| def main(request, response): | |
| def fail(message): | |
| response.content = "FAIL " + request.method + ": " + str(message) | |
| def getState(token): | |
| server_state = request.server.stash.take(token) | |
| if not server_state: | |
| return "Uninitialized" | |
| return server_state | |
| def setState(state, token): | |
| request.server.stash.put(token, state) | |
| response.headers.set("Access-Control-Allow-Origin", request.headers.get("origin")) | |
| response.headers.set("Access-Control-Allow-Credentials", "true") | |
| token = request.GET.first("token", None) | |
| state = getState(token) | |
| if state == "Uninitialized": | |
| if request.method == "OPTIONS": | |
| response.headers.set("Access-Control-Allow-Methods", "PUT") | |
| response.headers.set("Access-Control-Max-Age", 10) | |
| setState("OPTIONSSent", token) | |
| else: | |
| fail(state) | |
| elif state == "OPTIONSSent": | |
| if request.method == "PUT": | |
| response.content = "PASS: First PUT request." | |
| setState("FirstPUTSent", token) | |
| else: | |
| fail(state) | |
| elif state == "FirstPUTSent": | |
| if request.method == "OPTIONS": | |
| response.headers.set("Access-Control-Allow-Methods", "PUT, XMETHOD") | |
| response.headers.set("Access-Control-Allow-Headers", "x-test") | |
| setState("SecondOPTIONSSent", token) | |
| elif request.method == "PUT": | |
| fail("Second PUT request sent without preflight") | |
| else: | |
| fail(state) | |
| elif state == "SecondOPTIONSSent": | |
| if request.method == "PUT" or request.method == "XMETHOD": | |
| response.content = "PASS: Second OPTIONS request was sent." | |
| else: | |
| fail(state) | |
| else: | |
| fail(state) |