Migrate app off glitch.me onto own hosted infra (#165)

* Migrate app off glitch.me onto own hosted infra

* Update for review

* Remove unnecessary https workaround

* Fix for ESlint

Author: KeaganJarvis

README.md

@@ -2,7 +2,7 @@
 🛡 Collection of pages for testing various privacy and security features of browsers and browser extensions.
 
 ## How to use it?
-The site with all tests is live [here](https://privacy-test-pages.glitch.me/). All tests run either on page load or provide instructions on how to run them.
+The site with all tests is live [here](https://privacy-test-pages.site/). All tests run either on page load or provide instructions on how to run them.
 
 ### Privacy Protections Tests
 
@@ -21,14 +21,14 @@ Please note that we are not taking external contributions for new test pages, bu
 
 ### Test domains
 
-We have couple of test domains, that all resolve to `privacy-test-pages.glitch.me`, which help us simulate various scenarios:
+We have couple of test domains, that all resolve to `privacy-test-pages.site`, which help us simulate various scenarios:
 
 - `www.first-party.site` - an alternative first-party domain used for tests that require first-party resources on other subdomains (e.g., `hsts.first-party.site`)
 - `good.third-party.site` - non-tracking third party, it's not on our blocklist and will not be blocked by our clients
 - `broken.third-party.site` - tracking third party that we can't block (e.g. due to brekage), it's on our blocklist, but it will not be blocked by our clients
 - `bad.third-party.site` - tracking third party that's on our blocklist and our clients will block
 
-We also have additional test domains that resolve to `ad-attribution-test-pages.glitch.me`, specifically for the Ad Attribution tests hosted [here](https://www.search-company.site):
+We also have additional test domains specifically for the Ad Attribution tests hosted [here](https://www.search-company.site):
 
 - `www.search-company.site` - Simulated search provider
 - `convert.ad-company.site` - Simulated ad provider conversion ping

helpers/runMenu.js

@@ -42,7 +42,7 @@ function initMenu () {
         'bad.third-party.site',
         'good.third-party.site',
         'broken.third-party.site',
-        'privacy-test-pages.glitch.me'
+        'privacy-test-pages.site'
     ].forEach((hostname) => {
         const li = document.createElement('li');
         const a = document.createElement('a');

privacy-protections/click-to-load/index.html

@@ -29,15 +29,15 @@ <h2>Metrics</h2>
 <p><button id="download">Download the result</button></p>
 
 <h2>All the social buttons from the SDK</h2>
-<div class="fb-like" data-href="https://privacy-test-pages.glitch.me/privacy-protections/click-to-load/" data-width="" data-layout="standard" data-action="like" data-size="small" data-share="true"></div>
-<br><div class="fb-like" data-href="https://privacy-test-pages.glitch.me/privacy-protections/click-to-load/" data-width="" data-layout="standard" data-action="recommend" data-size="small" data-share="true"></div>
-<br><div class="fb-share-button" data-href="https://privacy-test-pages.glitch.me/privacy-protections/click-to-load/" data-layout="button_count" data-size="small"><a target="_blank" href="https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fdevelopers.facebook.com%2Fdocs%2Fplugins%2F&amp;src=sdkpreparse" class="fb-xfbml-parse-ignore">Share</a></div>
-<!---<br><div class="fb-save" data-uri=https://privacy-test-pages.glitch.me/privacy-protections/click-to-load/" data-size="small">Deprecated per https://developers.facebook.com/docs/plugins/save</div>--->
+<div class="fb-like" data-href="https://privacy-test-pages.site/privacy-protections/click-to-load/" data-width="" data-layout="standard" data-action="like" data-size="small" data-share="true"></div>
+<br><div class="fb-like" data-href="https://privacy-test-pages.site/privacy-protections/click-to-load/" data-width="" data-layout="standard" data-action="recommend" data-size="small" data-share="true"></div>
+<br><div class="fb-share-button" data-href="https://privacy-test-pages.site/privacy-protections/click-to-load/" data-layout="button_count" data-size="small"><a target="_blank" href="https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fdevelopers.facebook.com%2Fdocs%2Fplugins%2F&amp;src=sdkpreparse" class="fb-xfbml-parse-ignore">Share</a></div>
+<!---<br><div class="fb-save" data-uri=https://privacy-test-pages.site/privacy-protections/click-to-load/" data-size="small">Deprecated per https://developers.facebook.com/docs/plugins/save</div>--->
 
