# Returns a valid response when a request has appropriate credentials.
def main(request, response):
    cookie = request.cookies.first(b"cookieName", None)
    expected_value = request.GET.first(b"value", None)
    source_origin = request.headers.get(b"origin", None)
    if source_origin is None:
        # Same origin GET won't include origin header
        source_origin = "%s://%s" % (request.url_parts.scheme,
                                     request.url_parts.netloc)
        if request.url_parts.port:
            source_origin += ":%s" % request.url_parts.port

    response_headers = [(b"Content-Type", b"text/javascript"),
                        (b"Access-Control-Allow-Origin", source_origin),
                        (b"Access-Control-Allow-Credentials", b"true")]

    if cookie == expected_value:
        return (200, response_headers, u"")

    return (404, response_headers, u"")