server_no_accounts_idtoken.sjs (1696B)
1 /* Any copyright is dedicated to the Public Domain. 2 * http://creativecommons.org/publicdomain/zero/1.0/ 3 */ 4 5 const BinaryInputStream = Components.Constructor( 6 "@mozilla.org/binaryinputstream;1", 7 "nsIBinaryInputStream", 8 "setInputStream" 9 ); 10 11 function readStream(inputStream) { 12 let available = 0; 13 let result = []; 14 while ((available = inputStream.available()) > 0) { 15 result.push(inputStream.readBytes(available)); 16 } 17 return result.join(""); 18 } 19 20 function handleRequest(request, response) { 21 if (request.method != "POST") { 22 response.setStatusLine(request.httpVersion, 405, "Method Not Allowed"); 23 return; 24 } 25 if ( 26 !request.hasHeader("Cookie") || 27 request.getHeader("Cookie") != "credential=authcookieval" 28 ) { 29 response.setStatusLine(request.httpVersion, 400, "Bad Request"); 30 return; 31 } 32 if ( 33 !request.hasHeader("Sec-Fetch-Dest") || 34 request.getHeader("Sec-Fetch-Dest") != "webidentity" 35 ) { 36 response.setStatusLine(request.httpVersion, 400, "Bad Request"); 37 return; 38 } 39 if ( 40 !request.hasHeader("Origin") || 41 request.getHeader("Origin") != "https://example.com" 42 ) { 43 response.setStatusLine(request.httpVersion, 400, "Bad Request"); 44 return; 45 } 46 47 response.setHeader("Access-Control-Allow-Origin", "https://example.com"); 48 response.setHeader("Access-Control-Allow-Credentials", "true"); 49 response.setHeader("Content-Type", "application/json"); 50 let requestContent = readStream( 51 new BinaryInputStream(request.bodyInputStream) 52 ); 53 let responseContent = { 54 token: requestContent, 55 }; 56 let body = JSON.stringify(responseContent); 57 response.setStatusLine(request.httpVersion, 200, "OK"); 58 response.write(body); 59 }