access-control-basic-preflight-cache-timeout.py (1898B)
1 from wptserve.utils import isomorphic_encode 2 3 def main(request, response): 4 def fail(message): 5 response.content = b"FAIL " + isomorphic_encode(request.method) + b": " + message 6 7 def getState(token): 8 server_state = request.server.stash.take(token) 9 if not server_state: 10 return b"Uninitialized" 11 return server_state 12 13 def setState(state, token): 14 request.server.stash.put(token, state) 15 16 response.headers.set(b"Access-Control-Allow-Origin", request.headers.get(b"origin")) 17 response.headers.set(b"Access-Control-Allow-Credentials", b"true") 18 token = request.GET.first(b"token", None) 19 state = getState(token) 20 21 if state == b"Uninitialized": 22 if request.method == u"OPTIONS": 23 response.headers.set(b"Access-Control-Allow-Methods", b"PUT") 24 response.headers.set(b"Access-Control-Allow-Headers", b"x-test") 25 response.headers.set(b"Access-Control-Max-Age", 1) 26 setState(b"OPTIONSSent", token) 27 else: 28 fail(state) 29 elif state == b"OPTIONSSent": 30 if request.method == u"PUT": 31 response.content = b"PASS: First PUT request." 32 setState(b"FirstPUTSent", token) 33 else: 34 fail(state) 35 elif state == b"FirstPUTSent": 36 if request.method == u"OPTIONS": 37 response.headers.set(b"Access-Control-Allow-Methods", b"PUT") 38 response.headers.set(b"Access-Control-Allow-Headers", b"x-test") 39 setState(b"SecondOPTIONSSent", token) 40 elif request.method == u"PUT": 41 fail(b"Second PUT request sent without preflight") 42 else: 43 fail(state) 44 elif state == b"SecondOPTIONSSent": 45 if request.method == u"PUT": 46 response.content = b"PASS: Second OPTIONS request was sent." 47 else: 48 fail(state) 49 else: 50 fail(state)