Index: third_party/WebKit/LayoutTests/http/tests/security/cors-rfc1918/resources/preflight.php |
diff --git a/third_party/WebKit/LayoutTests/http/tests/security/cors-rfc1918/resources/preflight.php b/third_party/WebKit/LayoutTests/http/tests/security/cors-rfc1918/resources/preflight.php |
new file mode 100644 |
index 0000000000000000000000000000000000000000..68b4def95c406ce72b1dfd4230bae2fc160b12b0 |
--- /dev/null |
+++ b/third_party/WebKit/LayoutTests/http/tests/security/cors-rfc1918/resources/preflight.php |
@@ -0,0 +1,58 @@ |
+<?PHP |
+// |
+// OPTIONS |
+// |
+if ($_SERVER['REQUEST_METHOD'] == 'OPTIONS') { |
+ // |
+ // FAIL |
+ // |
+ if ($_GET['preflight'] == "fail-with-500") { |
+ header("HTTP/1.1 500"); |
+ exit; |
+ } |
+ if ($_GET['preflight'] == "fail-without-allow") { |
+ header("HTTP/1.1 200"); |
+ header("Access-Control-Allow-Origin: ${_SERVER['HTTP_ORIGIN']}"); |
+ header("Access-Control-Allow-Methods: GET"); |
+ exit; |
+ } |
+ |
+ // |
+ // PASS |
+ // |
+ if ($_GET['preflight'] == "pass") { |
+ header("HTTP/1.1 200"); |
+ header("Access-Control-Allow-Origin: ${_SERVER['HTTP_ORIGIN']}"); |
+ header("Access-Control-Allow-Methods: GET"); |
+ header("Access-Control-Allow-External: true"); |
+ exit; |
+ } |
+} |
+ |
+// |
+// GET |
+// |
+if ($_SERVER['REQUEST_METHOD'] == 'GET') { |
+ header("HTTP/1.1 200"); |
+ header("Access-Control-Allow-Origin: ${_SERVER['HTTP_ORIGIN']}"); |
+ |
+ $arr = array('jsonpResult' => 'success', |
+ 'method' => $_SERVER['REQUEST_METHOD'], |
+ 'headers' => getallheaders()); |
+ $result = json_encode($arr); |
+ |
+ if ($_GET['out'] == "img") { |
+ header('Content-Type: image/png'); |
+ $fn = fopen("abe.png", "r"); |
+ fpassthru($fn); |
+ fclose($fn); |
+ exit; |
+ } else if ($_GET['out'] == "frame") { |
+ echo "<script>window.top.postMessage(${result}, '*');</script>"; |
+ } else { |
+ header('Content-Type: application/json'); |
+ echo $result; |
+ } |
+} |
+ |
+?> |