file_break_endless_upgrade_downgrade_loop.sjs (3246B)
1 "use strict"; 2 3 // DOWNGRADE_REDIRECT_*: http instead of https, otherwise same path 4 const DOWNGRADE_REDIRECT_META = ` 5 <html> 6 <head> 7 <meta http-equiv="refresh" content="0; url='http://example.com/tests/dom/security/test/https-first/file_break_endless_upgrade_downgrade_loop.sjs?downgrade_redirect_meta'"> 8 </head> 9 <body> 10 META REDIRECT 11 </body> 12 </html>`; 13 14 const DOWNGRADE_REDIRECT_JS = ` 15 <html> 16 <body> 17 JS REDIRECT 18 <script> 19 let url= "http://example.com/tests/dom/security/test/https-first/file_break_endless_upgrade_downgrade_loop.sjs?downgrade_redirect_js"; 20 window.location = url; 21 </script> 22 </body> 23 </html>`; 24 25 // REDIRECT_*: different path and http instead of https 26 const REDIRECT_META = ` 27 <html> 28 <head> 29 <meta http-equiv="refresh" content="0; url='http://example.com/tests/dom/security/test/https-first/file_downgrade_with_different_path.sjs?redirect_meta'"> 30 </head> 31 <body> 32 META REDIRECT 33 </body> 34 </html>`; 35 36 const REDIRECT_JS = ` 37 <html> 38 <body> 39 JS REDIRECT 40 <script> 41 let url= "http://example.com/tests/dom/security/test/https-first/file_downgrade_with_different_path.sjs?redirect_js"; 42 window.location = url; 43 </script> 44 </body> 45 </html>`; 46 47 // An onload postmessage to window opener 48 const RESPONSE_HTTP_SCHEME = ` 49 <html> 50 <body> 51 <script type="application/javascript"> 52 window.opener.postMessage({result: 'scheme-http-'+window.location}, '*'); 53 </script> 54 </body> 55 </html>`; 56 57 function handleRequest(request, response) { 58 response.setHeader("Cache-Control", "no-cache", false); 59 60 if (request.scheme == "https") { 61 // allow http status code as parameter 62 const query = request.queryString.split("="); 63 if (query[0] == "downgrade_redirect_http") { 64 let location = `http://${request.host}${request.path}?${request.queryString}`; 65 response.setStatusLine(request.httpVersion, query[1], "Found"); 66 response.setHeader("Location", location, false); 67 } else if (query[0] == "redirect_http") { 68 response.setStatusLine(request.httpVersion, query[1], "Found"); 69 let location = 70 "http://example.com/tests/dom/security/test/https-first/file_downgrade_with_different_path.sjs?" + 71 request.queryString; 72 response.setHeader("Location", location, false); 73 } else if (query[0] == "downgrade_redirect_js") { 74 response.setStatusLine(request.httpVersion, 200, "OK"); 75 response.write(DOWNGRADE_REDIRECT_JS); 76 } else if (query[0] == "redirect_js") { 77 response.setStatusLine(request.httpVersion, 200, "OK"); 78 response.write(REDIRECT_JS); 79 } else if (query[0] == "downgrade_redirect_meta") { 80 response.setStatusLine(request.httpVersion, 200, "OK"); 81 response.write(DOWNGRADE_REDIRECT_META); 82 } else if (query[0] == "redirect_meta") { 83 response.setStatusLine(request.httpVersion, 200, "OK"); 84 response.write(REDIRECT_META); 85 } else { 86 // We should never get here, but just in case ... 87 response.setStatusLine(request.httpVersion, 500, "OK"); 88 response.write("unexepcted query"); 89 } 90 return; 91 } 92 93 // return http response 94 response.setStatusLine(request.httpVersion, 200, "OK"); 95 response.write(RESPONSE_HTTP_SCHEME); 96 }