24 lines
1.1 KiB
Python
24 lines
1.1 KiB
Python
# Returns a valid response when request's |referrer| matches
|
|
# |expected_referrer|.
|
|
def main(request, response):
|
|
# We want |referrer| to be the referrer header with no query params,
|
|
# because |expected_referrer| will not contain any query params, and
|
|
# thus cannot be compared with the actual referrer header if it were to
|
|
# contain query params. This works fine if the actual referrer has no
|
|
# query params too.
|
|
referrer = request.headers.get(b"referer", b"").split(b"?")[0]
|
|
referrer_policy = request.GET.first(b"referrer_policy")
|
|
expected_referrer = request.GET.first(b"expected_referrer", b"")
|
|
response_headers = [(b"Content-Type", b"text/javascript"),
|
|
(b"Access-Control-Allow-Origin", b"*")]
|
|
|
|
if referrer_policy == b"no-referrer" or referrer_policy == b"origin":
|
|
if referrer == expected_referrer:
|
|
return (200, response_headers, u"")
|
|
return (404, response_headers)
|
|
|
|
if referrer_policy == b"same-origin":
|
|
if referrer == expected_referrer:
|
|
return (200, response_headers, u"")
|
|
return (404, response_headers)
|
|
return (404, response_headers)
|