access-control-basic-preflight-cache-invalidation.py (1863B)
1 from wptserve.utils import isomorphic_encode 2 3 def main(request, response): 4 def fail(message): 5 response.content = b"FAIL " + isomorphic_encode(request.method) + b": " + message 6 7 def getState(token): 8 server_state = request.server.stash.take(token) 9 if not server_state: 10 return b"Uninitialized" 11 return server_state 12 13 def setState(state, token): 14 request.server.stash.put(token, state) 15 16 response.headers.set(b"Access-Control-Allow-Origin", request.headers.get(b"origin")) 17 response.headers.set(b"Access-Control-Allow-Credentials", b"true") 18 token = request.GET.first(b"token", None) 19 state = getState(token) 20 21 if state == b"Uninitialized": 22 if request.method == u"OPTIONS": 23 response.headers.set(b"Access-Control-Allow-Methods", b"PUT") 24 response.headers.set(b"Access-Control-Max-Age", 10) 25 setState(b"OPTIONSSent", token) 26 else: 27 fail(state) 28 elif state == b"OPTIONSSent": 29 if request.method == u"PUT": 30 response.content = b"PASS: First PUT request." 31 setState(b"FirstPUTSent", token) 32 else: 33 fail(state) 34 elif state == b"FirstPUTSent": 35 if request.method == u"OPTIONS": 36 response.headers.set(b"Access-Control-Allow-Methods", b"PUT, XMETHOD") 37 response.headers.set(b"Access-Control-Allow-Headers", b"x-test") 38 setState(b"SecondOPTIONSSent", token) 39 elif request.method == u"PUT": 40 fail(b"Second PUT request sent without preflight") 41 else: 42 fail(state) 43 elif state == b"SecondOPTIONSSent": 44 if request.method == u"PUT" or request.method == u"XMETHOD": 45 response.content = b"PASS: Second OPTIONS request was sent." 46 else: 47 fail(state) 48 else: 49 fail(state)