def main(request, response):
id = request.GET[b'id']
encoding = request.GET[b'encoding']
mode = request.GET[b'mode']
iframe = u""
if mode == b'NETWORK':
iframe = u"<iframe src='stash.py?q=%%C3%%A5&id=%s&action=put'></iframe>" % isomorphic_decode(
id)
doc = u"""<!doctype html>
<html manifest="manifest.py?id=%s&encoding=%s&mode=%s">
%s
""" % (isomorphic_decode(id), isomorphic_decode(encoding),
isomorphic_decode(mode), iframe)
return [(b"Content-Type", b"text/html; charset=%s" % encoding)
], doc.encode(isomorphic_decode(encoding))
def main(request, response):
# This server is configured so that is accept to receive any requests and
# any cookies the web browser is willing to send.
response.headers.set(b"Access-Control-Allow-Credentials", b"true")
response.headers.set(b'Access-Control-Allow-Methods', b'OPTIONS, GET, POST')
response.headers.set(b'Access-Control-Allow-Headers', b'Content-Type')
response.headers.set(b"Access-Control-Allow-Origin", request.headers.get(b"origin") or '*')
if b"cacheable" in request.GET:
response.headers.set(b"Cache-Control", b"max-age=31536000")
else:
response.headers.set(b'Cache-Control', b'no-cache, no-store, must-revalidate')
# CORS preflight
if request.method == u'OPTIONS':
return b''
uuid = request.GET[b'uuid']
stash = request.server.stash;
# The stash is accessed concurrently by many clients. A lock is used to
# avoid unterleaved read/write from different clients.
with stash.lock:
queue = stash.take(uuid, '/common/dispatcher') or [];
# Push into the |uuid| queue, the requested headers.
if b"show-headers" in request.GET:
headers = {};
for key, value in request.headers.items():
headers[isomorphic_decode(key)] = isomorphic_decode(request.headers[key])
headers = json.dumps(headers);
queue.append(headers);
ret = b'';
# Push into the |uuid| queue, the posted data.
elif request.method == u'POST':
queue.append(request.body)
ret = b'done'
# Pull from the |uuid| queue, the posted data.
else:
if len(queue) == 0:
ret = b'not ready'
else:
ret = queue.pop(0)
stash.put(uuid, queue, '/common/dispatcher')
return ret;
def main(request, response):
headers = [(b'Content-Type', b'application/javascript'),
(b'Cache-Control', b'max-age=86400'),
(b'Last-Modified', isomorphic_encode(time.strftime(u"%a, %d %b %Y %H:%M:%S GMT", time.gmtime())))]
test = request.GET[b'test']
body = u'''
const mainTime = {time:8f};
const testName = {test};
importScripts('update-max-aged-worker-imported-script.py?test={test}');
addEventListener('message', event => {{
event.source.postMessage({{
mainTime,
importTime,
test: {test}
}});
}});
'''.format(
time=time.time(),
test=json.dumps(isomorphic_decode(test))
)
return headers, body
def main(request, response):
if b"increment" in request.GET:
uuid = request.GET[b"increment"]
# First, increment the stash value keyed by `uuid`, and write it back to the
# stash. Writing it back to the stash is necessary since `take()` actually
# removes the value whereas we want to increment it.
stash_value = request.server.stash.take(uuid)
if stash_value is None:
stash_value = 0
request.server.stash.put(uuid, stash_value + 1)
# Return a basic image.
response_headers = [(b"Content-Type", b"image/png")]
image_path = os.path.join(os.path.dirname(isomorphic_decode(__file__)),
u"image.png")
return (200, response_headers, open(image_path, mode='rb').read())
elif b"read" in request.GET:
uuid = request.GET[b"read"]
stash_value = request.server.stash.take(uuid)
if stash_value is None:
stash_value = 0
# Write the stash value keyed by `uuid` back to the stash. This is necessary
# because `take()` actually removes it, but we want a read-only read.
request.server.stash.put(uuid, stash_value)
return (200, [], str(stash_value))
return (404, [], "Not found")
def main(request, response):
"""
Simple handler that sets a response header based on which client hint
request headers were received.
