File: csp-sandbox.py

package info (click to toggle)
firefox 145.0.1-1
  • links: PTS, VCS
  • area: main
  • in suites: sid
  • size: 4,653,528 kB
  • sloc: cpp: 7,594,999; javascript: 6,459,658; ansic: 3,752,909; python: 1,403,455; xml: 629,809; asm: 438,679; java: 186,421; sh: 67,287; makefile: 19,169; objc: 13,086; perl: 12,982; yacc: 4,583; cs: 3,846; pascal: 3,448; lex: 1,720; ruby: 1,003; exp: 762; php: 436; lisp: 258; awk: 247; sql: 66; sed: 54; csh: 10
file content (29 lines) | stat: -rw-r--r-- 1,016 bytes parent folder | download | duplicates (18) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
 
def main(request, response):
    coop = request.GET.first(b"coop")
    coep = request.GET.first(b"coep")
    sandbox = request.GET.first(b"sandbox")
    if coop != "":
        response.headers.set(b"Cross-Origin-Opener-Policy", coop)
    if coep != "":
        response.headers.set(b"Cross-Origin-Embedder-Policy", coep)
    response.headers.set(b"Content-Security-Policy", b"sandbox " + sandbox + b";")

    # Open a popup to coop-coep.py with the same parameters (except sandbox)
    response.content = b"""
<!doctype html>
<meta charset=utf-8>
<script src="/common/get-host-info.sub.js"></script>
<script src="/html/cross-origin-opener-policy/resources/fully-loaded.js"></script>
<script>
  const params = new URL(location).searchParams;
  params.delete("sandbox");
  const navigate = params.get("navigate");
  if (navigate) {
    fullyLoaded().then(() => {
      self.location = navigate;
    });
  } else {
    window.open(`/html/cross-origin-opener-policy/resources/coop-coep.py?${params}`);
  }
</script>
"""