File: sri-test-helpers.sub.js

package info (click to toggle)
firefox-esr 78.15.0esr-1~deb11u1
  • links: PTS, VCS
  • area: main
  • in suites: bullseye
  • size: 3,301,156 kB
  • sloc: cpp: 5,665,905; javascript: 4,798,386; ansic: 2,878,233; python: 977,004; asm: 270,347; xml: 181,456; java: 111,756; sh: 72,926; makefile: 21,819; perl: 13,380; cs: 4,725; yacc: 4,565; objc: 3,026; pascal: 1,787; lex: 1,720; ada: 1,681; exp: 505; php: 436; lisp: 260; awk: 152; ruby: 103; csh: 80; sed: 53; sql: 45
file content (43 lines) | stat: -rw-r--r-- 2,133 bytes parent folder | download | duplicates (26) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
 
// This horrible hack is needed for the 'use-credentials' tests because, on
// response, if port 80 or 443 is the current port, it will not appear to
// the browser as part of the origin string. Since the origin *string* is
// used for CORS access control, instead of the origin itself, if there
// isn't an exact string match, the check will fail. For example,
// "http://example.com" would not match "http://example.com:80", because
// they are not exact string matches, even though the origins are the same.
//
// Thus, we only want the Access-Control-Allow-Origin header to have
// the port if it's not port 80 or 443, since the user agent will elide the
// ports in those cases.
const main_domain = '{{domains[]}}';
const www_domain = '{{domains[www]}}';
const default_port = (location.protocol === 'https:') ? '{{ports[https][0]}}' :
                                                        '{{ports[http][0]}}';

const port_string = (default_port !== '80' && default_port !== '443') ?
                      `:${default_port}` : '';
const www_host_and_port = www_domain + port_string;

// General resource prefixes.
const same_origin_prefix = '/subresource-integrity/';
const xorigin_prefix = `${location.protocol}//${www_host_and_port}/subresource-integrity/`;

// General resource suffixes, for piping CORS headers.
const anonymous = '&pipe=header(Access-Control-Allow-Origin,*)';
const use_credentials = "&pipe=header(Access-Control-Allow-Credentials,true)|" +
                        "header(Access-Control-Allow-Origin," + location.origin + ")";

// Note that all of these style URLs have query parameters started, so any
// additional parameters should be appended starting with '&'.
const xorigin_anon_style = location.protocol
  + '//' + www_host_and_port
  + '/subresource-integrity/crossorigin-anon-style.css?';

const xorigin_creds_style = location.protocol
  + '//' + www_host_and_port
  + '/subresource-integrity/crossorigin-creds-style.css?acao_port='
  + port_string;

const xorigin_ineligible_style = location.protocol
  + '//' + www_host_and_port
  + '/subresource-integrity/crossorigin-ineligible-style.css?';