"""
response.headers.append(b"Access-Control-Allow-Origin", b"*")
values = request.GET
name = values.first(b'name')
type = values.first(b'mimeType')
dpr = values.first(b'dpr')
double = None
if b'double' in values:
double = values.first(b'double')
image_path = request.doc_root + u"/".join(
request.url_parts[2].split(u"/")[:-1]) + u"/" + isomorphic_decode(name)
f = open(image_path, "rb")
buff = f.read()
f.close()
response.headers.set(b"Content-Type", type)
response.headers.set(b"Content-DPR", dpr)
if double:
response.headers.append(b"Content-DPR", double)
response.headers.set(b"Content-Length", len(buff))
response.content = buff
def main(request, response):
if b"debug" in request.GET:
"""If '?debug=' is set, return the document for a single test."""
response.writer.write_status(200)
response.writer.end_headers()
html_frame = dump_file(
path.join(request.doc_root, DEFAULT_RESOURCE_DIR),
DEBUGGING_HTML_SCAFFOLD)
test_file = html_frame % (request.GET[b'debug'])
response.writer.write_content(test_file)
return
if b"file" in request.GET:
"""If '?file=' is set, send a cookie and a document which contains the
expectation of which cookies should be set by the browser in response."""
cookie_response = CookieTestResponse(
isomorphic_decode(request.GET[b'file']), request.doc_root)
response.writer.write_status(200)
response.writer.write(cookie_response.cookie_setting_header())
response.writer.end_headers()
response.writer.write_content(cookie_response.body_with_expectation())
return
"""Without any arguments, return documentation and run all available tests."""
response.writer.write_status(200)
response.writer.end_headers()
response.writer.write_content(generate_for_all_tests(request.doc_root))
def main(request, response):
if b'Status' in request.GET:
status = int(request.GET[b"Status"])
else:
status = 302
headers = []
url = isomorphic_decode(request.GET[b'Redirect'])
headers.append((b"Location", url))
if b"ACAOrigin" in request.GET:
for item in request.GET[b"ACAOrigin"].split(b","):
headers.append((b"Access-Control-Allow-Origin", item))
for suffix in [b"Headers", b"Methods", b"Credentials"]:
query = b"ACA%s" % suffix
header = b"Access-Control-Allow-%s" % suffix
if query in request.GET:
headers.append((header, request.GET[query]))
if b"ACEHeaders" in request.GET:
headers.append(
(b"Access-Control-Expose-Headers", request.GET[b"ACEHeaders"]))
return status, headers, b""
def main(request, response):
"""Set a cookie via GET params.
Usage: `/cookie.py?set={cookie}`
The passed-in cookie string should be stringified via JSON.stringify() (in
the case of multiple cookie headers sent in an array) and encoded via
encodeURIComponent, otherwise `parse_qsl` will split on any semicolons
(used by the Request.GET property getter). Note that values returned by
Request.GET will decode any percent-encoded sequences sent in a GET param
(which may or may not be surprising depending on what you're doing).
Note: here we don't use Response.delete_cookie() or similar other methods
in this resources directory because there are edge cases that are impossible
to express via those APIs, namely a bare (`Path`) or empty Path (`Path=`)
attribute. Instead, we pipe through the entire cookie and append `max-age=0`
to it.
