| # Returns a valid response when a request has appropriate credentials. |
| def main(request, response): |
| credentials_mode = request.GET.first("mode") |
| cookie = request.cookies.first("cookieName", None) |
| source_origin = request.headers.get("origin", None); |
| is_cross_origin = request.GET.first("is_cross_origin", False) |
| |
| # The request with the default WorkletOptions should not include the cookie. |
| if credentials_mode is "default" and cookie is not None: |
| return (404) |
| |
| # The request with "credentials=omit" should not include the cookie. |
| if credentials_mode is "omit" and cookie is not None: |
| return (404) |
| |
| if credentials_mode is "same-origin": |
| # The cross-origin request with "credentials=same-origin" should not |
| # include the cookie. |
| if is_cross_origin and cookie is not None: |
| return (404) |
| # The same-origin request with "credentials=same-origin" should include |
| # the cookie. |
| if not is_cross_origin and cookie is None: |
| return (404) |
| |
| # The request with "credentials=include" should include the cookie. |
| if credentials_mode is "include" and cookie is None: |
| return (404) |
| |
| return (200, [("Content-Type", "text/javascript"), |
| ("Access-Control-Allow-Origin", source_origin), |
| ("Access-Control-Allow-Credentials", "true")], "") |
