sjs_cors-test-server.sjs (5674B)
1 /* Any copyright is dedicated to the Public Domain. 2 http://creativecommons.org/publicdomain/zero/1.0/ */ 3 "use strict"; 4 5 function handleRequest(request, response) { 6 const params = new Map( 7 request.queryString 8 .replace("?", "") 9 .split("&") 10 .map(s => s.split("=")) 11 ); 12 13 if (!params.has("corsErrorCategory")) { 14 response.setStatusLine(request.httpVersion, 200, "Och Aye"); 15 setCacheHeaders(response); 16 response.setHeader("Access-Control-Allow-Origin", "*", false); 17 response.setHeader("Access-Control-Allow-Headers", "content-type", false); 18 response.setHeader("Content-Type", "text/plain; charset=utf-8", false); 19 response.write("Access-Control-Allow-Origin: *"); 20 return; 21 } 22 23 const category = params.get("corsErrorCategory"); 24 switch (category) { 25 case "CORSDidNotSucceed": 26 corsDidNotSucceed(request, response); 27 break; 28 case "CORSExternalRedirectNotAllowed": 29 corsExternalRedirectNotAllowed(request, response); 30 break; 31 case "CORSMissingAllowOrigin": 32 corsMissingAllowOrigin(request, response); 33 break; 34 case "CORSMultipleAllowOriginNotAllowed": 35 corsMultipleOriginNotAllowed(request, response); 36 break; 37 case "CORSAllowOriginNotMatchingOrigin": 38 corsAllowOriginNotMatchingOrigin(request, response); 39 break; 40 case "CORSNotSupportingCredentials": 41 corsNotSupportingCredentials(request, response); 42 break; 43 case "CORSMethodNotFound": 44 corsMethodNotFound(request, response); 45 break; 46 case "CORSMissingAllowCredentials": 47 corsMissingAllowCredentials(request, response); 48 break; 49 case "CORSPreflightDidNotSucceed": 50 corsPreflightDidNotSucceed(request, response); 51 break; 52 case "CORSInvalidAllowMethod": 53 corsInvalidAllowMethod(request, response); 54 break; 55 case "CORSInvalidAllowHeader": 56 corsInvalidAllowHeader(request, response); 57 break; 58 case "CORSMissingAllowHeaderFromPreflight": 59 corsMissingAllowHeaderFromPreflight(request, response); 60 break; 61 } 62 } 63 64 function corsDidNotSucceed(request, response) { 65 setCacheHeaders(response); 66 response.setStatusLine(request.httpVersion, 301, "Moved Permanently"); 67 response.setHeader("Location", "http://example.com"); 68 } 69 70 function corsExternalRedirectNotAllowed(request, response) { 71 response.setStatusLine(request.httpVersion, 301, "Moved Permanently"); 72 response.setHeader("Access-Control-Allow-Origin", "*", false); 73 response.setHeader("Access-Control-Allow-Headers", "content-type", false); 74 response.setHeader("Location", "http://redirect.test/"); 75 } 76 77 function corsMissingAllowOrigin(request, response) { 78 setCacheHeaders(response); 79 response.setStatusLine(request.httpVersion, 200, "corsMissingAllowOrigin"); 80 } 81 82 function corsMultipleOriginNotAllowed(request, response) { 83 // We can't set the same header twice with response.setHeader, so we need to seizePower 84 // and write the response manually. 85 response.seizePower(); 86 response.write("HTTP/1.0 200 OK\r\n"); 87 response.write("Content-Type: text/plain\r\n"); 88 response.write("Access-Control-Allow-Origin: *\r\n"); 89 response.write("Access-Control-Allow-Origin: mochi.test\r\n"); 90 response.write("\r\n"); 91 response.finish(); 92 setCacheHeaders(response); 93 } 94 95 function corsAllowOriginNotMatchingOrigin(request, response) { 96 response.setStatusLine( 97 request.httpVersion, 98 200, 99 "corsAllowOriginNotMatchingOrigin" 100 ); 101 response.setHeader("Access-Control-Allow-Origin", "mochi.test"); 102 } 103 104 function corsNotSupportingCredentials(request, response) { 105 response.setStatusLine( 106 request.httpVersion, 107 200, 108 "corsNotSupportingCredentials" 109 ); 110 response.setHeader("Access-Control-Allow-Origin", "*"); 111 } 112 113 function corsMethodNotFound(request, response) { 114 response.setStatusLine(request.httpVersion, 200, "corsMethodNotFound"); 115 response.setHeader("Access-Control-Allow-Origin", "*"); 116 // Will make the request fail since it is a "PUT". 117 response.setHeader("Access-Control-Allow-Methods", "POST"); 118 } 119 120 function corsMissingAllowCredentials(request, response) { 121 response.setStatusLine( 122 request.httpVersion, 123 200, 124 "corsMissingAllowCredentials" 125 ); 126 // Need to set an explicit origin (i.e. not "*") to make the request fail. 127 response.setHeader("Access-Control-Allow-Origin", "http://example.com"); 128 } 129 130 function corsPreflightDidNotSucceed(request, response) { 131 const isPreflight = request.method == "OPTIONS"; 132 if (isPreflight) { 133 response.setStatusLine(request.httpVersion, 500, "Preflight fail"); 134 response.setHeader("Access-Control-Allow-Origin", "*"); 135 } 136 } 137 138 function corsInvalidAllowMethod(request, response) { 139 response.setStatusLine(request.httpVersion, 200, "corsInvalidAllowMethod"); 140 response.setHeader("Access-Control-Allow-Origin", "*"); 141 response.setHeader("Access-Control-Allow-Methods", "xyz;"); 142 } 143 144 function corsInvalidAllowHeader(request, response) { 145 response.setStatusLine(request.httpVersion, 200, "corsInvalidAllowHeader"); 146 response.setHeader("Access-Control-Allow-Origin", "*"); 147 response.setHeader("Access-Control-Allow-Methods", "PUT"); 148 response.setHeader("Access-Control-Allow-Headers", "xyz;"); 149 } 150 151 function corsMissingAllowHeaderFromPreflight(request, response) { 152 response.setStatusLine( 153 request.httpVersion, 154 200, 155 "corsMissingAllowHeaderFromPreflight" 156 ); 157 response.setHeader("Access-Control-Allow-Origin", "*"); 158 response.setHeader("Access-Control-Allow-Methods", "PUT"); 159 } 160 161 function setCacheHeaders(response) { 162 response.setHeader("Cache-Control", "no-cache, no-store, must-revalidate"); 163 response.setHeader("Pragma", "no-cache"); 164 response.setHeader("Expires", "0"); 165 }