]>
Commit | Line | Data |
---|---|---|
7c673cae FG |
1 | -- http://www.html5rocks.com/static/images/cors_server_flowchart.png\r |
2 | \r | |
3 | if not mg.request_info.http_headers.Origin then\r | |
4 | mg.write("HTTP/1.0 200 OK\r\n")\r | |
5 | mg.write("Connection: close\r\n")\r | |
6 | mg.write("Content-Type: text/html; charset=utf-8\r\n")\r | |
7 | mg.write("\r\n")\r | |
8 | mg.write("This test page should not be used directly. Open cors.html instead.")\r | |
9 | return\r | |
10 | end\r | |
11 | \r | |
12 | if mg.request_info.request_method == "OPTIONS" then\r | |
13 | \r | |
14 | local acrm = mg.request_info.http_headers['Access-Control-Request-Method'];\r | |
15 | if (acrm) then\r | |
16 | local acrh = nil -- mg.request_info.http_headers['Access-Control-Request-Header'];\r | |
17 | if (acrm~='PUT') then\r | |
18 | -- invalid request\r | |
19 | mg.write("HTTP/1.0 403 Forbidden\r\n")\r | |
20 | mg.write("Connection: close\r\n")\r | |
21 | mg.write("\r\n")\r | |
22 | return\r | |
23 | else\r | |
24 | -- preflight request\r | |
25 | mg.write("HTTP/1.0 200 OK\r\n")\r | |
26 | mg.write("Access-Control-Allow-Methods: PUT\r\n")\r | |
27 | if (acrh) then\r | |
28 | mg.write("Access-Control-Allow-Headers: " .. acrh .. "\r\n")\r | |
29 | end\r | |
30 | mg.write("Access-Control-Allow-Origin: *\r\n")\r | |
31 | mg.write("Connection: close\r\n")\r | |
32 | mg.write("Content-Type: text/html; charset=utf-8\r\n")\r | |
33 | mg.write("\r\n")\r | |
34 | return\r | |
35 | end\r | |
36 | end\r | |
37 | end\r | |
38 | \r | |
39 | -- actual request\r | |
40 | if mg.request_info.request_method == "GET" then\r | |
41 | mg.write("HTTP/1.0 200 OK\r\n")\r | |
42 | mg.write("Access-Control-Allow-Origin: *\r\n")\r | |
43 | mg.write("Connection: close\r\n")\r | |
44 | mg.write("Content-Type: text/html; charset=utf-8\r\n")\r | |
45 | mg.write("\r\n")\r | |
46 | mg.write([[<!DOCTYPE html>\r | |
47 | <html>\r | |
48 | <head><title>CORS dynamic GET test reply - test OK</title></head>\r | |
49 | <body>This should never be shown</body>\r | |
50 | </html>\r | |
51 | ]])\r | |
52 | return\r | |
53 | end\r | |
54 | \r | |
55 | \r | |
56 | if mg.request_info.request_method == "PUT" then\r | |
57 | mg.write("HTTP/1.0 200 OK\r\n")\r | |
58 | mg.write("Access-Control-Allow-Origin: *\r\n")\r | |
59 | mg.write("Connection: close\r\n")\r | |
60 | mg.write("Content-Type: text/html; charset=utf-8\r\n")\r | |
61 | mg.write("\r\n")\r | |
62 | mg.write([[<!DOCTYPE html>\r | |
63 | <html>\r | |
64 | <head><title>CORS dynamic PUT test reply - test OK</title></head>\r | |
65 | <body>This should never be shown</body>\r | |
66 | </html>\r | |
67 | ]])\r | |
68 | return\r | |
69 | end\r | |
70 | \r | |
71 | mg.write("HTTP/1.0 403 Forbidden\r\n")\r | |
72 | mg.write("Connection: close\r\n")\r | |
73 | mg.write("\r\n")\r |