[0001] [0002] [0003] [0004] [0005] [0006] [0007] [0008] [0009] [0010] [0011] [0012] [0013] [0014] [0015] [0016] [0017] [0018] [0019] [0020] [0021] [0022] [0023] [0024] [0025] [0026] [0027] [0028] [0029] [0030] [0031] [0032] [0033] [0034] [0035] [0036] [0037] [0038] [0039] [0040] [0041] [0042] [0043] [0044] [0045] [0046] [0047] [0048] [0049] [0050] [0051] [0052] [0053] [0054] [0055] [0056] [0057] [0058] [0059] [0060] [0061] [0062] [0063] [0064] [0065] [0066] [0067] [0068] [0069] [0070] [0071] [0072] [0073] [0074] [0075] [0076] [0077] [0078] [0079] [0080] [0081] [0082] [0083] [0084] [0085] [0086] [0087] [0088] [0089] [0090] [0091] [0092] [0093] [0094] [0095] [0096] [0097] [0098] [0099] [0100] [0101] [0102] [0103] [0104] [0105] [0106] [0107] [0108] [0109] [0110] [0111] [0112] [0113] [0114] [0115] [0116] [0117]
$!----------------------------------------------------------------------------- $! CORS.COM $! $! Using CURL execise some basic CORS behaviours on WASD. $! Output from CURL and WATCH should be used to assess testing. $! Use P1 "--verbose" to get CURL data in addition to WATCH. $! $! http://www.w3.org/TR/cors/ $! http://www.html5rocks.com/en/tutorials/cors/ $! http://en.wikipedia.org/wiki/Cross-origin_resource_sharing $! http://developer.mozilla.org/en-US/docs/HTTP/Access_control_CORS $! $! Requires WASD_CONFIG_MAP rules: $! $! set /wasd_root/exercise/cors.html \ $! cors=origin=http://klaatu.private cors=methods=PUT \ $! cors=headers=X-requested-with cors=cred=true cors=age=10 $! $! Configurable fiddles and local requirements may require some tailoring. $! $! 02-JAN-2014 MGD initial $!----------------------------------------------------------------------------- $! $! fiddle with these as required $ protocol = "http://" $ host = "localhost" $ path = "/wasd_root/exercise/cors.html" $ origin = protocol + "klaatu.private" $! $ say = "write sys$output" $ prompt = """Hit [Return] to continue ...""" $ __separator__ = "write sys$output f$fao(""!/!40*~"")" $ url = protocol + host + path $ origin80 = origin + ":80" $ origin443 = origin + ":443" $ originkaput = "x" + origin $ if f$type(CURL) .eqs. "" $ then curl = "curl " + P1 $ else curl = curl + " " + P1 $ endif $ if f$locate("--verbose",curl) .eq. f$length(curl) - then curl = curl + " -o NL:" $ curl = curl + " ""-H"" ""Origin: " + origin + """ " + url $ gcurl = curl + " ""-X"" ""GET"" " $ ocurl = curl + " ""-X"" ""OPTIONS"" " $! $ __separator__ $ say "Success indicated by at least ""Access-Control-Allow-Origin:"" header." $ say "Failure by the absence of any ""Access-Control-..:"" headers/" $ if f$locate("--verbose",curl) .eq. f$length(curl) - then say "--verbose not enabled - use WATCH to observe behaviours" $! $ __separator__ $ say "Simple GET request SUCCEED" $ read sys$command key /prompt='prompt' $ gcurl $! $ __separator__ $ say "Simple GET request SUCCEED (origin port included)" $ read sys$command key /prompt='prompt' $ curl "-H" "Origin: "'origin80' $! $ __separator__ $ say "Simple GET request FAIL on origin (broken)" $ read sys$command key /prompt='prompt' $ gcurl "-H" "Origin: "'originkaput' $! $ __separator__ $ say "Simple GET request FAIL on origin (port)" $ read sys$command key /prompt='prompt' $ gcurl "-H" "Origin: "'origin443' $! $ __separator__ $ say "Simple GET request FAIL on header" $ read sys$command key /prompt='prompt' $ gcurl "-H" "X-Requested-Without: this" $! $ __separator__ $ say "Pre-flight check SUCCEED simple method" $ read sys$command key /prompt='prompt' $ ocurl "-H" "Access-Control-Request-Method: POST" $! $ __separator__ $ say "Pre-flight check SUCCEED allowed method" $ read sys$command key /prompt='prompt' $ ocurl "-H" "Access-Control-Request-Method: CONNECT" $! $ __separator__ $ say "Pre-flight check FAIL on method" $ read sys$command key /prompt='prompt' $ ocurl "-H" "Access-Control-Request-Method: DELETE" $! $ __separator__ $ say "Pre-flight Check FAIL on header" $ read sys$command key /prompt='prompt' $ ocurl "-H" "Access-Control-Request-Method: GET" - "-H" "Access-Control-Request-Headers: X-Requested-Without" $! $ __separator__ $ say "Pre-flight check FAIL on method and multiple headers" $ read sys$command key /prompt='prompt' $ ocurl "-H" "Access-Control-Request-Method: DELETE" - "-H" "Access-Control-Request-Headers: X-Requested-Without,X-Requested-With,X-Requested-Wither" $! $ __separator__ $ say "Non-Simple CONNECT request SUCCEED (actually fail on proxy)" $ read sys$command key /prompt='prompt' $ curl "-H" "X-Requested-With: this" - "-X" "CONNECT" 'url' $! $ __separator__ $ say "Non-Simple CONNECT request FAIL on method and header (actually fail on proxy)" $ read sys$command key /prompt='prompt' $ curl "-H" "X-Requested-Without: this" - "-X" "DELETE" 'url' $! $!-----------------------------------------------------------------------------