-
Notifications
You must be signed in to change notification settings - Fork 0
/
server.js
57 lines (47 loc) · 1.48 KB
/
server.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
const http = require('http');
const crypto = require('crypto');
const port = process.env.PORT || 8080;
const escapeHtml = (unsafeHtml) =>
unsafeHtml.replace(/&/g, '&')
.replace(/</g, '<').replace(/>/g, '>')
.replace(/"/g, '"').replace(/'/g, ''')
.replace(/{/g, '{').replace(/}/g, '}');
const server = http.createServer((req, res) => {
if (req.url !== '/' || req.method !== 'GET') {
res.writeHead(404);
res.end();
return;
}
const nonce = crypto.randomBytes(12).toString('base64');
const headers = JSON.stringify(req.headers, undefined, 2);
const body = `<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<style nonce="${nonce}">
body { font-family: sans-serif; font-size: 14px; }
</style>
</head>
<body>
<pre>${escapeHtml(headers)}</pre>
</body>
</html>`;
res.writeHead(200, {
'Content-Type': 'text/html; charset=utf-8',
'Content-Length': Buffer.byteLength(body),
'Cache-Control': 'no-cache, no-store',
'X-Content-Type-Options': 'nosniff',
'X-Frame-Options': 'deny',
'X-XSS-Protection': '1; mode=block',
'Content-Security-Policy': `default-src 'self'; style-src 'nonce-${nonce}'; frame-ancestors 'none';`
});
res.end(body);
});
server.listen(port, (err) => {
if (!err) {
console.log(`Listening on port ${port}...`);
}
});
process.on('SIGINT', () => {
process.exit(130 /* 128 + SIGINT */);
});