tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

file_toplevel_cookies.sjs (6917B)

      1 // Custom *.sjs file specifically for the needs of Bug 1711453
      2 "use strict";
      3 
      4 // small red image
      5 const IMG_BYTES = atob(
      6   "iVBORw0KGgoAAAANSUhEUgAAAAUAAAAFCAYAAACNbyblAAAAHElEQVQI12" +
      7     "P4//8/w38GIAXDIBKE0DHxgljNBAAO9TXL0Y4OHwAAAABJRU5ErkJggg=="
      8 );
      9 
     10 const IFRAME_INC = `<iframe id="testframeinc"></iframe>`;
     11 
     12 // Sets an image sends cookie and location after loading
     13 const SET_COOKIE_IMG = `
     14 <html>
     15 <body>
     16 <img id="cookieImage">
     17 <script class="testbody" type="text/javascript">
     18   var cookieImage = document.getElementById("cookieImage");
     19   cookieImage.onload = function() {
     20     let myLocation = window.location.href;
     21     let myCookie = document.cookie;
     22     window.opener.postMessage({result: 'upgraded', loc: myLocation, cookie: myCookie}, '*');
     23   }
     24   cookieImage.onerror = function() {
     25     window.opener.postMessage({result: 'error'}, '*');
     26   }
     27   // Add the last number of the old query to the new query to set cookie properly
     28   cookieImage.src = window.location.origin + "/tests/dom/security/test/https-first/file_toplevel_cookies.sjs?setSameSiteCookie"
     29    + window.location.href.charAt(window.location.href.length -1);
     30 </script>
     31 </body>
     32 </html>
     33 `;
     34 
     35 // Load blank frame navigation sends cookie and location after loading
     36 const LOAD_BLANK_FRAME_NAV = `
     37 <html>
     38 <body>
     39 <iframe id="testframe"></iframe>
     40 <script>
     41   let testframe = document.getElementById("testframe");
     42   testframe.onload = function() {
     43     let myLocation = window.location.href;
     44     let myCookie = document.cookie;
     45     window.opener.postMessage({result: 'upgraded', loc: myLocation, cookie: myCookie}, '*');
     46   }
     47   testframe.onerror = function() {
     48     window.opener.postMessage({result: 'error', loc: 'error', cookie: ''}, '*');
     49   }
     50   testframe.src = window.location.origin + "/tests/dom/security/test/https-first/file_toplevel_cookies.sjs?loadblankframeNav";
     51 </script>
     52 </body>
     53 </html>
     54 `;
     55 
     56 // Load frame navigation sends cookie and location after loading
     57 const LOAD_FRAME_NAV = `
     58 <html>
     59 <body>
     60 <iframe id="testframe"></iframe>
     61 <script>
     62   let testframe = document.getElementById("testframe");
     63   testframe.onload = function() {
     64     let myLocation = window.location.href;
     65     let myCookie = document.cookie;
     66     window.opener.postMessage({result: 'upgraded', loc: myLocation, cookie: myCookie}, '*');
     67   }
     68   testframe.onerror = function() {
     69     window.opener.postMessage({result: 'error', loc: 'error', cookie: ''}, '*');
     70   }
     71   testframe.src = window.location.origin + "/tests/dom/security/test/https-first/file_toplevel_cookies.sjs?loadsrcdocframeNav";
     72 </script>
     73 </body>
     74 </html>
     75 
     76 `;
     77 // blank frame sends cookie and location after loading
     78 const LOAD_BLANK_FRAME = `
     79 <html>
     80 <body>
     81 <iframe id="testframe"></iframe>
     82 <script>
     83   let testframe = document.getElementById("testframe");
     84   testframe.onload = function() {
     85     let myLocation = window.location.href;
     86     let myCookie = document.cookie;
     87     window.opener.postMessage({result: 'upgraded', loc: myLocation, cookie: myCookie}, '*');
     88   }
     89   testframe.onerror = function() {
     90     window.opener.postMessage({result: 'error', loc: 'error', cookie: ''}, '*');
     91   }
     92   testframe.src = window.location.origin + "/tests/dom/security/test/https-first/file_toplevel_cookies.sjs?loadblankframeInc";
     93 </script>
     94 </body>
     95 </html>
     96 `;
     97 // frame sends cookie and location after loading
     98 const LOAD_FRAME = `
     99 <html>
    100 <body>
    101 <iframe id="testframe"></iframe>
    102 <script>
    103   let testframe = document.getElementById("testframe");
    104   testframe.onload = function() {
    105     let myLocation = window.location.href;
