[0001]
[0002]
[0003]
[0004]
[0005]
[0006]
[0007]
[0008]
[0009]
[0010]
[0011]
[0012]
[0013]
[0014]
[0015]
[0016]
[0017]
[0018]
[0019]
[0020]
[0021]
[0022]
[0023]
[0024]
[0025]
[0026]
[0027]
[0028]
[0029]
[0030]
[0031]
[0032]
[0033]
[0034]
[0035]
[0036]
[0037]
[0038]
[0039]
[0040]
[0041]
[0042]
[0043]
[0044]
[0045]
[0046]
[0047]
[0048]
[0049]
[0050]
[0051]
[0052]
[0053]
[0054]
[0055]
[0056]
[0057]
[0058]
[0059]
[0060]
[0061]
[0062]
[0063]
[0064]
[0065]
[0066]
[0067]
[0068]
[0069]
[0070]
[0071]
[0072]
[0073]
[0074]
[0075]
[0076]
[0077]
[0078]
[0079]
[0080]
[0081]
[0082]
[0083]
[0084]
[0085]
[0086]
[0087]
[0088]
[0089]
[0090]
[0091]
[0092]
[0093]
[0094]
[0095]
[0096]
[0097]
[0098]
[0099]
[0100]
[0101]
[0102]
[0103]
[0104]
[0105]
[0106]
[0107]
[0108]
[0109]
[0110]
[0111]
[0112]
[0113]
[0114]
[0115]
[0116]
[0117]
$!-----------------------------------------------------------------------------
$! CORS.COM
$!
$! Using CURL execise some basic CORS behaviours on WASD.
$! Output from CURL and WATCH should be used to assess testing.
$! Use P1 "--verbose" to get CURL data in addition to WATCH.
$!
$! http://www.w3.org/TR/cors/
$! http://www.html5rocks.com/en/tutorials/cors/
$! http://en.wikipedia.org/wiki/Cross-origin_resource_sharing
$! http://developer.mozilla.org/en-US/docs/HTTP/Access_control_CORS
$!
$! Requires WASD_CONFIG_MAP rules:
$!
$! set /wasd_root/exercise/cors.html \
$! cors=origin=http://klaatu.private cors=methods=PUT \
$! cors=headers=X-requested-with cors=cred=true cors=age=10
$!
$! Configurable fiddles and local requirements may require some tailoring.
$!
$! 02-JAN-2014 MGD initial
$!-----------------------------------------------------------------------------
$!
$! fiddle with these as required
$ protocol = "http://"
$ host = "localhost"
$ path = "/wasd_root/exercise/cors.html"
$ origin = protocol + "klaatu.private"
$!
$ say = "write sys$output"
$ prompt = """Hit [Return] to continue ..."""
$ __separator__ = "write sys$output f$fao(""!/!40*~"")"
$ url = protocol + host + path
$ origin80 = origin + ":80"
$ origin443 = origin + ":443"
$ originkaput = "x" + origin
$ if f$type(CURL) .eqs. ""
$ then curl = "curl " + P1
$ else curl = curl + " " + P1
$ endif
$ if f$locate("--verbose",curl) .eq. f$length(curl) -
then curl = curl + " -o NL:"
$ curl = curl + " ""-H"" ""Origin: " + origin + """ " + url
$ gcurl = curl + " ""-X"" ""GET"" "
$ ocurl = curl + " ""-X"" ""OPTIONS"" "
$!
$ __separator__
$ say "Success indicated by at least ""Access-Control-Allow-Origin:"" header."
$ say "Failure by the absence of any ""Access-Control-..:"" headers/"
$ if f$locate("--verbose",curl) .eq. f$length(curl) -
then say "--verbose not enabled - use WATCH to observe behaviours"
$!
$ __separator__
$ say "Simple GET request SUCCEED"
$ read sys$command key /prompt='prompt'
$ gcurl
$!
$ __separator__
$ say "Simple GET request SUCCEED (origin port included)"
$ read sys$command key /prompt='prompt'
$ curl "-H" "Origin: "'origin80'
$!
$ __separator__
$ say "Simple GET request FAIL on origin (broken)"
$ read sys$command key /prompt='prompt'
$ gcurl "-H" "Origin: "'originkaput'
$!
$ __separator__
$ say "Simple GET request FAIL on origin (port)"
$ read sys$command key /prompt='prompt'
$ gcurl "-H" "Origin: "'origin443'
$!
$ __separator__
$ say "Simple GET request FAIL on header"
$ read sys$command key /prompt='prompt'
$ gcurl "-H" "X-Requested-Without: this"
$!
$ __separator__
$ say "Pre-flight check SUCCEED simple method"
$ read sys$command key /prompt='prompt'
$ ocurl "-H" "Access-Control-Request-Method: POST"
$!
$ __separator__
$ say "Pre-flight check SUCCEED allowed method"
$ read sys$command key /prompt='prompt'
$ ocurl "-H" "Access-Control-Request-Method: CONNECT"
$!
$ __separator__
$ say "Pre-flight check FAIL on method"
$ read sys$command key /prompt='prompt'
$ ocurl "-H" "Access-Control-Request-Method: DELETE"
$!
$ __separator__
$ say "Pre-flight Check FAIL on header"
$ read sys$command key /prompt='prompt'
$ ocurl "-H" "Access-Control-Request-Method: GET" -
"-H" "Access-Control-Request-Headers: X-Requested-Without"
$!
$ __separator__
$ say "Pre-flight check FAIL on method and multiple headers"
$ read sys$command key /prompt='prompt'
$ ocurl "-H" "Access-Control-Request-Method: DELETE" -
"-H" "Access-Control-Request-Headers: X-Requested-Without,X-Requested-With,X-Requested-Wither"
$!
$ __separator__
$ say "Non-Simple CONNECT request SUCCEED (actually fail on proxy)"
$ read sys$command key /prompt='prompt'
$ curl "-H" "X-Requested-With: this" -
"-X" "CONNECT" 'url'
$!
$ __separator__
$ say "Non-Simple CONNECT request FAIL on method and header (actually fail on proxy)"
$ read sys$command key /prompt='prompt'
$ curl "-H" "X-Requested-Without: this" -
"-X" "DELETE" 'url'
$!
$!-----------------------------------------------------------------------------