1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
|
function handleRequest(request, response) {
var query = {};
request.queryString.split("&").forEach(function (val) {
var [name, value] = val.split("=");
query[name] = unescape(value);
});
if ("setState" in query) {
setState(
"test/dom/security/test_CrossSiteXHR_cache:secData",
query.setState
);
response.setHeader("Cache-Control", "no-cache", false);
response.setHeader("Content-Type", "text/plain", false);
response.write("hi");
return;
}
var isPreflight = request.method == "OPTIONS";
// Send response
secData = JSON.parse(
getState("test/dom/security/test_CrossSiteXHR_cache:secData")
);
if (secData.allowOrigin) {
response.setHeader("Access-Control-Allow-Origin", secData.allowOrigin);
}
if (secData.withCred) {
response.setHeader("Access-Control-Allow-Credentials", "true");
}
if (isPreflight) {
if (secData.allowHeaders) {
response.setHeader("Access-Control-Allow-Headers", secData.allowHeaders);
}
if (secData.allowMethods) {
response.setHeader("Access-Control-Allow-Methods", secData.allowMethods);
}
if (secData.cacheTime) {
response.setHeader(
"Access-Control-Max-Age",
secData.cacheTime.toString()
);
}
return;
}
response.setHeader("Cache-Control", "no-cache", false);
response.setHeader("Content-Type", "application/xml", false);
response.write("<res>hello pass</res>\n");
}
|