tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

file_same_site_cookies_iframe.sjs (2748B)

      1 // Custom *.sjs file specifically for the needs of Bug 1454027
      2 
      3 // small red image
      4 const IMG_BYTES = atob(
      5   "iVBORw0KGgoAAAANSUhEUgAAAAUAAAAFCAYAAACNbyblAAAAHElEQVQI12" +
      6     "P4//8/w38GIAXDIBKE0DHxgljNBAAO9TXL0Y4OHwAAAABJRU5ErkJggg=="
      7 );
      8 
      9 const NESTED_IFRAME_NAVIGATION = `
     10   <html>
     11   <body>
     12     <a id="testlink" href="http://mochi.test:8888/tests/dom/security/test/general/file_same_site_cookies_iframe.sjs"></a>
     13     <script type="application/javascript">
     14       let link = document.getElementById("testlink");
     15       link.click();
     16     <\/script>
     17   </body>
     18   </html>`;
     19 
     20 const NESTED_IFRAME_INCLUSION = `
     21   <html>
     22   <body>
     23     <script type="application/javascript">
     24     // simply passing on the message from the child to parent
     25     window.addEventListener("message", receiveMessage);
     26     function receiveMessage(event) {
     27       window.removeEventListener("message", receiveMessage);
     28       window.parent.postMessage({result: event.data.result}, '*');
     29     }
     30     <\/script>
     31     <iframe src="http://mochi.test:8888/tests/dom/security/test/general/file_same_site_cookies_iframe.sjs"></iframe>
     32   </body>
     33   </html>`;
     34 
     35 function handleRequest(request, response) {
     36   // avoid confusing cache behaviors
     37   response.setHeader("Cache-Control", "no-cache", false);
     38 
     39   // using startsWith and discard the math random
     40   if (request.queryString.startsWith("setSameSiteCookie")) {
     41     response.setHeader(
     42       "Set-Cookie",
     43       "myKey=mySameSiteIframeTestCookie; samesite=strict",
     44       true
     45     );
     46     response.setHeader("Content-Type", "image/png");
     47     response.write(IMG_BYTES);
     48     return;
     49   }
     50 
     51   // navigation tests
     52   if (request.queryString === "nestedIframeNavigation") {
     53     response.write(NESTED_IFRAME_NAVIGATION);
     54     return;
     55   }
     56 
     57   if (request.queryString === "nestedSandboxIframeNavigation") {
     58     response.setHeader(
     59       "Content-Security-Policy",
     60       "sandbox allow-scripts",
     61       false
     62     );
     63     response.write(NESTED_IFRAME_NAVIGATION);
     64     return;
     65   }
     66 
     67   // inclusion tests
     68   if (request.queryString === "nestedIframeInclusion") {
     69     response.write(NESTED_IFRAME_INCLUSION);
     70     return;
     71   }
     72 
     73   if (request.queryString === "nestedSandboxIframeInclusion") {
     74     response.setHeader(
     75       "Content-Security-Policy",
     76       "sandbox allow-scripts",
     77       false
     78     );
     79     response.write(NESTED_IFRAME_INCLUSION);
     80     return;
     81   }
     82 
     83   const cookies = request.hasHeader("Cookie")
     84     ? request.getHeader("Cookie")
     85     : "";
     86   response.write(`
     87     <!DOCTYPE html>
     88     <html>
     89     <head>
     90       <title>Bug 1454027 - Update SameSite cookie handling inside iframes</title>
     91     </head>
     92     <body>
     93       <script type="application/javascript">
     94         window.parent.postMessage({result: "${cookies}" }, '*');
     95       </script>
     96     </body>
     97     </html>
     98   `);
     99 }