File: preflight.py

package info (click to toggle)
thunderbird 1%3A60.9.0-1~deb10u1
  • links: PTS, VCS
  • area: main
  • in suites: buster
  • size: 2,339,424 kB
  • sloc: cpp: 5,457,040; ansic: 2,360,385; python: 596,167; asm: 340,963; java: 326,296; xml: 258,830; sh: 84,445; makefile: 23,701; perl: 17,317; objc: 3,768; yacc: 1,766; ada: 1,681; lex: 1,364; pascal: 1,264; cs: 879; exp: 527; php: 436; lisp: 258; ruby: 153; awk: 152; sed: 53; csh: 27
file content (70 lines) | stat: -rw-r--r-- 2,830 bytes parent folder | download | duplicates (2) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
 
def main(request, response):
    headers = [("Content-Type", "text/plain")]
    stashed_data = {'control_request_headers': "", 'preflight': "0", 'preflight_referrer': ""}

    token = None
    if "token" in request.GET:
        token = request.GET.first("token")

    if "origin" in request.GET:
        for origin in request.GET['origin'].split(", "):
            headers.append(("Access-Control-Allow-Origin", origin))
    else:
        headers.append(("Access-Control-Allow-Origin", "*"))

    if "clear-stash" in request.GET:
        if request.server.stash.take(token) is not None:
            return headers, "1"
        else:
            return headers, "0"

    if "credentials" in request.GET:
        headers.append(("Access-Control-Allow-Credentials", "true"))

    if request.method == "OPTIONS":
        if not "Access-Control-Request-Method" in request.headers:
            response.set_error(400, "No Access-Control-Request-Method header")
            return "ERROR: No access-control-request-method in preflight!"

        if "control_request_headers" in request.GET:
            stashed_data['control_request_headers'] = request.headers.get("Access-Control-Request-Headers", None)

        if "max_age" in request.GET:
            headers.append(("Access-Control-Max-Age", request.GET['max_age']))

        if "allow_headers" in request.GET:
            headers.append(("Access-Control-Allow-Headers", request.GET['allow_headers']))

        if "allow_methods" in request.GET:
            headers.append(("Access-Control-Allow-Methods", request.GET['allow_methods']))

        preflight_status = 200
        if "preflight_status" in request.GET:
            preflight_status = int(request.GET.first("preflight_status"))

        stashed_data['preflight'] = "1"
        stashed_data['preflight_referrer'] = request.headers.get("Referer", "")
        if token:
            request.server.stash.put(token, stashed_data)

        return preflight_status, headers, ""


    if token:
        data = request.server.stash.take(token)
        if data:
            stashed_data = data

    #use x-* headers for returning value to bodyless responses
    headers.append(("Access-Control-Expose-Headers", "x-did-preflight, x-control-request-headers, x-referrer, x-preflight-referrer, x-origin"))
    headers.append(("x-did-preflight", stashed_data['preflight']))
    if stashed_data['control_request_headers'] != None:
      headers.append(("x-control-request-headers", stashed_data['control_request_headers']))
    headers.append(("x-preflight-referrer", stashed_data['preflight_referrer']))
    headers.append(("x-referrer", request.headers.get("Referer", "") ))
    headers.append(("x-origin", request.headers.get("Origin", "") ))

    if token:
      request.server.stash.put(token, stashed_data)

    return headers, ""