third_party/WebKit/LayoutTests/http/tests/xmlhttprequest/resources/access-control-preflight-denied-xsrf.php

   1 <?php
   2 require_once '../../resources/portabilityLayer.php';
   3
   4 $tmpFile = sys_get_temp_dir() . "/xsrf.txt";
   5
   6 function fail($state)
   7 {
   8     header("Access-Control-Allow-Origin: http://127.0.0.1:8000");
   9     header("Access-Control-Allow-Credentials: true");
  10     header("Access-Control-Allow-Methods: GET");
  11     header("Access-Control-Max-Age: 1");
  12     echo "FAILED: Issued a " . $_SERVER['REQUEST_METHOD'] . " request during state '" . $state . "'\n";
  13     exit();
  14 }
  15
  16 function setState($newState, $file)
  17 {
  18     file_put_contents($file, $newState);
  19 }
  20
  21 function getState($file)
  22 {
  23     $state = NULL;
  24     if (file_exists($file))
  25         $state = file_get_contents($file);
  26     return $state ? $state : "Uninitialized";
  27 }
  28
  29 $state = getState($tmpFile);
  30
  31 if ($_SERVER['REQUEST_METHOD'] == "GET"
  32     && $_GET['state'] == "reset") {
  33     if (file_exists($tmpFile)) unlink($tmpFile);
  34     header("Access-Control-Allow-Origin: http://127.0.0.1:8000");
  35     header("Access-Control-Max-Age: 1");
  36     echo "Server state reset.\n";
  37 } else if ($state == "Uninitialized") {
  38     if ($_SERVER['REQUEST_METHOD'] == "OPTIONS") {
  39         if ($_GET['state'] == "method" || $_GET['state'] == "header") {
  40             header("Access-Control-Allow-Methods: GET");
  41             header("Access-Control-Allow-Origin: http://127.0.0.1:8000");
  42             header("Access-Control-Max-Age: 1");
  43         }
  44         echo("FAIL: This request should not be displayed.\n");
  45         setState("Denied", $tmpFile);
  46     } else {
  47         fail($state);
  48     }
  49 } else if ($state == "Denied") {
  50     if ($_SERVER['REQUEST_METHOD'] == "GET"
  51         && $_GET['state'] == "complete") {
  52         unlink($tmpFile);
  53         header("Access-Control-Allow-Origin: http://127.0.0.1:8000");
  54         header("Access-Control-Max-Age: 1");
  55         echo "PASS: Request successfully blocked.\n";
  56     } else {
  57         setState("Deny Ignored", $tmpFile);
  58         fail($state);
  59     }
  60 } else if ($state == "Deny Ignored") {
  61     unlink($tmpFile);
  62     fail($state);
  63 } else {
  64     if (file_exists($tmpFile)) unlink($tmpFile);
  65     fail("Unknown");
  66 }
  67 ?>