tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

file_frameancestors.sjs (2419B)

      1 // SJS file for CSP frame ancestor mochitests
      2 function handleRequest(request, response) {
      3   var query = {};
      4   request.queryString.split("&").forEach(function (val) {
      5     var [name, value] = val.split("=");
      6     query[name] = unescape(value);
      7   });
      8 
      9   var isPreflight = request.method == "OPTIONS";
     10 
     11   //avoid confusing cache behaviors
     12   response.setHeader("Cache-Control", "no-cache", false);
     13 
     14   // grab the desired policy from the query, and then serve a page
     15   if (query.csp) {
     16     response.setHeader("Content-Security-Policy", unescape(query.csp), false);
     17   }
     18   if (query.scriptedreport) {
     19     // spit back a script that records that the page loaded
     20     response.setHeader("Content-Type", "text/javascript", false);
     21     if (query.double) {
     22       response.write(
     23         'window.parent.parent.parent.postMessage({call: "frameLoaded", testname: "' +
     24           query.scriptedreport +
     25           '", uri: "window.location.toString()"}, "*");'
     26       );
     27     } else {
     28       response.write(
     29         'window.parent.parent.postMessage({call: "frameLoaded", testname: "' +
     30           query.scriptedreport +
     31           '", uri: "window.location.toString()"}, "*");'
     32       );
     33     }
     34   } else if (query.internalframe) {
     35     // spit back an internal iframe (one that might be blocked)
     36     response.setHeader("Content-Type", "text/html", false);
     37     response.write("<html><head>");
     38     if (query.double) {
     39       response.write(
     40         '<script src="file_frameancestors.sjs?double=1&scriptedreport=' +
     41           query.testid +
     42           '"></script>'
     43       );
     44     } else {
     45       response.write(
     46         '<script src="file_frameancestors.sjs?scriptedreport=' +
     47           query.testid +
     48           '"></script>'
     49       );
     50     }
     51     response.write("</head><body>");
     52     response.write(unescape(query.internalframe));
     53     response.write("</body></html>");
     54   } else if (query.externalframe) {
     55     // spit back an internal iframe (one that won't be blocked, and probably
     56     // has no CSP)
     57     response.setHeader("Content-Type", "text/html", false);
     58     response.write("<html><head>");
     59     response.write("</head><body>");
     60     response.write(unescape(query.externalframe));
     61     response.write("</body></html>");
     62   } else {
     63     // default case: error.
     64     response.setHeader("Content-Type", "text/html", false);
     65     response.write("<html><body>");
     66     response.write("ERROR: not sure what to serve.");
     67     response.write("</body></html>");
     68   }
     69 }