file_upgrade_insecure_server.sjs (3475B)
1 // SJS file for https-first Mode mochitests 2 // Bug 1704454 - HTTPS First Mode 3 4 const TOTAL_EXPECTED_REQUESTS = 12; 5 6 const IFRAME_CONTENT = 7 "<!DOCTYPE HTML>" + 8 "<html>" + 9 "<head><meta charset='utf-8'>" + 10 "<title>Bug 1704454 - Test HTTPS First Mode</title>" + 11 "</head>" + 12 "<body>" + 13 "<img src='http://example.com/tests/dom/security/test/https-first/file_upgrade_insecure_server.sjs?nested-img'></img>" + 14 "</body>" + 15 "</html>"; 16 17 const expectedQueries = [ 18 "script", 19 "style", 20 "img", 21 "iframe", 22 "form", 23 "xhr", 24 "media", 25 "object", 26 "font", 27 "img-redir", 28 "nested-img", 29 "top-level", 30 ]; 31 32 function handleRequest(request, response) { 33 // avoid confusing cache behaviors 34 response.setHeader("Cache-Control", "no-cache", false); 35 var queryString = request.queryString; 36 37 // initialize server variables and save the object state 38 // of the initial request, which returns async once the 39 // server has processed all requests. 40 if (queryString == "queryresult") { 41 setState("totaltests", TOTAL_EXPECTED_REQUESTS.toString()); 42 setState("receivedQueries", ""); 43 response.processAsync(); 44 setObjectState("queryResult", response); 45 return; 46 } 47 48 // handle img redirect (https->http) 49 if (queryString == "redirect-image") { 50 var newLocation = 51 "http://example.com/tests/dom/security/test/https-first/file_upgrade_insecure_server.sjs?img-redir"; 52 response.setStatusLine("1.1", 302, "Found"); 53 response.setHeader("Location", newLocation, false); 54 return; 55 } 56 57 // just in case error handling for unexpected queries 58 if (!expectedQueries.includes(queryString)) { 59 response.write("unexpected-response"); 60 return; 61 } 62 63 // make sure all the requested queries aren't upgraded to https 64 // except of toplevel requests 65 if (queryString === "top-level") { 66 queryString += request.scheme === "https" ? "-ok" : "-error"; 67 } else { 68 queryString += request.scheme === "http" ? "-ok" : "-error"; 69 } 70 var receivedQueries = getState("receivedQueries"); 71 72 // images, scripts, etc. get queried twice, do not 73 // confuse the server by storing the preload as 74 // well as the actual load. If either the preload 75 // or the actual load is not https, then we would 76 // append "-error" in the array and the test would 77 // fail at the end. 78 79 // append the result to the total query string array 80 if (receivedQueries != "") { 81 receivedQueries += ","; 82 } 83 receivedQueries += queryString; 84 setState("receivedQueries", receivedQueries); 85 86 // keep track of how many more requests the server 87 // is expecting 88 var totaltests = parseInt(getState("totaltests")); 89 totaltests -= 1; 90 setState("totaltests", totaltests.toString()); 91 92 // return content (img) for the nested iframe to test 93 // that subresource requests within nested contexts 94 // get upgraded as well. We also have to return 95 // the iframe context in case of an error so we 96 // can test both, using upgrade-insecure as well 97 // as the base case of not using upgrade-insecure. 98 if (queryString == "iframe-ok" || queryString == "iframe-error") { 99 response.write(IFRAME_CONTENT); 100 } 101 102 // if we have received all the requests, we return 103 // the result back. 104 if (totaltests == 0) { 105 getObjectState("queryResult", function (queryResponse) { 106 if (!queryResponse) { 107 return; 108 } 109 var receivedQueries = getState("receivedQueries"); 110 queryResponse.write(receivedQueries); 111 queryResponse.finish(); 112 }); 113 } 114 }