1 -- http://www.html5rocks.com/static/images/cors_server_flowchart.png
3 if not mg.request_info.http_headers.Origin then
4 mg.write("HTTP/1.0 200 OK\r\n")
5 mg.write("Connection: close\r\n")
6 mg.write("Content-Type: text/html; charset=utf-8\r\n")
8 mg.write("This test page should not be used directly. Open cors.html instead.")
12 if mg.request_info.request_method == "OPTIONS" then
14 local acrm = mg.request_info.http_headers['Access-Control-Request-Method'];
16 local acrh = nil -- mg.request_info.http_headers['Access-Control-Request-Header'];
19 mg.write("HTTP/1.0 403 Forbidden\r\n")
20 mg.write("Connection: close\r\n")
25 mg.write("HTTP/1.0 200 OK\r\n")
26 mg.write("Access-Control-Allow-Methods: PUT\r\n")
28 mg.write("Access-Control-Allow-Headers: " .. acrh .. "\r\n")
30 mg.write("Access-Control-Allow-Origin: *\r\n")
31 mg.write("Connection: close\r\n")
32 mg.write("Content-Type: text/html; charset=utf-8\r\n")
40 if mg.request_info.request_method == "GET" then
41 mg.write("HTTP/1.0 200 OK\r\n")
42 mg.write("Access-Control-Allow-Origin: *\r\n")
43 mg.write("Connection: close\r\n")
44 mg.write("Content-Type: text/html; charset=utf-8\r\n")
46 mg.write([[<!DOCTYPE html>
48 <head><title>CORS dynamic GET test reply - test OK</title></head>
49 <body>This should never be shown</body>
56 if mg.request_info.request_method == "PUT" then
57 mg.write("HTTP/1.0 200 OK\r\n")
58 mg.write("Access-Control-Allow-Origin: *\r\n")
59 mg.write("Connection: close\r\n")
60 mg.write("Content-Type: text/html; charset=utf-8\r\n")
62 mg.write([[<!DOCTYPE html>
64 <head><title>CORS dynamic PUT test reply - test OK</title></head>
65 <body>This should never be shown</body>
71 mg.write("HTTP/1.0 403 Forbidden\r\n")
72 mg.write("Connection: close\r\n")