csp-sandbox.py (1016B)
1 def main(request, response): 2 coop = request.GET.first(b"coop") 3 coep = request.GET.first(b"coep") 4 sandbox = request.GET.first(b"sandbox") 5 if coop != "": 6 response.headers.set(b"Cross-Origin-Opener-Policy", coop) 7 if coep != "": 8 response.headers.set(b"Cross-Origin-Embedder-Policy", coep) 9 response.headers.set(b"Content-Security-Policy", b"sandbox " + sandbox + b";") 10 11 # Open a popup to coop-coep.py with the same parameters (except sandbox) 12 response.content = b""" 13 <!doctype html> 14 <meta charset=utf-8> 15 <script src="/common/get-host-info.sub.js"></script> 16 <script src="/html/cross-origin-opener-policy/resources/fully-loaded.js"></script> 17 <script> 18 const params = new URL(location).searchParams; 19 params.delete("sandbox"); 20 const navigate = params.get("navigate"); 21 if (navigate) { 22 fullyLoaded().then(() => { 23 self.location = navigate; 24 }); 25 } else { 26 window.open(`/html/cross-origin-opener-policy/resources/coop-coep.py?${params}`); 27 } 28 </script> 29 """