trusted-origins.py (2054B)
1 import json 2 3 SUBDOMAIN_TUPLE_TO_ALLOWED_ORIGINS_MAP = { 4 ("", "web-platform"): [], 5 ("www", "web-platform"): [ 6 { 7 "scriptOrigin": "https://web-platform.test", 8 "contextOrigin": ["https://web-platform.test"], 9 }, 10 { 11 "scriptOrigin": "https://www.web-platform.test", 12 "contextOrigin": "*", 13 }, 14 ], 15 ("www1", "web-platform"): [ 16 { 17 "scriptOrigin": [ 18 "https://google.com", 19 "https://web-platform.test", 20 ], 21 "contextOrigin": "https://web-platform.test", 22 }, 23 { 24 "scriptOrigin": "https://www.web-platform.test", 25 "contextOrigin": ["*"], 26 }, 27 ], 28 ("www2", "web-platform"): [], 29 ("", "not-web-platform"): [], 30 ("www", "not-web-platform"): [], 31 ("www1", "not-web-platform"): [], 32 ("www2", "not-web-platform"): [], 33 } 34 35 def get_host(request): 36 return request.url_parts.netloc.split(":")[0] 37 38 def get_port(request): 39 if len(request.url_parts.netloc.split(":")) > 1: 40 return request.url_parts.netloc.split(":")[1] 41 return 0 42 43 def get_subdomain_tuple(request): 44 host = get_host(request) 45 host_list = host.split(".") 46 if len(host_list) == 0 or len(host_list) > 3: 47 raise ValueError("Invalid host " + host) 48 if len(host_list) == 1: 49 return ("", host_list[0]) 50 return (host_list[0], host_list[1]) 51 52 def get_allowed_origins(request): 53 subdomain_tuple = get_subdomain_tuple(request) 54 origin_list = SUBDOMAIN_TUPLE_TO_ALLOWED_ORIGINS_MAP[subdomain_tuple] 55 origins_string = json.dumps(origin_list) 56 test_with_port = ".test:" + str(get_port(request)) 57 origins_with_ports = origins_string.replace(".test", test_with_port) 58 return origins_with_ports 59 60 def get_json(request, response): 61 response.status = (200, b"OK") 62 response.headers.set(b"Content-Type", b"application/json") 63 response.headers.set(b"Access-Control-Allow-Origin", b"*") 64 response.content = get_allowed_origins(request)