/security/manager/ssl/tests/mochitest/stricttransportsecurity/verify.sjs

http://github.com/zpao/v8monkey · Unknown · 80 lines · 76 code · 4 blank · 0 comment · 0 complexity · a62152b432f57690bc235540e5576df3 MD5 · raw file

  1. /* ***** BEGIN LICENSE BLOCK *****
  2. * Version: MPL 1.1/GPL 2.0/LGPL 2.1
  3. *
  4. * The contents of this file are subject to the Mozilla Public License Version
  5. * 1.1 (the "License"); you may not use this file except in compliance with
  6. * the License. You may obtain a copy of the License at
  7. * http://www.mozilla.org/MPL/
  8. *
  9. * Software distributed under the License is distributed on an "AS IS" basis,
  10. * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
  11. * for the specific language governing rights and limitations under the
  12. * License.
  13. *
  14. * The Original Code is Strict-Transport-Security.
  15. *
  16. * The Initial Developer of the Original Code is
  17. * Mozilla Foundation.
  18. * Portions created by the Initial Developer are Copyright (C) 2010
  19. * the Initial Developer. All Rights Reserved.
  20. *
  21. * Contributor(s):
  22. * Sid Stamm <sid@mozilla.com>
  23. *
  24. * Alternatively, the contents of this file may be used under the terms of
  25. * either the GNU General Public License Version 2 or later (the "GPL"), or
  26. * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
  27. * in which case the provisions of the GPL or the LGPL are applicable instead
  28. * of those above. If you wish to allow use of your version of this file only
  29. * under the terms of either the GPL or the LGPL, and not to allow others to
  30. * use your version of this file under the terms of the MPL, indicate your
  31. * decision by deleting the provisions above and replace them with the notice
  32. * and other provisions required by the GPL or the LGPL. If you do not delete
  33. * the provisions above, a recipient may use your version of this file under
  34. * the terms of any one of the MPL, the GPL or the LGPL.
  35. *
  36. * ***** END LICENSE BLOCK ***** */
  37. // SJS file that serves un-cacheable responses for STS tests that postMessage
  38. // to the parent saying whether or not they were loaded securely.
  39. function handleRequest(request, response)
  40. {
  41. var query = {};
  42. request.queryString.split('&').forEach(function (val) {
  43. var [name, value] = val.split('=');
  44. query[name] = unescape(value);
  45. });
  46. response.setHeader("Cache-Control", "no-cache", false);
  47. response.setHeader("Content-Type", "text/html", false);
  48. if ('id' in query) {
  49. var outstr = [
  50. " <!DOCTYPE html>",
  51. " <html> <head> <title>subframe for STS</title>",
  52. " <script type='text/javascript'>",
  53. " var self = window;",
  54. " window.addEventListener('load', function() {",
  55. " if (document.location.protocol === 'https:') {",
  56. " self.parent.postMessage('SECURE " + query['id'] + "',",
  57. " 'http://mochi.test:8888');",
  58. " } else {",
  59. " self.parent.postMessage('INSECURE " + query['id'] + "',",
  60. " 'http://mochi.test:8888');",
  61. " }",
  62. " }, false);",
  63. " </script>",
  64. " </head>",
  65. " <body>",
  66. " STS state verification frame loaded via",
  67. " <script>",
  68. " document.write(document.location.protocol);",
  69. " </script>",
  70. " </body>",
  71. " </html>"].join("\n");
  72. response.write(outstr);
  73. } else {
  74. response.write("ERROR: no id provided");
  75. }
  76. }