File: file_upgrade_insecure_loopback_server.sjs

package info (click to toggle)

firefox-esr 128.14.0esr-1~deb12u1

links: PTS, VCS
area: main
in suites: bookworm
size: 4,230,248 kB
sloc: cpp: 7,104,262; javascript: 6,088,450; ansic: 3,654,017; python: 1,212,326; xml: 594,604; asm: 420,654; java: 182,969; sh: 71,124; makefile: 20,739; perl: 13,449; objc: 12,399; yacc: 4,583; cs: 3,846; pascal: 2,973; lex: 1,720; ruby: 1,194; exp: 762; php: 436; lisp: 258; awk: 247; sql: 66; sed: 54; csh: 10

file content (22 lines) | stat: -rw-r--r-- 806 bytes

parent folder | download | duplicates (18)

// Custom *.sjs file specifically for the needs of Bug:
// Bug 1447784 - Implement CSP upgrade-insecure-requests directive

function handleRequest(request, response) {
  response.setHeader("Access-Control-Allow-Headers", "content-type", false);
  response.setHeader("Access-Control-Allow-Methods", "GET", false);
  response.setHeader("Access-Control-Allow-Origin", "*", false);

  // avoid confusing cache behaviors
  response.setHeader("Cache-Control", "no-cache", false);

  // perform sanity check and make sure that all requests get upgraded to use https
  if (request.scheme !== "https") {
    response.write("request-not-https");
    return;
  } else {
    response.write("request-is-https");
  }

  // we should not get here, but just in case return something unexpected
  response.write("d'oh");
}