tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

worker.sjs (2560B)

      1 const SJS = "http://mochi.test:8888/tests/dom/security/test/csp/worker.sjs";
      2 
      3 function createFetchWorker(url) {
      4   return `fetch("${url}");`;
      5 }
      6 
      7 function createXHRWorker(url) {
      8   return `
      9     try {
     10       var xhr = new XMLHttpRequest();
     11       xhr.open("GET", "${url}");
     12       xhr.send();
     13     } catch(ex) {}
     14   `;
     15 }
     16 
     17 function createImportScriptsWorker(url) {
     18   return `
     19     try {
     20       importScripts("${url}");
     21     } catch(ex) {}
     22   `;
     23 }
     24 
     25 function createChildWorkerURL(params) {
     26   let url = SJS + "?" + params.toString();
     27   return `new Worker("${url}");`;
     28 }
     29 
     30 function createChildWorkerBlob(params) {
     31   let url = SJS + "?" + params.toString();
     32   return `
     33     try {
     34       var xhr = new XMLHttpRequest();
     35       xhr.open("GET", "${url}");
     36       xhr.responseType = "blob";
     37       xhr.send();
     38       xhr.onload = () => {
     39         new Worker(URL.createObjectURL(xhr.response));};
     40     } catch(ex) {}
     41   `;
     42 }
     43 
     44 function handleRequest(request, response) {
     45   let params = new URLSearchParams(request.queryString);
     46 
     47   let id = params.get("id");
     48   let base = unescape(params.get("base"));
     49   let child = params.has("child") ? params.get("child") : "";
     50 
     51   //avoid confusing cache behaviors
     52   response.setHeader("Cache-Control", "no-cache", false);
     53   response.setHeader("Content-Type", "application/javascript");
     54 
     55   // Deliver the CSP policy encoded in the URL
     56   if (params.has("csp")) {
     57     response.setHeader(
     58       "Content-Security-Policy",
     59       unescape(params.get("csp")),
     60       false
     61     );
     62   }
     63 
     64   if (child) {
     65     let childCsp = params.has("childCsp") ? params.get("childCsp") : "";
     66     params.delete("csp");
     67     params.delete("child");
     68     params.delete("childCsp");
     69     params.append("csp", childCsp);
     70 
     71     switch (child) {
     72       case "blob":
     73         response.write(createChildWorkerBlob(params));
     74         break;
     75 
     76       case "url":
     77         response.write(createChildWorkerURL(params));
     78         break;
     79 
     80       default:
     81         response.setStatusLine(request.httpVersion, 400, "Bad request");
     82         break;
     83     }
     84 
     85     return;
     86   }
     87 
     88   if (params.has("action")) {
     89     switch (params.get("action")) {
     90       case "fetch":
     91         response.write(createFetchWorker(base + "?id=" + id));
     92         break;
     93 
     94       case "xhr":
     95         response.write(createXHRWorker(base + "?id=" + id));
     96         break;
     97 
     98       case "importScripts":
     99         response.write(createImportScriptsWorker(base + "?id=" + id));
    100         break;
    101 
    102       default:
    103         response.setStatusLine(request.httpVersion, 400, "Bad request");
    104         break;
    105     }
    106 
    107     return;
    108   }
    109 
    110   response.write("I don't know action ");
    111 }