| // This horrible hack is needed for the 'use-credentials' tests because, on |
| // response, if port 80 or 443 is the current port, it will not appear to |
| // the browser as part of the origin string. Since the origin *string* is |
| // used for CORS access control, instead of the origin itself, if there |
| // isn't an exact string match, the check will fail. For example, |
| // "http://example.com" would not match "http://example.com:80", because |
| // they are not exact string matches, even though the origins are the same. |
| // |
| // Thus, we only want the Access-Control-Allow-Origin header to have |
| // the port if it's not port 80 or 443, since the user agent will elide the |
| // ports in those cases. |
| const main_domain = "{{domains[]}}"; |
| const www_domain = "{{domains[www]}}"; |
| const default_port = (location.protocol === "https:") ? "{{ports[https][0]}}" : |
| "{{ports[http][0]}}"; |
| |
| const port_string = (default_port !== "80" && default_port !== "443") ? |
| `:${default_port}` : ""; |
| const www_host_and_port = www_domain + port_string; |
| |
| // General resource prefixes. |
| const same_origin_prefix = '/subresource-integrity/'; |
| const xorigin_prefix = `${location.protocol}//${www_host_and_port}/subresource-integrity/`; |
| |
| // Note that all of these style URLs have query parameters started, so any |
| // additional parameters should be appended starting with '&'. |
| const xorigin_anon_style = location.protocol |
| + '//' + www_host_and_port |
| + '/subresource-integrity/crossorigin-anon-style.css?'; |
| |
| const xorigin_creds_style = location.protocol |
| + '//' + www_host_and_port |
| + '/subresource-integrity/crossorigin-creds-style.css?acao_port=' |
| + port_string; |
| |
| const xorigin_ineligible_style = location.protocol |
| + '//' + www_host_and_port |
| + '/subresource-integrity/crossorigin-ineligible-style.css?'; |