2010-07-21 08:51:09 -07:00
|
|
|
// SJS file for X-Frame-Options mochitests
|
|
|
|
function handleRequest(request, response)
|
|
|
|
{
|
|
|
|
var query = {};
|
|
|
|
request.queryString.split('&').forEach(function (val) {
|
|
|
|
var [name, value] = val.split('=');
|
|
|
|
query[name] = unescape(value);
|
|
|
|
});
|
|
|
|
|
|
|
|
response.setHeader("Cache-Control", "no-cache", false);
|
|
|
|
response.setHeader("Content-Type", "text/html", false);
|
|
|
|
|
|
|
|
// X-Frame-Options header value
|
|
|
|
if (query['xfo'] == "deny") {
|
|
|
|
response.setHeader("X-Frame-Options", "DENY", false);
|
|
|
|
}
|
|
|
|
else if (query['xfo'] == "sameorigin") {
|
|
|
|
response.setHeader("X-Frame-Options", "SAMEORIGIN", false);
|
|
|
|
}
|
2012-06-11 09:17:35 -07:00
|
|
|
else if (query['xfo'] == "sameorigin2") {
|
|
|
|
response.setHeader("X-Frame-Options", "SAMEORIGIN, SAMEORIGIN", false);
|
|
|
|
}
|
|
|
|
else if (query['xfo'] == "sameorigin3") {
|
|
|
|
response.setHeader("X-Frame-Options", "SAMEORIGIN,SAMEORIGIN , SAMEORIGIN", false);
|
|
|
|
}
|
|
|
|
else if (query['xfo'] == "mixedpolicy") {
|
|
|
|
response.setHeader("X-Frame-Options", "DENY,SAMEORIGIN", false);
|
|
|
|
}
|
2012-08-27 12:46:24 -07:00
|
|
|
else if (query['xfo'] == "afa") {
|
|
|
|
response.setHeader("X-Frame-Options", "ALLOW-FROM http://mochi.test:8888/", false);
|
|
|
|
}
|
|
|
|
else if (query['xfo'] == "afd") {
|
|
|
|
response.setHeader("X-Frame-Options", "ALLOW-FROM http://example.com/", false);
|
|
|
|
}
|
2010-07-21 08:51:09 -07:00
|
|
|
|
|
|
|
// from the test harness we'll be checking for the presence of this element
|
|
|
|
// to test if the page loaded
|
|
|
|
response.write("<h1 id=\"test\">" + query["testid"] + "</h1>");
|
|
|
|
}
|