"""
headers = setNoCacheAndCORSHeaders(request, response)
if b'set' in request.GET:
cookie = isomorphic_decode(request.GET[b'set'])
cookie = json.loads(cookie)
cookies = cookie if isinstance(cookie, list) else [cookie]
for c in cookies:
set_cookie(headers, c)
if b'location' in request.GET:
headers.append((b'Location', request.GET[b'location']))
return 302, headers, b'{"redirect": true}'
return headers, b'{"success": true}'
def main(request, response):
import datetime, os
srcpath = os.path.join(os.path.dirname(isomorphic_decode(__file__)), u"well-formed.xml")
srcmoddt = datetime.datetime.utcfromtimestamp(os.path.getmtime(srcpath))
response.headers.set(b"Last-Modified", isomorphic_encode(srcmoddt.strftime(u"%a, %d %b %Y %H:%M:%S GMT")))
response.headers.set(b"Content-Type", b"application/xml")
return open(srcpath, u"r").read()
def main(request, response):
message = {}
header = request.headers.get(b"Test-Header-Injection")
message[u'test_header_injection'] = isomorphic_decode(
header) if header else None
header = request.headers.get(b"Sec-Required-CSP")
message[u'required_csp'] = isomorphic_decode(header) if header else None
second_level_iframe_code = u""
if b"include_second_level_iframe" in request.GET:
if b"second_level_iframe_csp" in request.GET and request.GET[
b"second_level_iframe_csp"] != b"":
second_level_iframe_code = u'''<script>
var i2 = document.createElement('iframe');
i2.src = 'echo-required-csp.py';
i2.csp = "{0}";
document.body.appendChild(i2);
</script>'''.format(
isomorphic_decode(request.GET[b"second_level_iframe_csp"]))
else:
second_level_iframe_code = u'''<script>
var i2 = document.createElement('iframe');
i2.src = 'echo-required-csp.py';
document.body.appendChild(i2);
</script>'''
return [(b"Content-Type", b"text/html"), (b"Allow-CSP-From", b"*")], u'''
<!DOCTYPE html>
<html>
<head>
<!--{2}-->
<script>
window.addEventListener('message', function(e) {{
window.parent.postMessage(e.data, '*');
}});
window.parent.postMessage({0}, '*');
</script>
</head>
<body>
{1}
</body>
</html>
'''.format(json.dumps(message), second_level_iframe_code, str(request.headers))
def parse_qs_str(query_str):
if PY3:
args = parse_qs(isomorphic_decode(query_str), keep_blank_values=True, encoding=u'iso-8859-1')
binary_args = {}
for key, val in args.items():
binary_args[isomorphic_encode(key)] = [isomorphic_encode(x) for x in val]
return binary_args
else:
return parse_qs(query_str, keep_blank_values=True)
def main(request, response):
path = os.path.join(os.path.dirname(isomorphic_decode(__file__)),
u"test-request-mode-worker.js")
body = open(path, u"rb").read()
data = {
isomorphic_decode(key): isomorphic_decode(request.headers[key])
for key, value in request.headers.items()
}
body = body.replace(b"%HEADERS%", json.dumps(data).encode("utf-8"))
body = body.replace(b"%UUID%", str(uuid.uuid4()).encode("utf-8"))
headers = []
headers.append((b"ETag", b"etag"))
headers.append((b"Content-Type", b'text/javascript'))
return headers, body
def main(request, response):
referrer = request.headers.get(b"referer", b"")
expected_referrer = request.GET.first(b"expected_referrer", b"")
response_headers = [(b"Content-Type", b"image/png")]
if referrer == expected_referrer:
image_path = os.path.join(os.path.dirname(isomorphic_decode(__file__)),
u"image.png")
return (200, response_headers, open(image_path, mode='rb').read())
return (404, response_headers, u"Not found")
def main(request, response):
header = [(b'Content-Type', b'text/html')]
if b'test' in request.GET:
with open(
os.path.join(os.path.dirname(isomorphic_decode(__file__)),
u'blank.html'), u'r') as f:
body = f.read()
return (header, body)
if b'sandbox' in request.GET:
header.append((b'Content-Security-Policy',
b'sandbox %s' % request.GET[b'sandbox']))
with open(
os.path.join(os.path.dirname(isomorphic_decode(__file__)),
u'sandboxed-iframe-fetch-event-iframe.html'),
u'r') as f:
body = f.read()
return (header, body)
def main(request, response):
response.headers.set(b"Cache-Control", b"no-store")
# This should be a simple request; deny preflight
if request.method != u"POST":
response.status = 400
return
response.headers.set(b"Access-Control-Allow-Credentials", b"true")
response.headers.set(b"Access-Control-Allow-Origin",
request.headers.get(b"origin"))
for header in [
b"Accept", b"Accept-Language", b"Content-Language", b"Content-Type"
]:
value = request.headers.get(header)
response.content += isomorphic_decode(header) + u": " + (
isomorphic_decode(value) if value else u"<None>") + u'\n'
def main(request, response):
# The response served is cacheable by the navigator:
response.headers.set(b"Cache-Control", b"max-age=31536000");
uuid = request.GET[b'uuid'];
headers = {};
for key, value in request.headers.items():
headers[isomorphic_decode(key)] = isomorphic_decode(request.headers[key])
headers = json.dumps(headers);