    106     let myCookie = document.cookie;
    107     window.opener.postMessage({result: 'upgraded', loc: myLocation, cookie: myCookie}, '*');
    108   }
    109   testframe.onerror = function() {
    110     window.opener.postMessage({result: 'error', loc: 'error', cookie: ''}, '*');
    111   }
    112   testframe.src = window.location.origin + "/tests/dom/security/test/https-first/file_toplevel_cookies.sjs?loadsrcdocframeInc";
    113 </script>
    114 </body>
    115 </html>
    116 `;
    117 
    118 const RESPONSE_UNEXPECTED = `
    119   <html>
    120     <body>
    121       send message, error
    122     <script type="application/javascript">
    123       let myLocation = document.location.href;
    124       window.opener.postMessage({result: 'error', loc: myLocation}, '*');
    125     </script>
    126     </body>
    127   </html>`;
    128 
    129 function setCookie(name, query) {
    130   let cookie = name + "=";
    131   if (query.includes("0")) {
    132     cookie += "0;Domain=.example.com;sameSite=none";
    133     return cookie;
    134   }
    135   if (query.includes("1")) {
    136     cookie += "1;Domain=.example.com;sameSite=strict";
    137     return cookie;
    138   }
    139   if (query.includes("2")) {
    140     cookie += "2;Domain=.example.com;sameSite=none;secure";
    141     return cookie;
    142   }
    143   if (query.includes("3")) {
    144     cookie += "3;Domain=.example.com;sameSite=strict;secure";
    145     return cookie;
    146   }
    147   return cookie + "error";
    148 }
    149 
    150 function handleRequest(request, response) {
    151   // avoid confusing cache behaviors
    152   response.setHeader("Cache-Control", "no-cache", false);
    153   let query = request.queryString;
    154   if (query.includes("setImage")) {
    155     response.write(SET_COOKIE_IMG);
    156     return;
    157   }
    158   // using startsWith and discard the math random
    159   if (query.includes("setSameSiteCookie")) {
    160     response.setHeader("Set-Cookie", setCookie("setImage", query), true);
    161     response.setHeader("Content-Type", "image/png");
    162     response.write(IMG_BYTES);
    163     return;
    164   }
    165 
    166   // navigation tests
    167   if (query.includes("loadNavBlank")) {
    168     response.setHeader("Set-Cookie", setCookie("loadNavBlank", query), true);
    169     response.write(LOAD_BLANK_FRAME_NAV);
    170     return;
    171   }
    172 
    173   if (request.queryString === "loadblankframeNav") {
    174     let FRAME = `
    175       <iframe src="about:blank"
    176         // nothing happens here
    177       </iframe>`;
    178     response.write(FRAME);
    179     return;
    180   }
    181 
    182   if (query.includes("loadNav")) {
    183     response.setHeader("Set-Cookie", setCookie("loadNav", query), true);
    184     response.write(LOAD_FRAME_NAV);
    185     return;
    186   }
    187 
    188   if (query === "loadsrcdocframeNav") {
    189     let FRAME = `
    190       <iframe srcdoc="foo"
    191        // nothing happens here
    192       </iframe>`;
    193     response.write(FRAME);
    194     return;
    195   }
    196 
    197   // inclusion tests
    198   if (query.includes("loadframeIncBlank")) {
    199     response.setHeader(
    200       "Set-Cookie",
    201       setCookie("loadframeIncBlank", query),
    202       true
    203     );
    204     response.write(LOAD_BLANK_FRAME);
    205     return;
    206   }
    207 
    208   if (request.queryString === "loadblankframeInc") {
    209     let FRAME =
    210       ` <iframe id="blankframe" src="about:blank"></iframe>
    211       <script>
    212         document.getElementById("blankframe").contentDocument.write("` +
    213       IFRAME_INC +
    214       `");
    215       <\script>`;
    216     response.write(FRAME);
    217     return;
    218   }
    219 
    220   if (query.includes("loadframeInc")) {
    221     response.setHeader("Set-Cookie", setCookie("loadframeInc", query), true);
    222     response.write(LOAD_FRAME);
    223     return;
    224   }
    225 
    226   if (request.queryString === "loadsrcdocframeInc") {
    227     response.write('<iframe srcdoc="' + IFRAME_INC + '"></iframe>');
    228     return;
    229   }
    230 
    231   // We should never arrive here, just in case send 'error'
    232   response.write(RESPONSE_UNEXPECTED);
    233 }