referrer-checker.py (1167B)
1 # Returns a valid response when request's |referrer| matches 2 # |expected_referrer|. 3 def main(request, response): 4 # We want |referrer| to be the referrer header with no query params, 5 # because |expected_referrer| will not contain any query params, and 6 # thus cannot be compared with the actual referrer header if it were to 7 # contain query params. This works fine if the actual referrer has no 8 # query params too. 9 referrer = request.headers.get(b"referer", b"").split(b"?")[0] 10 referrer_policy = request.GET.first(b"referrer_policy") 11 expected_referrer = request.GET.first(b"expected_referrer", b"") 12 response_headers = [(b"Content-Type", b"text/javascript"), 13 (b"Access-Control-Allow-Origin", b"*")] 14 15 if referrer_policy == b"no-referrer" or referrer_policy == b"origin": 16 if referrer == expected_referrer: 17 return (200, response_headers, u"") 18 return (404, response_headers) 19 20 if referrer_policy == b"same-origin": 21 if referrer == expected_referrer: 22 return (200, response_headers, u"") 23 return (404, response_headers) 24 return (404, response_headers)