blob: 57b972764198f6c9b85f2a0d916c2271f917d8f8 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
|
-- http://www.html5rocks.com/static/images/cors_server_flowchart.png
if not mg.request_info.http_headers.Origin and not mg.request_info.http_headers.origin then
mg.write("HTTP/1.0 200 OK\r\n")
mg.write("Connection: close\r\n")
mg.write("Content-Type: text/html; charset=utf-8\r\n")
mg.write("\r\n")
mg.write("This test page should not be used directly. Open cors.html instead.")
return
end
if mg.request_info.request_method == "OPTIONS" then
-- Note: This is a test example showing how a script could handle
-- a preflight request directly. However, now the server is able
-- to handle preflight requests, so scripts do no longer need to
-- do this - except it has been disabled in the server by setting
-- the access_control_allow_methods configuration parameter to
-- an empty string.
local acrm = mg.request_info.http_headers['Access-Control-Request-Method'];
if (acrm) then
local acrh = nil -- mg.request_info.http_headers['Access-Control-Request-Header'];
if (acrm~='PUT') then
-- invalid request
mg.write("HTTP/1.0 403 Forbidden\r\n")
mg.write("Connection: close\r\n")
mg.write("\r\n")
return
else
-- preflight request
mg.write("HTTP/1.0 200 OK\r\n")
mg.write("Access-Control-Allow-Methods: PUT\r\n")
if (acrh) then
mg.write("Access-Control-Allow-Headers: " .. acrh .. "\r\n")
end
mg.write("Access-Control-Allow-Origin: *\r\n")
mg.write("Connection: close\r\n")
mg.write("Content-Type: text/html; charset=utf-8\r\n")
mg.write("\r\n")
return
end
end
end
-- actual request
if mg.request_info.request_method == "GET" then
mg.write("HTTP/1.0 200 OK\r\n")
mg.write("Access-Control-Allow-Origin: *\r\n")
mg.write("Connection: close\r\n")
mg.write("Content-Type: text/html; charset=utf-8\r\n")
mg.write("\r\n")
mg.write([[<!DOCTYPE html>
<html>
<head><title>CORS dynamic GET test reply - test OK</title></head>
<body>This should never be shown</body>
</html>
]])
return
end
if mg.request_info.request_method == "PUT" then
mg.write("HTTP/1.0 200 OK\r\n")
mg.write("Access-Control-Allow-Origin: *\r\n")
mg.write("Connection: close\r\n")
mg.write("Content-Type: text/html; charset=utf-8\r\n")
mg.write("\r\n")
mg.write([[<!DOCTYPE html>
<html>
<head><title>CORS dynamic PUT test reply - test OK</title></head>
<body>This should never be shown</body>
</html>
]])
return
end
-- other HTTP method
mg.write("HTTP/1.0 403 Forbidden\r\n")
mg.write("Connection: close\r\n")
mg.write("\r\n")
|
