preflight.py (3394B)
1 def main(request, response): 2 headers = [(b"Content-Type", b"text/plain")] 3 stashed_data = {b'control_request_headers': b"", b'preflight': b"0", b'preflight_referrer': b""} 4 5 token = None 6 if b"token" in request.GET: 7 token = request.GET.first(b"token") 8 9 if b"origin" in request.GET: 10 for origin in request.GET[b'origin'].split(b", "): 11 headers.append((b"Access-Control-Allow-Origin", origin)) 12 else: 13 headers.append((b"Access-Control-Allow-Origin", b"*")) 14 15 if b"clear-stash" in request.GET: 16 if request.server.stash.take(token) is not None: 17 return headers, b"1" 18 else: 19 return headers, b"0" 20 21 if b"credentials" in request.GET: 22 headers.append((b"Access-Control-Allow-Credentials", b"true")) 23 24 if request.method == u"OPTIONS": 25 if not b"Access-Control-Request-Method" in request.headers: 26 response.set_error(400, u"No Access-Control-Request-Method header") 27 return b"ERROR: No access-control-request-method in preflight!" 28 29 if request.headers.get(b"Accept", b"") != b"*/*": 30 response.set_error(400, u"Request does not have 'Accept: */*' header") 31 return b"ERROR: Invalid access in preflight!" 32 33 if b"control_request_headers" in request.GET: 34 stashed_data[b'control_request_headers'] = request.headers.get(b"Access-Control-Request-Headers", None) 35 36 if b"max_age" in request.GET: 37 headers.append((b"Access-Control-Max-Age", request.GET[b'max_age'])) 38 39 if b"allow_headers" in request.GET: 40 headers.append((b"Access-Control-Allow-Headers", request.GET[b'allow_headers'])) 41 42 if b"allow_methods" in request.GET: 43 headers.append((b"Access-Control-Allow-Methods", request.GET[b'allow_methods'])) 44 45 preflight_status = 200 46 if b"preflight_status" in request.GET: 47 preflight_status = int(request.GET.first(b"preflight_status")) 48 49 stashed_data[b'preflight'] = b"1" 50 stashed_data[b'preflight_referrer'] = request.headers.get(b"Referer", b"") 51 stashed_data[b'preflight_user_agent'] = request.headers.get(b"User-Agent", b"") 52 if token: 53 request.server.stash.put(token, stashed_data) 54 55 return preflight_status, headers, b"" 56 57 58 if token: 59 data = request.server.stash.take(token) 60 if data: 61 stashed_data = data 62 63 if b"checkUserAgentHeaderInPreflight" in request.GET and request.headers.get(b"User-Agent") != stashed_data[b'preflight_user_agent']: 64 return 400, headers, b"ERROR: No user-agent header in preflight" 65 66 #use x-* headers for returning value to bodyless responses 67 headers.append((b"Access-Control-Expose-Headers", b"x-did-preflight, x-control-request-headers, x-referrer, x-preflight-referrer, x-origin")) 68 headers.append((b"x-did-preflight", stashed_data[b'preflight'])) 69 if stashed_data[b'control_request_headers'] != None: 70 headers.append((b"x-control-request-headers", stashed_data[b'control_request_headers'])) 71 headers.append((b"x-preflight-referrer", stashed_data[b'preflight_referrer'])) 72 headers.append((b"x-referrer", request.headers.get(b"Referer", b""))) 73 headers.append((b"x-origin", request.headers.get(b"Origin", b""))) 74 75 if token: 76 request.server.stash.put(token, stashed_data) 77 78 return headers, b""