 <h2>All the social buttons in iFrames</h2>
-<iframe src="https://www.facebook.com/plugins/like.php?href=https%3A%2F%2Fprivacy-test-pages.glitch.me%2F&width=450&layout=standard&action=like&size=small&share=true&height=35&appId" width="450" height="35" style="border:none;overflow:hidden" scrolling="no" frameborder="0" allowfullscreen="true" allow="autoplay; clipboard-write; encrypted-media; picture-in-picture; web-share"></iframe>
-<br><iframe src="https://www.facebook.com/plugins/like.php?href=https%3A%2F%2Fprivacy-test-pages.glitch.me%2F&width=450&layout=standard&action=recommend&size=small&share=true&height=35&appId" width="450" height="35" style="border:none;overflow:hidden" scrolling="no" frameborder="0" allowfullscreen="true" allow="autoplay; clipboard-write; encrypted-media; picture-in-picture; web-share"></iframe>
-<br><iframe src="https://www.facebook.com/plugins/share_button.php?href=https%3A%2F%2Fprivacy-test-pages.glitch.me%2Fprivacy-protections%2Fclick-to-load%2F&layout=button_count&size=small&width=99&height=20&appId" width="99" height="20" style="border:none;overflow:hidden" scrolling="no" frameborder="0" allowfullscreen="true" allow="autoplay; clipboard-write; encrypted-media; picture-in-picture; web-share"></iframe>
+<iframe src="https://www.facebook.com/plugins/like.php?href=https%3A%2F%2Fprivacy-test-pages.site%2F&width=450&layout=standard&action=like&size=small&share=true&height=35&appId" width="450" height="35" style="border:none;overflow:hidden" scrolling="no" frameborder="0" allowfullscreen="true" allow="autoplay; clipboard-write; encrypted-media; picture-in-picture; web-share"></iframe>
+<br><iframe src="https://www.facebook.com/plugins/like.php?href=https%3A%2F%2Fprivacy-test-pages.site%2F&width=450&layout=standard&action=recommend&size=small&share=true&height=35&appId" width="450" height="35" style="border:none;overflow:hidden" scrolling="no" frameborder="0" allowfullscreen="true" allow="autoplay; clipboard-write; encrypted-media; picture-in-picture; web-share"></iframe>
+<br><iframe src="https://www.facebook.com/plugins/share_button.php?href=https%3A%2F%2Fprivacy-test-pages.site%2Fprivacy-protections%2Fclick-to-load%2F&layout=button_count&size=small&width=99&height=20&appId" width="99" height="20" style="border:none;overflow:hidden" scrolling="no" frameborder="0" allowfullscreen="true" allow="autoplay; clipboard-write; encrypted-media; picture-in-picture; web-share"></iframe>
 
 <h2>Login buttons (SDK &amp; custom)</h2>
 <p style="color: #9F6000;background-color: #FEEFB3; margin: 10px 22px; padding: 10px; font-size:1.2em;vertical-align:middle;">&#x26A0; Login buttons only work with a valid Facebook developer account. This page is not configured with a real account, so is unlikely to show a proper login button, and the login flow may create errors. For true login testing, use a real FB account and actual pages with login.</p>

privacy-protections/storage-partitioning/helpers/common.js

@@ -9,7 +9,7 @@ const FIRST_PARTY_HOSTNAME = isLocalTest ? 'first-party.example' : 'www.first-pa
 const FIRST_PARTY_HTTP = isLocalTest ? `http://${FIRST_PARTY_HOSTNAME}:3000` : `http://${THIRD_PARTY_HOSTNAME}`;
 const FIRST_PARTY_HTTPS = `https://${FIRST_PARTY_HOSTNAME}`;
 
-const HSTS_HOSTNAME = isLocalTest ? 'hsts.first-party.example' : 'privacy-test-pages.glitch.me';
+const HSTS_HOSTNAME = isLocalTest ? 'hsts.first-party.example' : 'privacy-test-pages.site';
 
 // Inject an iframe to retrieve values from test APIs
 function accessStorageInIframe (frameOrigin, sessionId, mode, apiTypes = [], frameId) {

privacy-protections/storage-partitioning/main.js

@@ -252,8 +252,8 @@ if (window.location.hostname === 'localhost') {
     runButton.setAttribute('disabled', '');
 }
 
-// warn the user if loaded over privacy-test-pages.glitch.me
-if (window.location.hostname === 'privacy-test-pages.glitch.me') {
+// warn the user if loaded over privacy-test-pages.site
+if (window.location.hostname === 'privacy-test-pages.site') {
     const warning = document.getElementById('warning');
     warning.innerHTML = `⚠ Test must be accessed via ${FIRST_PARTY_HTTPS}. Redirecting you... ⚠`;
     runButton.setAttribute('disabled', '');

privacy-protections/storage-partitioning/server/routes.js

@@ -89,14 +89,7 @@ router.get('/set_hsts.png', (req, res) => {
 });
 
 router.get('/get_hsts.png', (req, res) => {
-    let isHTTPS = req.protocol === 'https';
-    // The X-Forwarded-Proto header is added by Glitch's proxy
-    // and reveals the original protocol used during the connection
-    // This header will always show HTTPS for all custom domains,
-    // it's only correct for privacy-test-pages.glitch.me.
-    if (req.headers['x-forwarded-proto']) {
-        isHTTPS = req.headers['x-forwarded-proto'].split(',', 1)[0] === 'https';
-    }
+    const isHTTPS = req.protocol === 'https';
     if (isHTTPS) {
         const headers = { 'Cache-Control': 'max-age=0' };
         res.sendFile('image.png', { root: __dirname, headers });

server.js

@@ -232,7 +232,7 @@ app.get('/come-back', (req, res) => {
     const jsReferrer = document.referrer;
     document.body.innerHTML += '<p>header: <strong>${req.headers.referer || ''}</strong></p><p>js: <strong>' + jsReferrer + '</strong></p>';
     setTimeout(() => {
-        location.href = 'https://privacy-test-pages.glitch.me/privacy-protections/referrer-trimming/?run&header=${req.headers.referer || ''}&js=' + jsReferrer + '&testid=${req.query.testid || ''}';
+        location.href = 'https://privacy-test-pages.site/privacy-protections/referrer-trimming/?run&header=${req.headers.referer || ''}&js=' + jsReferrer + '&testid=${req.query.testid || ''}';
     }, 1000);
 </script>
 </body>