def main(request, response): | |
response.headers.set(b"Cache-Control", b"no-store") | |
# Allow simple requests, but deny preflight | |
if request.method != u"OPTIONS": | |
if b"origin" in request.headers: | |
response.headers.set(b"Access-Control-Allow-Credentials", b"true") | |
response.headers.set(b"Access-Control-Allow-Origin", request.headers[b"origin"]) | |
else: | |
response.status = 500 | |
else: | |
response.status = 400 |