File: csp-sandbox.py

package info (click to toggle)
thunderbird 1%3A140.4.0esr-1
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid
  • size: 4,609,432 kB
  • sloc: cpp: 7,672,442; javascript: 5,901,613; ansic: 3,898,954; python: 1,413,343; xml: 653,997; asm: 462,286; java: 180,927; sh: 113,489; makefile: 20,460; perl: 14,288; objc: 13,059; yacc: 4,583; pascal: 3,352; lex: 1,720; ruby: 1,222; exp: 762; sql: 715; awk: 580; php: 436; lisp: 430; sed: 70; csh: 10
file content (29 lines) | stat: -rw-r--r-- 1,016 bytes parent folder | download | duplicates (18) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
 
def main(request, response):
    coop = request.GET.first(b"coop")
    coep = request.GET.first(b"coep")
    sandbox = request.GET.first(b"sandbox")
    if coop != "":
        response.headers.set(b"Cross-Origin-Opener-Policy", coop)
    if coep != "":
        response.headers.set(b"Cross-Origin-Embedder-Policy", coep)
    response.headers.set(b"Content-Security-Policy", b"sandbox " + sandbox + b";")

    # Open a popup to coop-coep.py with the same parameters (except sandbox)
    response.content = b"""
<!doctype html>
<meta charset=utf-8>
<script src="/common/get-host-info.sub.js"></script>
<script src="/html/cross-origin-opener-policy/resources/fully-loaded.js"></script>
<script>
  const params = new URL(location).searchParams;
  params.delete("sandbox");
  const navigate = params.get("navigate");
  if (navigate) {
    fullyLoaded().then(() => {
      self.location = navigate;
    });
  } else {
    window.open(`/html/cross-origin-opener-policy/resources/coop-coep.py?${params}`);
  }
</script>
"""