dump-authorization-header.py (926B)
1 def main(request, response): 2 headers = [(b"Content-Type", "text/html"), 3 (b"Cache-Control", b"no-cache")] 4 5 if (request.GET.first(b"strip_auth_header", False) and request.method == "OPTIONS" and 6 b"authorization" in request.headers.get(b"Access-Control-Request-Headers", b"").lower()): 7 # Auth header should not be sent for preflight after cross-origin redirect. 8 return 500, headers, "fail" 9 10 if b"Origin" in request.headers: 11 headers.append((b"Access-Control-Allow-Origin", request.headers.get(b"Origin", b""))) 12 headers.append((b"Access-Control-Allow-Credentials", b"true")) 13 else: 14 headers.append((b"Access-Control-Allow-Origin", b"*")) 15 headers.append((b"Access-Control-Allow-Headers", b'Authorization')) 16 17 if b"authorization" in request.headers: 18 return 200, headers, request.headers.get(b"Authorization") 19 return 200, headers, "none"