Home Explore Help
Register Sign In
PSG
/
civetweb
mirror of https://github.com/civetweb/civetweb.git
5
0
Fork 0
Files Issues 0 Wiki
Browse Source

Full CORS support for dynamic resources

bel 11 years ago
parent
b640ffecda
commit
1e3d8ff8ca
2 changed files with 76 additions and 1 deletions
Unified View Show Diff Stats
  1. 3 1
      test/cors.html
  2. 73 0
      test/cors.reply.lua

+ 3 - 1
test/cors.html
View File 

@@ -66,7 +66,9 @@ function start() {
 
 <body onload="start()">

 <body onload="start()">

  <h1>Cross-origin resource sharing test</h1>

  <h1>Cross-origin resource sharing test</h1>

  <p id="from">*** Error: Javascript is not activated. This test will not work. ***</p>

  <p id="from">*** Error: Javascript is not activated. This test will not work. ***</p>

- <button onclick="makeCorsRequest('GET', 'html')">Run CORS GET request</button>

+ <button onclick="makeCorsRequest('GET', 'html')">Run CORS GET request (static resource)</button>

+ <button onclick="makeCorsRequest('GET', 'lua/getit')">Run CORS GET request (dynamic resource)</button>

+ <button onclick="makeCorsRequest('PUT', 'lua/putit')">Run CORS PUT request (dynamic resource)</button>

  <p>More information on CORS: See <a href="http://enable-cors.org/">enable-cors.org</a> and <a href="http://www.html5rocks.com/en/tutorials/cors/">html5rocks.com</a>.</p>

  <p>More information on CORS: See <a href="http://enable-cors.org/">enable-cors.org</a> and <a href="http://www.html5rocks.com/en/tutorials/cors/">html5rocks.com</a>.</p>

 </body>

 </body>

 </html>

 </html>

+ 73 - 0
test/cors.reply.lua
View File 

@@ -0,0 +1,73 @@
 
+-- http://www.html5rocks.com/static/images/cors_server_flowchart.png

+

+if not mg.request_info.http_headers.Origin then

+  mg.write("HTTP/1.0 200 OK\r\n")

+  mg.write("Connection: close\r\n")

+  mg.write("Content-Type: text/html; charset=utf-8\r\n")

+  mg.write("\r\n")

+  mg.write("This test page should not be used directly. Open cors.html instead.")

+  return

+end

+

+if mg.request_info.request_method == "OPTIONS" then

+

+  local acrm = mg.request_info.http_headers['Access-Control-Request-Method'];

+  if (acrm) then

+    local acrh = nil -- mg.request_info.http_headers['Access-Control-Request-Header'];

+    if (acrm~='PUT') then

+      -- invalid request

+      mg.write("HTTP/1.0 403 Forbidden\r\n")

+      mg.write("Connection: close\r\n")

+      mg.write("\r\n")

+      return

+    else

+      -- preflight request

+      mg.write("HTTP/1.0 200 OK\r\n")

+      mg.write("Access-Control-Allow-Methods: PUT\r\n")

+      if (acrh) then

+        mg.write("Access-Control-Allow-Headers: " .. acrh .. "\r\n")

+      end

+      mg.write("Access-Control-Allow-Origin: *\r\n")

+      mg.write("Connection: close\r\n")

+      mg.write("Content-Type: text/html; charset=utf-8\r\n")

+      mg.write("\r\n")

+      return

+    end

+  end

+end

+

+-- actual request

+if mg.request_info.request_method == "GET" then

+  mg.write("HTTP/1.0 200 OK\r\n")

+  mg.write("Access-Control-Allow-Origin: *\r\n")

+  mg.write("Connection: close\r\n")

+  mg.write("Content-Type: text/html; charset=utf-8\r\n")

+  mg.write("\r\n")

+  mg.write([[<!DOCTYPE html>

+  <html>

+  <head><title>CORS dynamic GET test reply - test OK</title></head>

+  <body>This should never be shown</body>

+  </html>

+  ]])

+  return

+end

+

+

+if mg.request_info.request_method == "PUT" then

+  mg.write("HTTP/1.0 200 OK\r\n")

+  mg.write("Access-Control-Allow-Origin: *\r\n")

+  mg.write("Connection: close\r\n")

+  mg.write("Content-Type: text/html; charset=utf-8\r\n")

+  mg.write("\r\n")

+  mg.write([[<!DOCTYPE html>

+  <html>

+  <head><title>CORS dynamic PUT test reply - test OK</title></head>

+  <body>This should never be shown</body>

+  </html>

+  ]])

+  return

+end

+

+mg.write("HTTP/1.0 403 Forbidden\r\n")

+mg.write("Connection: close\r\n")

+mg.write("\r\n")