# The stash is accessed concurrently by many clients. A lock is used to
# avoid unterleaved read/write from different clients.
stash = request.server.stash;
with stash.lock:
queue = stash.take(uuid, '/coep-credentialless') or [];
queue.append(headers);
stash.put(uuid, queue, '/coep-credentialless');
return b"done";
def get_template(template_basename):
script_directory = os.path.dirname(
os.path.abspath(isomorphic_decode(__file__)))
template_directory = os.path.abspath(
os.path.join(script_directory, u"template"))
template_filename = os.path.join(template_directory, template_basename)
with open(template_filename, "r") as f:
return f.read()
def main(request, response):
CertChainMimeType = b"application/cert-chain+cbor"
if request.headers.get(b"Accept") != CertChainMimeType:
return 400, [], u"Bad Request"
path = os.path.join(os.path.dirname(isomorphic_decode(__file__)), u"127.0.0.1.sxg.pem.cbor")
body = open(path, u"rb").read()
return 200, [(b"Content-Type", CertChainMimeType)], body
def main(request, response):
index = isomorphic_encode(request.request_path).index(b"?")
args = isomorphic_encode(request.request_path[index + 1:]).split(b"&")
headers = []
statusSent = False
headersSent = False
for arg in args:
if arg.startswith(b"ignored"):
continue
elif arg.endswith(b"ms"):
sleep.sleep_at_least(float(arg[0:-2]))
elif arg.startswith(b"redirect:"):
return (302, u"WEBPERF MARKETING"), [
(b"Location", unquote(isomorphic_decode(arg[9:])))
], u"TEST"
elif arg.startswith(b"mime:"):
headers.append(
(b"Content-Type", unquote(isomorphic_decode(arg[5:]))))
elif arg.startswith(b"send:"):
text = unquote(isomorphic_decode(arg[5:]))
if not statusSent:
# Default to a 200 status code.
response.writer.write_status(200)
statusSent = True
if not headersSent:
for key, value in headers:
response.writer.write_header(key, value)
response.writer.end_headers()
headersSent = True
response.writer.write_content(text)
elif arg.startswith(b"status:"):
code = int(unquote(isomorphic_decode(arg[7:])))
response.writer.write_status(code)
if code // 100 == 1:
# Terminate informational 1XX responses with an empty line.
response.writer.end_headers()
else:
statusSent = True
elif arg == b"flush":
response.writer.flush()
def main(request, response):
purpose = request.headers.get(b"purpose")
if (purpose == b'prefetch' and b"code" in request.GET):
code = int(request.GET.first(b"code"))
else:
code = 200
with open(os.path.join(os.path.dirname(isomorphic_decode(__file__)), "exec.html"), u"r") as fn:
response.content = fn.read()
response.status = code
def main(request, response):
testinput = request.POST.first(b"testinput")
if PY3:
