tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

file_same_site_cookies_about.sjs (2873B)

      1 // Custom *.sjs file specifically for the needs of Bug 1454721
      2 
      3 // small red image
      4 const IMG_BYTES = atob(
      5   "iVBORw0KGgoAAAANSUhEUgAAAAUAAAAFCAYAAACNbyblAAAAHElEQVQI12" +
      6     "P4//8/w38GIAXDIBKE0DHxgljNBAAO9TXL0Y4OHwAAAABJRU5ErkJggg=="
      7 );
      8 
      9 const IFRAME_INC = `<iframe src='http://mochi.test:8888/tests/dom/security/test/general/file_same_site_cookies_about.sjs?inclusion'></iframe>`;
     10 
     11 function handleRequest(request, response) {
     12   // avoid confusing cache behaviors
     13   response.setHeader("Cache-Control", "no-cache", false);
     14 
     15   // using startsWith and discard the math random
     16   if (request.queryString.startsWith("setSameSiteCookie")) {
     17     response.setHeader(
     18       "Set-Cookie",
     19       "myKey=mySameSiteAboutCookie; samesite=strict",
     20       true
     21     );
     22     response.setHeader("Content-Type", "image/png");
     23     response.write(IMG_BYTES);
     24     return;
     25   }
     26 
     27   // navigation tests
     28   if (request.queryString.includes("loadsrcdocframeNav")) {
     29     let FRAME = `
     30       <iframe srcdoc="foo"
     31        onload="document.location='http://mochi.test:8888/tests/dom/security/test/general/file_same_site_cookies_about.sjs?navigation'">
     32       </iframe>`;
     33     response.write(FRAME);
     34     return;
     35   }
     36 
     37   if (request.queryString.includes("loadblankframeNav")) {
     38     let FRAME = `
     39       <iframe src="about:blank"
     40        onload="document.location='http://mochi.test:8888/tests/dom/security/test/general/file_same_site_cookies_about.sjs?navigation'">
     41       </iframe>`;
     42     response.write(FRAME);
     43     return;
     44   }
     45 
     46   // inclusion tets
     47   if (request.queryString.includes("loadsrcdocframeInc")) {
     48     response.write('<iframe srcdoc="' + IFRAME_INC + '"></iframe>');
     49     return;
     50   }
     51 
     52   if (request.queryString.includes("loadblankframeInc")) {
     53     let FRAME =
     54       `
     55       <iframe id="blankframe" src="about:blank"></iframe>
     56       <script>
     57         document.getElementById("blankframe").contentDocument.write(\"` +
     58       IFRAME_INC +
     59       `\");
     60       <\/script>`;
     61     response.write(FRAME);
     62     return;
     63   }
     64 
     65   if (request.queryString.includes("navigation")) {
     66     const cookies = request.hasHeader("Cookie")
     67       ? request.getHeader("Cookie")
     68       : "";
     69     response.write(`
     70       <!DOCTYPE html>
     71       <html>
     72       <body>
     73         <script type="application/javascript">
     74           window.parent.postMessage({result: "${cookies}" }, '*');
     75         </script>
     76       </body>
     77       </html>
     78     `);
     79   }
     80 
     81   if (request.queryString.includes("inclusion")) {
     82     const cookies = request.hasHeader("Cookie")
     83       ? request.getHeader("Cookie")
     84       : "";
     85     response.write(`
     86       <!DOCTYPE html>
     87       <html>
     88       <body>
     89         <script type="application/javascript">
     90           window.parent.parent.parent.postMessage({result: "${cookies}" }, '*');
     91         </script>
     92       </body>
     93       </html>
     94     `);
     95   }
     96 
     97   // we should never get here, but just in case return something unexpected
     98   response.write("D'oh");
     99 }