file_nosniff_testserver.sjs (1569B)
1 "use strict"; 2 3 const SCRIPT = "var foo = 24;"; 4 const CSS = "body { background-color: green; }"; 5 6 // small red image 7 const IMG = atob( 8 "iVBORw0KGgoAAAANSUhEUgAAAAUAAAAFCAYAAACNbyblAAAAHElEQVQI12" + 9 "P4//8/w38GIAXDIBKE0DHxgljNBAAO9TXL0Y4OHwAAAABJRU5ErkJggg==" 10 ); 11 12 function handleRequest(request, response) { 13 const query = new URLSearchParams(request.queryString); 14 15 // avoid confusing cache behaviors 16 response.setHeader("Cache-Control", "no-cache", false); 17 18 // set the nosniff header 19 response.setHeader("X-Content-Type-Options", " NoSniFF , foo ", false); 20 21 if (query.has("cssCorrectType")) { 22 response.setHeader("Content-Type", "teXt/cSs", false); 23 response.write(CSS); 24 return; 25 } 26 27 if (query.has("cssWrongType")) { 28 response.setHeader("Content-Type", "text/html", false); 29 response.write(CSS); 30 return; 31 } 32 33 if (query.has("scriptCorrectType")) { 34 response.setHeader("Content-Type", "appLIcation/jAvaScriPt;blah", false); 35 response.write(SCRIPT); 36 return; 37 } 38 39 if (query.has("scriptWrongType")) { 40 response.setHeader("Content-Type", "text/html", false); 41 response.write(SCRIPT); 42 return; 43 } 44 45 if (query.has("imgCorrectType")) { 46 response.setHeader("Content-Type", "iMaGe/pnG;blah", false); 47 response.write(IMG); 48 return; 49 } 50 51 if (query.has("imgWrongType")) { 52 response.setHeader("Content-Type", "text/html", false); 53 response.write(IMG); 54 return; 55 } 56 57 // we should never get here, but just in case 58 response.setHeader("Content-Type", "text/html", false); 59 response.write("do'h"); 60 }