access-control-preflight-denied.py (1636B)
1 def main(request, response): 2 def fail(message): 3 response.content = b"FAIL: " + message 4 response.status = 400 5 6 def getState(token): 7 server_state = request.server.stash.take(token) 8 if not server_state: 9 return b"Uninitialized" 10 return server_state 11 12 def setState(token, state): 13 request.server.stash.put(token, state) 14 15 def resetState(token): 16 setState(token, b"") 17 18 response.headers.set(b"Cache-Control", b"no-store") 19 response.headers.set(b"Access-Control-Allow-Origin", request.headers.get(b"origin")) 20 response.headers.set(b"Access-Control-Max-Age", 1) 21 token = request.GET.first(b"token", None) 22 state = getState(token) 23 command = request.GET.first(b"command", None) 24 25 if command == b"reset": 26 if request.method == u"GET": 27 resetState(token) 28 response.content = b"Server state reset" 29 else: 30 fail(b"Invalid Method.") 31 elif state == b"Uninitialized": 32 if request.method == u"OPTIONS": 33 response.content = b"This request should not be displayed." 34 setState(token, b"Denied") 35 else: 36 fail(state) 37 elif state == b"Denied": 38 if request.method == u"GET" and command == b"complete": 39 resetState(token) 40 response.content = b"Request successfully blocked." 41 else: 42 setState(token, b"Deny Ignored") 43 fail(b"The request was not denied.") 44 elif state == b"Deny Ignored": 45 resetState(token) 46 fail(state) 47 else: 48 resetState(token) 49 fail(b"Unknown Error.")