mirror of
https://github.com/servo/servo.git
synced 2025-07-22 23:03:42 +01:00
30 lines
1.3 KiB
Python
30 lines
1.3 KiB
Python
# Returns a valid response when request's |referrer| matches |referrer_policy|.
|
|
def main(request, response):
|
|
referrer = request.headers.get("referer", None)
|
|
referrer_policy = request.GET.first("referrer_policy")
|
|
source_origin = request.GET.first("source_origin")
|
|
is_cross_origin = request.GET.first("is_cross_origin", False)
|
|
|
|
response_headers = [("Content-Type", "text/javascript"),
|
|
("Access-Control-Allow-Origin", source_origin)];
|
|
|
|
# When the referrer policy is "no-referrer", the referrer header shouldn't
|
|
# be sent.
|
|
if referrer_policy == "no-referrer" and not referrer:
|
|
return (200, response_headers, "")
|
|
|
|
# When the referrer policy is "origin", the referrer header should contain
|
|
# only the origin. Note that |referrer| contains a trailing slash, while
|
|
# |source_origin| doesn't.
|
|
if referrer_policy == "origin" and referrer == source_origin + "/":
|
|
return (200, response_headers, "")
|
|
|
|
# When the referrer policy is "same-origin", the referrer header should be
|
|
# sent only for a same-origin request.
|
|
if referrer_policy == "same-origin":
|
|
if is_cross_origin and not referrer:
|
|
return (200, response_headers, "")
|
|
if not is_cross_origin and referrer:
|
|
return (200, response_headers, "")
|
|
|
|
return (404)
|