projects / ceph.git / blame
| Commit | Line | Data |
|---|---|---|
| 7c673cae FG |
1 | -- http://www.html5rocks.com/static/images/cors_server_flowchart.png\r |
| 2 | \r | |
| 11fdf7f2 TL |
3 | if not mg.request_info.http_headers.Origin and not mg.request_info.http_headers.origin then\r |
| 4 | \r | |
| 7c673cae FG |
5 | mg.write("HTTP/1.0 200 OK\r\n")\r |
| 6 | mg.write("Connection: close\r\n")\r | |
| 7 | mg.write("Content-Type: text/html; charset=utf-8\r\n")\r | |
| 8 | mg.write("\r\n")\r | |
| 9 | mg.write("This test page should not be used directly. Open cors.html instead.")\r | |
| 10 | return\r | |
| 11 | end\r | |
| 12 | \r | |
| 13 | if mg.request_info.request_method == "OPTIONS" then\r | |
| 14 | \r | |
| 11fdf7f2 TL |
15 | -- Note: This is a test example showing how a script could handle\r |
| 16 | -- a preflight request directly. However, now the server is able\r | |
| 17 | -- to handle preflight requests, so scripts do no longer need to\r | |
| 18 | -- do this - except it has been disabled in the server by setting\r | |
| 19 | -- the access_control_allow_methods configuration parameter to\r | |
| 20 | -- an empty string. \r | |
| 21 | \r | |
| 7c673cae FG |
22 | local acrm = mg.request_info.http_headers['Access-Control-Request-Method'];\r |
| 23 | if (acrm) then\r | |
| 24 | local acrh = nil -- mg.request_info.http_headers['Access-Control-Request-Header'];\r | |
| 25 | if (acrm~='PUT') then\r | |
| 26 | -- invalid request\r | |
| 27 | mg.write("HTTP/1.0 403 Forbidden\r\n")\r | |
| 28 | mg.write("Connection: close\r\n")\r | |
| 29 | mg.write("\r\n")\r | |
| 30 | return\r | |
| 31 | else\r | |
| 32 | -- preflight request\r | |
| 33 | mg.write("HTTP/1.0 200 OK\r\n")\r | |
| 34 | mg.write("Access-Control-Allow-Methods: PUT\r\n")\r | |
| 35 | if (acrh) then\r | |
| 36 | mg.write("Access-Control-Allow-Headers: " .. acrh .. "\r\n")\r | |
| 37 | end\r | |
| 38 | mg.write("Access-Control-Allow-Origin: *\r\n")\r | |
| 39 | mg.write("Connection: close\r\n")\r | |
| 40 | mg.write("Content-Type: text/html; charset=utf-8\r\n")\r | |
| 41 | mg.write("\r\n")\r | |
| 42 | return\r | |
| 43 | end\r | |
| 44 | end\r | |
| 45 | end\r | |
| 46 | \r | |
| 11fdf7f2 | 47 | \r |
| 7c673cae FG |
48 | -- actual request\r |
| 49 | if mg.request_info.request_method == "GET" then\r | |
| 11fdf7f2 | 50 | \r |
| 7c673cae FG |
51 | mg.write("HTTP/1.0 200 OK\r\n")\r |
| 52 | mg.write("Access-Control-Allow-Origin: *\r\n")\r | |
| 53 | mg.write("Connection: close\r\n")\r | |
| 54 | mg.write("Content-Type: text/html; charset=utf-8\r\n")\r | |
| 55 | mg.write("\r\n")\r | |
| 56 | mg.write([[<!DOCTYPE html>\r | |
| 57 | <html>\r | |
| 58 | <head><title>CORS dynamic GET test reply - test OK</title></head>\r | |
| 59 | <body>This should never be shown</body>\r | |
| 60 | </html>\r | |
| 61 | ]])\r | |
| 62 | return\r | |
| 63 | end\r | |
| 64 | \r | |
| 65 | \r | |
| 66 | if mg.request_info.request_method == "PUT" then\r | |
| 11fdf7f2 | 67 | \r |
| 7c673cae FG |
68 | mg.write("HTTP/1.0 200 OK\r\n")\r |
| 69 | mg.write("Access-Control-Allow-Origin: *\r\n")\r | |
| 70 | mg.write("Connection: close\r\n")\r | |
| 71 | mg.write("Content-Type: text/html; charset=utf-8\r\n")\r | |
| 72 | mg.write("\r\n")\r | |
| 73 | mg.write([[<!DOCTYPE html>\r | |
| 74 | <html>\r | |
| 75 | <head><title>CORS dynamic PUT test reply - test OK</title></head>\r | |
| 76 | <body>This should never be shown</body>\r | |
| 77 | </html>\r | |
| 78 | ]])\r | |
| 79 | return\r | |
| 80 | end\r | |
| 81 | \r | |
| 11fdf7f2 | 82 | -- other HTTP method\r |
| 7c673cae FG |
83 | mg.write("HTTP/1.0 403 Forbidden\r\n")\r |
| 84 | mg.write("Connection: close\r\n")\r | |
| 85 | mg.write("\r\n")\r | |
| 11fdf7f2 | 86 | \r |