File: csp_iframe.sjs

package info (click to toggle)
firefox-esr 128.13.0esr-1
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid, trixie
  • size: 4,230,012 kB
  • sloc: cpp: 7,103,971; javascript: 6,088,450; ansic: 3,653,980; python: 1,212,330; xml: 594,604; asm: 420,652; java: 182,969; sh: 71,124; makefile: 20,747; perl: 13,449; objc: 12,399; yacc: 4,583; cs: 3,846; pascal: 2,973; lex: 1,720; ruby: 1,194; exp: 762; php: 436; lisp: 258; awk: 247; sql: 66; sed: 54; csh: 10
file content (33 lines) | stat: -rw-r--r-- 1,091 bytes parent folder | download | duplicates (12) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
 
/* Any copyright is dedicated to the Public Domain.
 * http://creativecommons.org/publicdomain/zero/1.0/ */

function handleRequest(request, response) {
  // let's enjoy the amazing CSP setting
  response.setHeader(
    "Content-Security-Policy",
    "frame-ancestors 'self'",
    false
  );

  // let's avoid caching issues
  response.setHeader("Pragma", "no-cache");
  response.setHeader("Cache-Control", "no-cache", false);

  // everything is fine - no needs to worry :)
  response.setStatusLine(request.httpVersion, 200);
  response.setHeader("Content-Type", "text/html", false);
  let txt = "<html><body><h1>CSP Page opened in new window!</h1></body></html>";
  response.write(txt);

  let cookie = request.hasHeader("Cookie")
    ? request.getHeader("Cookie")
    : "<html><body>" +
      "<h2 id='strictCookie'>No same site strict cookie header</h2>" +
      "</body></html>";
  response.write(cookie);

  if (!request.hasHeader("Cookie")) {
    let strictCookie = `matchaCookie=green; Domain=.example.org; SameSite=Strict`;
    response.setHeader("Set-Cookie", strictCookie);
  }
}