Source code

Revision control

Copy as Markdown

Other Tools

// Custom *.sjs file specifically for the needs of Bug:
// Bug 1139297 - Implement CSP upgrade-insecure-requests directive
function handleRequest(request, response) {
// avoid confusing cache behaviors
response.setHeader("Cache-Control", "no-cache", false);
// perform sanity check and make sure that all requests get upgraded to use https
if (request.scheme !== "https") {
response.write("request not https");
return;
}
var queryString = request.queryString;
// TEST 1
if (queryString === "test1") {
var newLocation =
response.setStatusLine("1.1", 302, "Found");
response.setHeader("Location", newLocation, false);
return;
}
if (queryString === "redir-test1") {
response.write("test1-no-cors-ok");
return;
}
// TEST 2
if (queryString === "test2") {
var newLocation =
response.setStatusLine("1.1", 302, "Found");
response.setHeader("Location", newLocation, false);
return;
}
if (queryString === "redir-test2") {
response.write("test2-no-cors-diffport-ok");
return;
}
// TEST 3
response.setHeader("Access-Control-Allow-Headers", "content-type", false);
response.setHeader("Access-Control-Allow-Methods", "POST, GET", false);
response.setHeader("Access-Control-Allow-Origin", "*", false);
if (queryString === "test3") {
var newLocation =
response.setStatusLine("1.1", 302, "Found");
response.setHeader("Location", newLocation, false);
return;
}
if (queryString === "redir-test3") {
response.write("test3-cors-ok");
return;
}
// we should not get here, but just in case return something unexpected
response.write("d'oh");
}