Logo Search packages:      
Sourcecode: chromium-browser version File versions  Download package

access-control-preflight-denied-xsrf.php

<?php
require_once '../../resources/portabilityLayer.php';

$tmpFile = sys_get_temp_dir() . "/xsrf.txt";

function fail($state)
{
    header("Access-Control-Allow-Origin: http://127.0.0.1:8000");
    header("Access-Control-Allow-Credentials: true");
    header("Access-Control-Allow-Methods: GET");
    header("Access-Control-Max-Age: 0");
    echo "FAILED: Issued a " . $_SERVER['REQUEST_METHOD'] . " request during state '" . $state . "'\n";
    exit();
}

function setState($newState, $file)
{
    file_put_contents($file, $newState);
}

function getState($file)
{
    $state = NULL;
    if (file_exists($file))
        $state = file_get_contents($file);
    return $state ? $state : "Uninitialized";
}

$state = getState($tmpFile);

if ($_SERVER['REQUEST_METHOD'] == "GET" 
    && $_GET['state'] == "reset") {
    if (file_exists($tmpFile)) unlink($tmpFile);
    header("Access-Control-Allow-Origin: http://127.0.0.1:8000");
    header("Access-Control-Max-Age: 0");
    echo "Server state reset.\n";
} else if ($state == "Uninitialized") {
    if ($_SERVER['REQUEST_METHOD'] == "OPTIONS") {
        echo("Request Denied\n");
        setState("Denied", $tmpFile);
    } else {
        fail($state);
    }
} else if ($state == "Denied") {
    if ($_SERVER['REQUEST_METHOD'] == "GET" 
        && $_GET['state'] == "complete") {
        unlink($tmpFile);
        header("Access-Control-Allow-Origin: http://127.0.0.1:8000");
        header("Access-Control-Max-Age: 0");
        echo "PASS: Request successfully blocked.\n";
    } else {
        setState("Deny Ignored", $tmpFile);
        fail($state);
    }
} else if ($state == "Deny Ignored") {
    unlink($tmpFile);
    fail($state);
} else {
    if (file_exists($tmpFile)) unlink($tmpFile);
    fail("Unknown");
}
?>

Generated by  Doxygen 1.6.0   Back to index