file_bug1505412.sjs (1376B)
1 // https://bugzilla.mozilla.org/show_bug.cgi?id=650386 2 // This SJS file serves file_redirect_content.html 3 // with a CSP that will trigger a violation and that will report it 4 // to file_redirect_report.sjs 5 // 6 // This handles 301, 302, 303 and 307 redirects. The HTTP status code 7 // returned/type of redirect to do comes from the query string 8 // parameter passed in from the test_bug650386_* files and then also 9 // uses that value in the report-uri parameter of the CSP 10 function handleRequest(request, response) { 11 response.setHeader("Cache-Control", "no-cache", false); 12 13 // this gets used in the CSP as part of the report URI. 14 var redirect = request.queryString; 15 16 if (!redirect) { 17 // if we somehow got some bogus redirect code here, 18 // do a 302 redirect to the same URL as the report URI 19 // redirects to - this will fail the test. 20 var loc = 21 "http://sub1.test1.example.org/tests/dom/security/test/csp/file_bug1505412.sjs?redirected"; 22 response.setStatusLine("1.1", 302, "Found"); 23 response.setHeader("Location", loc, false); 24 return; 25 } 26 27 // response.setHeader("content-type", "text/application", false); 28 // the actual file content. 29 // this image load will (intentionally) fail due to the CSP policy of default-src: 'self' 30 // specified by the CSP string above. 31 var content = "info('Script Loaded')"; 32 33 response.write(content); 34 }