$!-----------------------------------------------------------------------------
$! CORS.COM
$!
$! Using CURL execise some basic CORS behaviours on WASD.
$! Output from CURL and WATCH should be used to assess testing.
$! Use P1 "--verbose" to get CURL data in addition to WATCH.
$!
$! http://www.w3.org/TR/cors/
$! http://www.html5rocks.com/en/tutorials/cors/
$! http://en.wikipedia.org/wiki/Cross-origin_resource_sharing
$! http://developer.mozilla.org/en-US/docs/HTTP/Access_control_CORS
$! 
$! Requires WASD_CONFIG_MAP rules:
$!
$!   set /wasd_root/exercise/cors.html \
$!       cors=origin=http://klaatu.private cors=methods=PUT \
$!       cors=headers=X-requested-with cors=cred=true cors=age=10
$!
$! Configurable fiddles and local requirements may require some tailoring.
$!
$! 02-JAN-2014  MGD  initial
$!-----------------------------------------------------------------------------
$!
$! fiddle with these as required
$ protocol = "http://"
$ host = "localhost"
$ path = "/wasd_root/exercise/cors.html"
$ origin = protocol + "klaatu.private"
$!
$ say = "write sys$output"
$ prompt = """Hit [Return] to continue ..."""
$ __separator__ = "write sys$output f$fao(""!/!40*~"")"
$ url = protocol + host + path
$ origin80 = origin + ":80"
$ origin443 = origin + ":443"
$ originkaput = "x" + origin
$ if f$type(CURL) .eqs. ""
$    then curl = "curl " + P1
$    else curl = curl + " " + P1
$ endif
$ if f$locate("--verbose",curl) .eq. f$length(curl) -
     then curl = curl + " -o NL:"
$ curl  = curl + " ""-H"" ""Origin: " + origin + """ " + url
$ gcurl = curl + " ""-X"" ""GET"" "
$ ocurl = curl + " ""-X"" ""OPTIONS"" "
$!
$ __separator__
$ say "Success indicated by at least ""Access-Control-Allow-Origin:"" header."
$ say "Failure by the absence of any ""Access-Control-..:"" headers/"
$ if f$locate("--verbose",curl) .eq. f$length(curl) -
     then say "--verbose not enabled - use WATCH to observe behaviours"
$!
$ __separator__
$ say "Simple GET request SUCCEED"
$ read sys$command key /prompt='prompt'
$ gcurl
$!
$ __separator__
$ say "Simple GET request SUCCEED (origin port included)"
$ read sys$command key /prompt='prompt'
$ curl "-H" "Origin: "'origin80'
$!
$ __separator__
$ say "Simple GET request FAIL on origin (broken)"
$ read sys$command key /prompt='prompt'
$ gcurl "-H" "Origin: "'originkaput'
$!
$ __separator__
$ say "Simple GET request FAIL on origin (port)"
$ read sys$command key /prompt='prompt'
$ gcurl "-H" "Origin: "'origin443'
$!
$ __separator__
$ say "Simple GET request FAIL on header"
$ read sys$command key /prompt='prompt'
$ gcurl "-H" "X-Requested-Without: this"
$!
$ __separator__
$ say "Pre-flight check SUCCEED simple method"
$ read sys$command key /prompt='prompt'
$ ocurl "-H" "Access-Control-Request-Method: POST"
$!
$ __separator__
$ say "Pre-flight check SUCCEED allowed method"
$ read sys$command key /prompt='prompt'
$ ocurl "-H" "Access-Control-Request-Method: CONNECT"
$!
$ __separator__
$ say "Pre-flight check FAIL on method"
$ read sys$command key /prompt='prompt'
$ ocurl "-H" "Access-Control-Request-Method: DELETE"
$!
$ __separator__
$ say "Pre-flight Check FAIL on header"
$ read sys$command key /prompt='prompt'
$ ocurl "-H" "Access-Control-Request-Method: GET" -
        "-H" "Access-Control-Request-Headers: X-Requested-Without"
$!
$ __separator__
$ say "Pre-flight check FAIL on method and multiple headers"
$ read sys$command key /prompt='prompt'
$ ocurl "-H" "Access-Control-Request-Method: DELETE" -
        "-H" "Access-Control-Request-Headers: X-Requested-Without,X-Requested-With,X-Requested-Wither"
$!
$ __separator__
$ say "Non-Simple CONNECT request SUCCEED (actually fail on proxy)"
$ read sys$command key /prompt='prompt'
$ curl "-H" "X-Requested-With: this" -
       "-X" "CONNECT" 'url'
$!
$ __separator__
$ say "Non-Simple CONNECT request FAIL on method and header (actually fail on proxy)"
$ read sys$command key /prompt='prompt'
$ curl "-H" "X-Requested-Without: this" -
       "-X" "DELETE" 'url'
$!
$!-----------------------------------------------------------------------------