if (testHeaders.hasOwnProperty(query.xfo)) {
     53     response.setHeader("X-Frame-Options", testHeaders[query.xfo], false);
     54   }
     55 
     56   // from the test harness we'll be checking for the presence of this element
     57   // to test if the page loaded
     58   response.write('<h1 id="test">' + query.testid + "</h1>");
     59 
     60   if (query.testid == "postmessage") {
     61     response.write("<script>parent.opener.postMessage('ok', '*');</script>");
     62   }
     63 
     64   if (query.multipart == "1") {
     65     response.write("\r\n--" + BOUNDARY + "\r\n");
     66   }
     67 }