[ceph.git] / ceph / src / civetweb / test / cors.reply.lua

-- http://www.html5rocks.com/static/images/cors_server_flowchart.png\r
\r
if not mg.request_info.http_headers.Origin then\r
  mg.write("HTTP/1.0 200 OK\r\n")\r
  mg.write("Connection: close\r\n")\r
  mg.write("Content-Type: text/html; charset=utf-8\r\n")\r
  mg.write("\r\n")\r
  mg.write("This test page should not be used directly. Open cors.html instead.")\r
  return\r
end\r
\r
if mg.request_info.request_method == "OPTIONS" then\r
\r
  local acrm = mg.request_info.http_headers['Access-Control-Request-Method'];\r
  if (acrm) then\r
    local acrh = nil -- mg.request_info.http_headers['Access-Control-Request-Header'];\r
    if (acrm~='PUT') then\r
      -- invalid request\r
      mg.write("HTTP/1.0 403 Forbidden\r\n")\r
      mg.write("Connection: close\r\n")\r
      mg.write("\r\n")\r
      return\r
    else\r
      -- preflight request\r
      mg.write("HTTP/1.0 200 OK\r\n")\r
      mg.write("Access-Control-Allow-Methods: PUT\r\n")\r
      if (acrh) then\r
        mg.write("Access-Control-Allow-Headers: " .. acrh .. "\r\n")\r
      end\r
      mg.write("Access-Control-Allow-Origin: *\r\n")\r
      mg.write("Connection: close\r\n")\r
      mg.write("Content-Type: text/html; charset=utf-8\r\n")\r
      mg.write("\r\n")\r
      return\r
    end\r
  end\r
end\r
\r
-- actual request\r
if mg.request_info.request_method == "GET" then\r
  mg.write("HTTP/1.0 200 OK\r\n")\r
  mg.write("Access-Control-Allow-Origin: *\r\n")\r
  mg.write("Connection: close\r\n")\r
  mg.write("Content-Type: text/html; charset=utf-8\r\n")\r
  mg.write("\r\n")\r
  mg.write([[<!DOCTYPE html>\r
  <html>\r
  <head><title>CORS dynamic GET test reply - test OK</title></head>\r
  <body>This should never be shown</body>\r
  </html>\r
  ]])\r
  return\r
end\r
\r
\r
if mg.request_info.request_method == "PUT" then\r
  mg.write("HTTP/1.0 200 OK\r\n")\r
  mg.write("Access-Control-Allow-Origin: *\r\n")\r
  mg.write("Connection: close\r\n")\r
  mg.write("Content-Type: text/html; charset=utf-8\r\n")\r
  mg.write("\r\n")\r
  mg.write([[<!DOCTYPE html>\r
  <html>\r
  <head><title>CORS dynamic PUT test reply - test OK</title></head>\r
  <body>This should never be shown</body>\r
  </html>\r
  ]])\r
  return\r
end\r
\r
mg.write("HTTP/1.0 403 Forbidden\r\n")\r
mg.write("Connection: close\r\n")\r
mg.write("\r\n")\r
Commit	Line	Data
7c673cae FG	1	-- http://www.html5rocks.com/static/images/cors_server_flowchart.png\r
	2	\r
	3	if not mg.request_info.http_headers.Origin then\r
	4	mg.write("HTTP/1.0 200 OK\r\n")\r
	5	mg.write("Connection: close\r\n")\r
	6	mg.write("Content-Type: text/html; charset=utf-8\r\n")\r
	7	mg.write("\r\n")\r
	8	mg.write("This test page should not be used directly. Open cors.html instead.")\r
	9	return\r
	10	end\r
	11	\r
	12	if mg.request_info.request_method == "OPTIONS" then\r
	13	\r
	14	local acrm = mg.request_info.http_headers['Access-Control-Request-Method'];\r
	15	if (acrm) then\r
	16	local acrh = nil -- mg.request_info.http_headers['Access-Control-Request-Header'];\r
	17	if (acrm~='PUT') then\r
	18	-- invalid request\r
	19	mg.write("HTTP/1.0 403 Forbidden\r\n")\r
	20	mg.write("Connection: close\r\n")\r
	21	mg.write("\r\n")\r
	22	return\r
	23	else\r
	24	-- preflight request\r
	25	mg.write("HTTP/1.0 200 OK\r\n")\r
	26	mg.write("Access-Control-Allow-Methods: PUT\r\n")\r
	27	if (acrh) then\r
	28	mg.write("Access-Control-Allow-Headers: " .. acrh .. "\r\n")\r
	29	end\r
	30	mg.write("Access-Control-Allow-Origin: *\r\n")\r
	31	mg.write("Connection: close\r\n")\r
	32	mg.write("Content-Type: text/html; charset=utf-8\r\n")\r
	33	mg.write("\r\n")\r
	34	return\r
	35	end\r
	36	end\r
	37	end\r
	38	\r
	39	-- actual request\r
	40	if mg.request_info.request_method == "GET" then\r
	41	mg.write("HTTP/1.0 200 OK\r\n")\r
	42	mg.write("Access-Control-Allow-Origin: *\r\n")\r
	43	mg.write("Connection: close\r\n")\r
	44	mg.write("Content-Type: text/html; charset=utf-8\r\n")\r
	45	mg.write("\r\n")\r
	46	mg.write([[<!DOCTYPE html>\r
	47	<html>\r
	48	<head><title>CORS dynamic GET test reply - test OK</title></head>\r
	49	<body>This should never be shown</body>\r
	50	</html>\r
	51	]])\r
	52	return\r
	53	end\r
	54	\r
	55	\r
	56	if mg.request_info.request_method == "PUT" then\r
	57	mg.write("HTTP/1.0 200 OK\r\n")\r
	58	mg.write("Access-Control-Allow-Origin: *\r\n")\r
	59	mg.write("Connection: close\r\n")\r
	60	mg.write("Content-Type: text/html; charset=utf-8\r\n")\r
	61	mg.write("\r\n")\r
	62	mg.write([[<!DOCTYPE html>\r
	63	<html>\r
	64	<head><title>CORS dynamic PUT test reply - test OK</title></head>\r
65	<body>This should never be shown</body>\r
66	</html>\r
67	]])\r
68	return\r
69	end\r
70	\r
71	mg.write("HTTP/1.0 403 Forbidden\r\n")\r
72	mg.write("Connection: close\r\n")\r
73	mg.write("\r\n")\r