From 57b27945ab910d9b3bc69d73980f8fce546777e7 Mon Sep 17 00:00:00 2001
From: Austin King <shout@ozten.com>
Date: Fri, 9 Mar 2012 17:24:51 -0800
Subject: [PATCH] Adding X-Frame-Options detection and 200 check for auth and
 provisioning urls

---
 scripts/check_primary_support | 49 +++++++++++++++++++++++++++++++++--
 1 file changed, 47 insertions(+), 2 deletions(-)

diff --git a/scripts/check_primary_support b/scripts/check_primary_support
index 3a2327fb8..205ed231e 100755
--- a/scripts/check_primary_support
+++ b/scripts/check_primary_support
@@ -5,6 +5,9 @@
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 const
+https = require('https'),
+und = require('underscore'),
+
 primary = require('../lib/primary'),
 logging = require('../lib/logging.js');
 
@@ -15,11 +18,53 @@ if (process.argv.length !== 3) {
   console.log('Usage:', process.argv[1], '<domain>');
   process.exit(1);
 }
+var domain = process.argv[2];
 
-primary.checkSupport(process.argv[2], function(err, urls, publicKey) {
+primary.checkSupport(domain, function(err, urls, publicKey) {
   if (err) {
     process.stderr.write("error: " + err + "\n");
     process.exit(1);
   }
-  console.log(urls, publicKey);
+  console.log('Priary domain: ', domain);
+  console.log('Public Key: ', publicKey);
+  getResource(urls.auth, urls);
+  getResource(urls.prov, urls);
 });
+
+/**
+ * Retrieve one of their urls and examine aspects of it for issues
+ */
+function getResource(url, urls) {
+    console.log('Checking ', urls.auth);
+  var r = https.request({
+    host: domain,
+    path: url,
+    method: 'GET'
+  }, checkResource(urls));
+  r.on('error', function (e) {
+    console.log("ERROR: ", e.message);
+  });
+  r.end();
+};
+
+/**
+ * Called once we have a response.
+ *
+ * Do the provisioning and signin resources look kosher?
+ */
+function checkResource (urls) {
+  return function (resp) {
+    // Their are no X-Frame options
+    if (resp.statusCode != 200) {
+      console.log("ERROR: HTTP status code=", resp.statusCode);
+    } else {
+      var xframe = und.filter(Object.keys(resp.headers), function (header) {
+        return header.toLowerCase() == 'x-frame-options';
+      });
+      if (xframe.length == 1) {
+        console.log("ERROR: X-Frame-Options=", resp.headers[xframe[0]], ", BrowserID will not be able to communicate with your site." +
+            " Suppress X-Frame-Options for /.well-known/browserid, " + urls.auth + ' and ' + urls.prov);
+      }
+    }
+  };
+};
\ No newline at end of file
-- 
GitLab