| OLD | NEW |
|---|
| 1 <?php | 1 <?php |
| 2 header('X-ServiceWorker-ServerHeader: SetInTheServer'); | 2 header('X-ServiceWorker-ServerHeader: SetInTheServer'); |
| 3 | 3 |
| 4 $prefix = ''; | 4 $prefix = ''; |
| 5 // If PreflightTest is set: | 5 // If PreflightTest is set: |
| 6 // - Use PACAOrign, PACAHeaders, PACAMethods, PACACredentials, PACEHeaders, | 6 // - Use PACAOrign, PACAHeaders, PACAMethods, PACACredentials, PACEHeaders, |
| 7 // PAuth, PAuthFail and PSetCookie* parameters in preflight. | 7 // PAuth, PAuthFail and PSetCookie* parameters in preflight. |
| 8 // - Use $_GET['PreflightTest'] as HTTP status code. | 8 // - Use $_GET['PreflightTest'] as HTTP status code. |
| 9 // - Check Access-Control-Request-Method/Headers headers with | 9 // - Check Access-Control-Request-Method/Headers headers with |
| 10 // PACRMethod/Headers parameter, if set, in preflight. | 10 // PACRMethod/Headers parameter, if set, in preflight. |
| 11 // The special value 'missing' for PACRHeaders can be used to |
| 12 // test for the absence of ACRHeaders on the preflight request. |
| 11 if ($_SERVER['REQUEST_METHOD'] == 'OPTIONS' && isset($_GET['PreflightTest'])) { | 13 if ($_SERVER['REQUEST_METHOD'] == 'OPTIONS' && isset($_GET['PreflightTest'])) { |
| 12 $prefix = 'P'; | 14 $prefix = 'P'; |
| 13 | 15 |
| 14 if (isset($_GET['PACRMethod']) && | 16 if (isset($_GET['PACRMethod']) && |
| 15 $_GET['PACRMethod'] != | 17 $_GET['PACRMethod'] != |
| 16 $_SERVER['HTTP_ACCESS_CONTROL_REQUEST_METHOD']) { | 18 $_SERVER['HTTP_ACCESS_CONTROL_REQUEST_METHOD']) { |
| 17 header("HTTP/1.1 400"); | 19 header("HTTP/1.1 400"); |
| 18 exit; | 20 exit; |
| 19 } | 21 } |
| 20 if (isset($_GET['PACRHeaders']) && | 22 if (isset($_GET['PACRHeaders'])) { |
| 21 $_GET['PACRHeaders'] != | 23 if ($_GET['PACRHeaders'] == 'missing') { |
| 22 $_SERVER['HTTP_ACCESS_CONTROL_REQUEST_HEADERS']) { | 24 if (isset($_SERVER['HTTP_ACCESS_CONTROL_REQUEST_HEADERS'])) { |
| 23 header("HTTP/1.1 400"); | 25 header("HTTP/1.1 400"); |
| 24 exit; | 26 exit; |
| 27 } |
| 28 } else if ($_GET['PACRHeaders'] != |
| 29 $_SERVER['HTTP_ACCESS_CONTROL_REQUEST_HEADERS']) { |
| 30 header("HTTP/1.1 400"); |
| 31 exit; |
| 32 } |
| 25 } | 33 } |
| 26 // Preflight must not include Cookie headers. | 34 // Preflight must not include Cookie headers. |
| 27 if (isset($_SERVER['HTTP_COOKIE'])) { | 35 if (isset($_SERVER['HTTP_COOKIE'])) { |
| 28 header("HTTP/1.1 400"); | 36 header("HTTP/1.1 400"); |
| 29 exit; | 37 exit; |
| 30 } | 38 } |
| 31 header("HTTP/1.1 {$_GET['PreflightTest']}"); | 39 header("HTTP/1.1 {$_GET['PreflightTest']}"); |
| 32 } | 40 } |
| 33 | 41 |
| 34 if (isset($_GET[$prefix . 'ACAOrigin'])) { | 42 if (isset($_GET[$prefix . 'ACAOrigin'])) { |
| (...skipping 67 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 102 'headers' => getallheaders(), | 110 'headers' => getallheaders(), |
| 103 'body' => file_get_contents('php://input'), | 111 'body' => file_get_contents('php://input'), |
| 104 'files' => $files, | 112 'files' => $files, |
| 105 'get' => $_GET, | 113 'get' => $_GET, |
| 106 'post' => $_POST, | 114 'post' => $_POST, |
| 107 'username' => $username, | 115 'username' => $username, |
| 108 'password' => $password, | 116 'password' => $password, |
| 109 'cookie' => $cookie); | 117 'cookie' => $cookie); |
| 110 $json = json_encode($arr); | 118 $json = json_encode($arr); |
| 111 echo "report( $json );"; | 119 echo "report( $json );"; |
| 112 ?> | 120 ?> |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2633423003:
Leave out empty-valued Access-Control-Request-Headers: on preflights. (Closed)