# The test asserts the string representation of this FieldStorage
# object, but unfortunately the value property has different types in
# Python 2 and 3. Unify them to native strings.
testinput.value = isomorphic_decode(testinput.value)
return ([(b"Content-Type", b"text/html")
], u"<script>parent.postMessage(\"" + str(testinput) +
u"\", '*');</script>")
def respond(request,
response,
status_code=200,
content_type=b"text/html",
payload_generator=__noop,
cache_control=b"no-cache; must-revalidate",
access_control_allow_origin=b"*",
maybe_additional_headers=None):
if preprocess_redirection(request, response):
return
if preprocess_stash_action(request, response):
return
response.add_required_headers = False
response.writer.write_status(status_code)
if access_control_allow_origin != None:
response.writer.write_header(b"access-control-allow-origin",
access_control_allow_origin)
response.writer.write_header(b"content-type", content_type)
response.writer.write_header(b"cache-control", cache_control)
additional_headers = maybe_additional_headers or {}
for header, value in additional_headers.items():
response.writer.write_header(header, value)
response.writer.end_headers()
new_headers = {}
new_val = []
for key, val in request.headers.items():
if len(val) == 1:
new_val = isomorphic_decode(val[0])
else:
new_val = [isomorphic_decode(x) for x in val]
new_headers[isomorphic_decode(key)] = new_val
server_data = {u"headers": json.dumps(new_headers, indent=4)}
payload = payload_generator(server_data)
response.writer.write(payload)
def main(request, response):
"""Serves the contents in blue.png but with a Cache-Control header.
Emits a Cache-Control header with max-age set to 1h to allow the browser
cache the image. Used for testing behaviors involving caching logics.
"""
image_path = os.path.join(os.path.dirname(isomorphic_decode(__file__)),
u"blue.png")
response.headers.set(b"Cache-Control", b"max-age=3600")
response.headers.set(b"Content-Type", b"image/png")
response.content = open(image_path, mode='rb').read()
def main(request, response):
headers = [(b"Content-Type", b"text/plain"),
(b"Cache-Control", b"no-cache"), (b"Pragma", b"no-cache")]
if b"store" in request.GET:
request.server.stash.put(
request.GET[b'token'],
isomorphic_decode(request.headers.get(b"DNT", b"-1")))
return 200, headers, ""
return 200, headers, str(request.server.stash.take(request.GET[b'token']))
def main(request, response):
# update() does not bypass cache so set the max-age to 0 such that update()
# can find a new version in the network.
headers = [(b'Cache-Control', b'max-age: 0'),
(b'Content-Type', b'application/javascript')]
with open(
os.path.join(os.path.dirname(isomorphic_decode(__file__)),
u'update-worker.js'), u'r') as file:
script = file.read()
# Return a different script for each access.
return headers, u'// %s\n%s' % (time.time(), script)
def main(request, response):
msg = {}
headers = [(b'Content-Type', b'text/html')]
srdp = request.headers.get(b'Sec-Required-Document-Policy')
if srdp:
msg[u'requiredPolicy'] = isomorphic_decode(srdp)
headers.append((b'Document-Policy', srdp))
frameId = request.GET.first(b'id', None)
if frameId:
msg[u'id'] = isomorphic_decode(frameId)
content = u"""<!DOCTYPE html>
<script>
top.postMessage(%s, "*");
</script>
%s
""" % (json.dumps(msg), isomorphic_decode(srdp) if srdp != None else srdp)
return (200, u'OK'), headers, content
def handle_headers(frame, request, response):
status = 302
if b'redirect_status' in request.GET:
status = int(request.GET[b'redirect_status'])
response.status = status
if b'location' in request.GET:
url = isomorphic_decode(request.GET[b'location'])
response.headers[b'Location'] = isomorphic_encode(url)
response.headers.update([('Content-Type', 'text/plain')])
response.write_status_headers()
def preprocess_stash_action(request, response):
if b"action" not in request.GET:
return False
action = request.GET[b"action"]
key = request.GET[b"key"]
stash = request.server.stash
path = request.GET[b"path"] if b"path" in request.GET \
else isomorphic_encode(request.url.split(u'?')[0])
if action == b"put":
value = isomorphic_decode(request.GET[b"value"])
stash.take(key=key, path=path)
stash.put(key=key, value=value, path=path)
response_data = json.dumps({
u"status": u"success",
u"result": isomorphic_decode(key)
})
elif action == b"purge":
value = stash.take(key=key, path=path)
return False
elif action == b"take":
value = stash.take(key=key, path=path)
if value is None:
status = u"allowed"
else:
status = u"blocked"
response_data = json.dumps({u"status": status, u"result": value})
else:
return False
response.add_required_headers = False
response.writer.write_status(200)
response.writer.write_header(b"content-type", b"text/javascript")
response.writer.write_header(b"cache-control",
b"no-cache; must-revalidate")
response.writer.end_headers()
response.writer.write(response_data)
return True
def main(request, response):
"""
Simple handler that returns an HTML response that passes when the required
Client Hints are received as request headers.
