file_redirect.sjs (1818B)
1 //https://bugzilla.mozilla.org/show_bug.cgi?id=1706351 2 3 // Step 1. Send request with redirect queryString (eg. file_redirect.sjs?302) 4 // Step 2. Server responds with corresponding redirect code to http://example.com/../file_redirect.sjs?check 5 // Step 3. Response from ?check indicates whether the redirected request was secure or not. 6 7 const RESPONSE_ERROR = "unexpected-query"; 8 9 // An onload postmessage to window opener 10 const RESPONSE_SECURE = ` 11 <html> 12 <body> 13 send onload message... 14 <script type="application/javascript"> 15 window.opener.postMessage({result: 'secure'}, '*'); 16 </script> 17 </body> 18 </html>`; 19 20 const RESPONSE_INSECURE = ` 21 <html> 22 <body> 23 send onload message... 24 <script type="application/javascript"> 25 window.opener.postMessage({result: 'insecure'}, '*'); 26 </script> 27 </body> 28 </html>`; 29 30 function handleRequest(request, response) { 31 response.setHeader("Cache-Control", "no-cache", false); 32 33 const query = request.queryString; 34 35 // Send redirect header 36 if ((query >= 301 && query <= 303) || query == 307) { 37 // needs to be a cross site redirect to http://example.com otherwise 38 // our upgrade downgrade endless loop break mechanism kicks in 39 const loc = 40 "http://test1.example.com/tests/dom/security/test/https-first/file_redirect.sjs?check"; 41 response.setStatusLine(request.httpVersion, query, "Found"); 42 response.setHeader("Location", loc, false); 43 return; 44 } 45 46 // Check if scheme is http:// or https:// 47 if (query == "check") { 48 const secure = 49 request.scheme == "https" ? RESPONSE_SECURE : RESPONSE_INSECURE; 50 response.setStatusLine(request.httpVersion, 200, "OK"); 51 response.write(secure); 52 return; 53 } 54 55 // This should not happen 56 response.setStatusLine(request.httpVersion, 500, "OK"); 57 response.write(RESPONSE_ERROR); 58 }