no-custom-header-on-preflight.py (981B)
1 def main(request, response): 2 def getState(token): 3 server_state = request.server.stash.take(token) 4 if not server_state: 5 return b"Uninitialized" 6 return server_state 7 8 def setState(state, token): 9 request.server.stash.put(token, state) 10 11 response.headers.set(b"Access-Control-Allow-Origin", b"*") 12 response.headers.set(b"Access-Control-Allow-Headers", b"x-test") 13 response.headers.set(b"Access-Control-Max-Age", 0) 14 token = request.GET.first(b"token", None) 15 16 if request.method == u"OPTIONS": 17 if request.headers.get(b"x-test"): 18 response.content = b"FAIL: Invalid header in preflight request." 19 response.status = 400 20 else: 21 setState(b"PASS", token) 22 else: 23 if request.headers.get(b"x-test"): 24 response.content = getState(token) 25 else: 26 response.content = b"FAIL: X-Test header missing in request" 27 response.status = 400