| # Returns a valid response when request's |referrer| matches |
| # |expected_referrer|. |
| def main(request, response): |
| # We want |referrer| to be the referrer header with no query params, |
| # because |expected_referrer| will not contain any query params, and |
| # thus cannot be compared with the actual referrer header if it were to |
| # contain query params. This works fine if the actual referrer has no |
| # query params too. |
| referrer = request.headers.get(b"referer", b"").split(b"?")[0] |
| referrer_policy = request.GET.first(b"referrer_policy") |
| expected_referrer = request.GET.first(b"expected_referrer", b"") |
| response_headers = [(b"Content-Type", b"text/javascript"), |
| (b"Access-Control-Allow-Origin", b"*")] |
| |
| if referrer_policy == b"no-referrer" or referrer_policy == b"origin": |
| if referrer == expected_referrer: |
| return (200, response_headers, u"") |
| return (404, response_headers) |
| |
| if referrer_policy == b"same-origin": |
| if referrer == expected_referrer: |
| return (200, response_headers, u"") |
| return (404, response_headers) |
| return (404, response_headers) |