file_upgrade_insecure_loopback_server.sjs (806B)
1 // Custom *.sjs file specifically for the needs of Bug: 2 // Bug 1447784 - Implement CSP upgrade-insecure-requests directive 3 4 function handleRequest(request, response) { 5 response.setHeader("Access-Control-Allow-Headers", "content-type", false); 6 response.setHeader("Access-Control-Allow-Methods", "GET", false); 7 response.setHeader("Access-Control-Allow-Origin", "*", false); 8 9 // avoid confusing cache behaviors 10 response.setHeader("Cache-Control", "no-cache", false); 11 12 // perform sanity check and make sure that all requests get upgraded to use https 13 if (request.scheme !== "https") { 14 response.write("request-not-https"); 15 return; 16 } else { 17 response.write("request-is-https"); 18 } 19 20 // we should not get here, but just in case return something unexpected 21 response.write("d'oh"); 22 }