]>
Commit | Line | Data |
---|---|---|
7c673cae FG |
1 | -- http://www.html5rocks.com/static/images/cors_server_flowchart.png\r |
2 | \r | |
11fdf7f2 TL |
3 | if not mg.request_info.http_headers.Origin and not mg.request_info.http_headers.origin then\r |
4 | \r | |
7c673cae FG |
5 | mg.write("HTTP/1.0 200 OK\r\n")\r |
6 | mg.write("Connection: close\r\n")\r | |
7 | mg.write("Content-Type: text/html; charset=utf-8\r\n")\r | |
8 | mg.write("\r\n")\r | |
9 | mg.write("This test page should not be used directly. Open cors.html instead.")\r | |
10 | return\r | |
11 | end\r | |
12 | \r | |
13 | if mg.request_info.request_method == "OPTIONS" then\r | |
14 | \r | |
11fdf7f2 TL |
15 | -- Note: This is a test example showing how a script could handle\r |
16 | -- a preflight request directly. However, now the server is able\r | |
17 | -- to handle preflight requests, so scripts do no longer need to\r | |
18 | -- do this - except it has been disabled in the server by setting\r | |
19 | -- the access_control_allow_methods configuration parameter to\r | |
20 | -- an empty string. \r | |
21 | \r | |
7c673cae FG |
22 | local acrm = mg.request_info.http_headers['Access-Control-Request-Method'];\r |
23 | if (acrm) then\r | |
24 | local acrh = nil -- mg.request_info.http_headers['Access-Control-Request-Header'];\r | |
25 | if (acrm~='PUT') then\r | |
26 | -- invalid request\r | |
27 | mg.write("HTTP/1.0 403 Forbidden\r\n")\r | |
28 | mg.write("Connection: close\r\n")\r | |
29 | mg.write("\r\n")\r | |
30 | return\r | |
31 | else\r | |
32 | -- preflight request\r | |
33 | mg.write("HTTP/1.0 200 OK\r\n")\r | |
34 | mg.write("Access-Control-Allow-Methods: PUT\r\n")\r | |
35 | if (acrh) then\r | |
36 | mg.write("Access-Control-Allow-Headers: " .. acrh .. "\r\n")\r | |
37 | end\r | |
38 | mg.write("Access-Control-Allow-Origin: *\r\n")\r | |
39 | mg.write("Connection: close\r\n")\r | |
40 | mg.write("Content-Type: text/html; charset=utf-8\r\n")\r | |
41 | mg.write("\r\n")\r | |
42 | return\r | |
43 | end\r | |
44 | end\r | |
45 | end\r | |
46 | \r | |
11fdf7f2 | 47 | \r |
7c673cae FG |
48 | -- actual request\r |
49 | if mg.request_info.request_method == "GET" then\r | |
11fdf7f2 | 50 | \r |
7c673cae FG |
51 | mg.write("HTTP/1.0 200 OK\r\n")\r |
52 | mg.write("Access-Control-Allow-Origin: *\r\n")\r | |
53 | mg.write("Connection: close\r\n")\r | |
54 | mg.write("Content-Type: text/html; charset=utf-8\r\n")\r | |
55 | mg.write("\r\n")\r | |
56 | mg.write([[<!DOCTYPE html>\r | |
57 | <html>\r | |
58 | <head><title>CORS dynamic GET test reply - test OK</title></head>\r | |
59 | <body>This should never be shown</body>\r | |
60 | </html>\r | |
61 | ]])\r | |
62 | return\r | |
63 | end\r | |
64 | \r | |
65 | \r | |
66 | if mg.request_info.request_method == "PUT" then\r | |
11fdf7f2 | 67 | \r |
7c673cae FG |
68 | mg.write("HTTP/1.0 200 OK\r\n")\r |
69 | mg.write("Access-Control-Allow-Origin: *\r\n")\r | |
70 | mg.write("Connection: close\r\n")\r | |
71 | mg.write("Content-Type: text/html; charset=utf-8\r\n")\r | |
72 | mg.write("\r\n")\r | |
73 | mg.write([[<!DOCTYPE html>\r | |
74 | <html>\r | |
75 | <head><title>CORS dynamic PUT test reply - test OK</title></head>\r | |
76 | <body>This should never be shown</body>\r | |
77 | </html>\r | |
78 | ]])\r | |
79 | return\r | |
80 | end\r | |
81 | \r | |
11fdf7f2 | 82 | -- other HTTP method\r |
7c673cae FG |
83 | mg.write("HTTP/1.0 403 Forbidden\r\n")\r |
84 | mg.write("Connection: close\r\n")\r | |
85 | mg.write("\r\n")\r | |
11fdf7f2 | 86 | \r |