file_fontloader.sjs (1467B)
1 // custom *.sjs for Bug 1195172 2 // CSP: 'block-all-mixed-content' 3 4 const PRE_HEAD = 5 "<!DOCTYPE HTML>" + 6 '<html><head><meta charset="utf-8">' + 7 "<title>Bug 1195172 - CSP should block font from cache</title>"; 8 9 const CSP_BLOCK = 10 '<meta http-equiv="Content-Security-Policy" content="font-src \'none\'">'; 11 12 const CSP_ALLOW = 13 '<meta http-equiv="Content-Security-Policy" content="font-src *">'; 14 15 const CSS = 16 "<style>" + 17 " @font-face {" + 18 " font-family: myFontTest;" + 19 " src: url(file_fontloader.woff);" + 20 " }" + 21 " div {" + 22 " font-family: myFontTest;" + 23 " }" + 24 "</style>"; 25 26 const POST_HEAD_AND_BODY = 27 "</head>" + 28 "<body>" + 29 "<div> Just testing the font </div>" + 30 "</body>" + 31 "</html>"; 32 33 function handleRequest(request, response) { 34 // avoid confusing cache behaviors 35 response.setHeader("Cache-Control", "no-cache", false); 36 37 var queryString = request.queryString; 38 39 if (queryString == "baseline") { 40 response.write(PRE_HEAD + POST_HEAD_AND_BODY); 41 return; 42 } 43 if (queryString == "no-csp") { 44 response.write(PRE_HEAD + CSS + POST_HEAD_AND_BODY); 45 return; 46 } 47 if (queryString == "csp-block") { 48 response.write(PRE_HEAD + CSP_BLOCK + CSS + POST_HEAD_AND_BODY); 49 return; 50 } 51 if (queryString == "csp-allow") { 52 response.write(PRE_HEAD + CSP_ALLOW + CSS + POST_HEAD_AND_BODY); 53 return; 54 } 55 // we should never get here, but just in case return something unexpected 56 response.write("do'h"); 57 }