"""
values = [
b"Device-Memory", b"DPR", b"Viewport-Width", b"Sec-CH-UA",
b"Sec-CH-UA-Mobile"
]
result = u"PASS"
log = u""
for value in values:
should = (request.GET[value.lower()] == b"true")
present = request.headers.get(
value.lower()) or request.headers.get(value)
if present:
log += isomorphic_decode(value) + u" " + str(
should) + u" " + isomorphic_decode(present) + u", "
else:
log += isomorphic_decode(value) + u" " + str(should) + u" " + str(
present) + u", "
if (should and not present) or (not should and present):
if present:
result = u"FAIL " + isomorphic_decode(value) + u" " + str(
should) + u" " + isomorphic_decode(present)
else:
result = u"FAIL " + isomorphic_decode(value) + u" " + str(
should) + u" " + str(present)
break
response.headers.append(b"Access-Control-Allow-Origin", b"*")
body = u"<script>console.log('" + log + u"'); window.parent.postMessage('" + result + u"', '*');</script>"
response.content = body
def handle_fetch_file(request, response, partition_id, uuid):
subresource_origin = request.GET.first(b"subresource_origin", None)
rel_path = request.GET.first(b"path", None)
# This needs to be passed on to subresources so they all have access to it.
include_credentials = request.GET.first(b"include_credentials", None)
if not subresource_origin or not rel_path or not include_credentials:
return simple_response(request, response, 404, b"Not found", b"Invalid query parameters")
cur_path = os.path.realpath(isomorphic_decode(__file__))
base_path = os.path.abspath(os.path.join(os.path.dirname(cur_path), os.pardir, os.pardir, os.pardir))
path = os.path.abspath(os.path.join(base_path, isomorphic_decode(rel_path)))
# Basic security check.
if not path.startswith(base_path):
return simple_response(request, response, 404, b"Not found", b"Invalid path")
sandbox = request.GET.first(b"sandbox", None)
if sandbox == b"true":
response.headers.set(b"Content-Security-Policy", b"sandbox allow-scripts")
file = open(path, mode="rb")
body = file.read()
file.close()
subresource_path = b"/" + isomorphic_encode(os.path.relpath(isomorphic_decode(__file__), base_path)).replace(b'\\', b'/')
subresource_params = b"?partition_id=" + partition_id + b"&uuid=" + uuid + b"&subresource_origin=" + subresource_origin + b"&include_credentials=" + include_credentials
body = body.replace(b"SUBRESOURCE_PREFIX:", subresource_origin + subresource_path + subresource_params)
other_origin = request.GET.first(b"other_origin", None)
if other_origin:
body = body.replace(b"OTHER_PREFIX:", other_origin + subresource_path + subresource_params)
mimetypes.init()
mimetype_pair = mimetypes.guess_type(path)
mimetype = mimetype_pair[0]
if mimetype == None or mimetype_pair[1] != None:
return simple_response(request, response, 500, b"Server Error", b"Unknown MIME type")
return simple_response(request, response, 200, b"OK", body, mimetype)
