file_referrer_policy.sjs (3154B)
1 const RESPONSE_ERROR = ` 2 <html> 3 <body> 4 Error occurred... 5 <script type="application/javascript"> 6 window.opener.postMessage({result: 'ERROR'}, '*'); 7 </script> 8 </body> 9 </html>`; 10 const RESPONSE_POLICY = ` 11 <html> 12 <body> 13 Send policy onload... 14 <script type="application/javascript"> 15 const loc = document.location.href; 16 window.opener.postMessage({result: document.referrer, location: loc}, "*"); 17 </script> 18 </body> 19 </html>`; 20 21 const expectedQueries = [ 22 "no-referrer", 23 "no-referrer-when-downgrade", 24 "origin", 25 "origin-when-cross-origin", 26 "same-origin", 27 "strict-origin", 28 "strict-origin-when-cross-origin", 29 "unsafe-url", 30 ]; 31 function readQuery(testCase) { 32 let twoValues = testCase.split("-"); 33 let upgradeRequest = twoValues[0] === "https" ? 1 : 0; 34 let httpsResponse = twoValues[1] === "https" ? 1 : 0; 35 return [upgradeRequest, httpsResponse]; 36 } 37 38 function handleRequest(request, response) { 39 response.setHeader("Cache-Control", "no-cache", false); 40 41 let query = new URLSearchParams(request.queryString); 42 // Downgrade to test http/https -> HTTP referrer policy 43 if (query.has("sendMe2") && request.scheme === "https") { 44 // Simulating a timeout by processing the https request 45 response.processAsync(); 46 return; 47 } 48 if (query.has("sendMe") || query.has("sendMe2")) { 49 response.write(RESPONSE_POLICY); 50 return; 51 } 52 // Get the referrer policy that we want to set 53 let referrerPolicy = query.get("rp"); 54 //If the query contained one of the expected referrer policies send a request with the given policy, 55 // else send error 56 if (expectedQueries.includes(referrerPolicy)) { 57 // Determine the test case, e.g. don't upgrade request but send response in https 58 let testCase = readQuery(query.get("upgrade")); 59 let httpsRequest = testCase[0]; 60 let httpsResponse = testCase[1]; 61 // Downgrade to http if upgrade equals 0 62 if (httpsRequest === 0 && request.scheme === "https") { 63 // Simulating a timeout by processing the https request 64 response.processAsync(); 65 return; 66 } 67 // create js redirection that request with the given (related to the query) referrer policy 68 const SEND_REQUEST_HTTPS = ` 69 <html> 70 <head> 71 <meta name="referrer" content=${referrerPolicy}> 72 </head> 73 <body> 74 JS REDIRECT 75 <script> 76 let url = 'https://example.com/tests/dom/security/test/https-first/file_referrer_policy.sjs?sendMe'; 77 window.location = url; 78 </script> 79 </body> 80 </html>`; 81 const SEND_REQUEST_HTTP = ` 82 <html> 83 <head> 84 <meta name="referrer" content=${referrerPolicy}> 85 </head> 86 <body> 87 JS REDIRECT 88 <script> 89 let url = 'http://example.com/tests/dom/security/test/https-first/file_referrer_policy.sjs?sendMe2'; 90 window.location = url; 91 </script> 92 </body> 93 </html>`; 94 let respond = httpsResponse === 1 ? SEND_REQUEST_HTTPS : SEND_REQUEST_HTTP; 95 response.write(respond); 96 return; 97 } 98 99 // We should never get here but in case we send an error 100 response.setStatusLine(request.httpVersion, 500, "OK"); 101 response.write(RESPONSE_ERROR); 102 }