ceph/src/civetweb/test/cors.reply.lua

   1 -- http://www.html5rocks.com/static/images/cors_server_flowchart.png
   2
   3 if not mg.request_info.http_headers.Origin then
   4   mg.write("HTTP/1.0 200 OK\r\n")
   5   mg.write("Connection: close\r\n")
   6   mg.write("Content-Type: text/html; charset=utf-8\r\n")
   7   mg.write("\r\n")
   8   mg.write("This test page should not be used directly. Open cors.html instead.")
   9   return
  10 end
  11
  12 if mg.request_info.request_method == "OPTIONS" then
  13
  14   local acrm = mg.request_info.http_headers['Access-Control-Request-Method'];
  15   if (acrm) then
  16     local acrh = nil -- mg.request_info.http_headers['Access-Control-Request-Header'];
  17     if (acrm~='PUT') then
  18       -- invalid request
  19       mg.write("HTTP/1.0 403 Forbidden\r\n")
  20       mg.write("Connection: close\r\n")
  21       mg.write("\r\n")
  22       return
  23     else
  24       -- preflight request
  25       mg.write("HTTP/1.0 200 OK\r\n")
  26       mg.write("Access-Control-Allow-Methods: PUT\r\n")
  27       if (acrh) then
  28         mg.write("Access-Control-Allow-Headers: " .. acrh .. "\r\n")
  29       end
  30       mg.write("Access-Control-Allow-Origin: *\r\n")
  31       mg.write("Connection: close\r\n")
  32       mg.write("Content-Type: text/html; charset=utf-8\r\n")
  33       mg.write("\r\n")
  34       return
  35     end
  36   end
  37 end
  38
  39 -- actual request
  40 if mg.request_info.request_method == "GET" then
  41   mg.write("HTTP/1.0 200 OK\r\n")
  42   mg.write("Access-Control-Allow-Origin: *\r\n")
  43   mg.write("Connection: close\r\n")
  44   mg.write("Content-Type: text/html; charset=utf-8\r\n")
  45   mg.write("\r\n")
  46   mg.write([[<!DOCTYPE html>
  47   <html>
  48   <head><title>CORS dynamic GET test reply - test OK</title></head>
  49   <body>This should never be shown</body>
  50   </html>
  51   ]])
  52   return
  53 end
  54
  55
  56 if mg.request_info.request_method == "PUT" then
  57   mg.write("HTTP/1.0 200 OK\r\n")
  58   mg.write("Access-Control-Allow-Origin: *\r\n")
  59   mg.write("Connection: close\r\n")
  60   mg.write("Content-Type: text/html; charset=utf-8\r\n")
  61   mg.write("\r\n")
  62   mg.write([[<!DOCTYPE html>
  63   <html>
  64   <head><title>CORS dynamic PUT test reply - test OK</title></head>
  65   <body>This should never be shown</body>
  66   </html>
  67   ]])
  68   return
  69 end
  70
  71 mg.write("HTTP/1.0 403 Forbidden\r\n")
  72 mg.write("Connection: close\r\n")
  73 mg.write("\r\n")