Example #1
0
def main(request, response):
    headers = helpers.setNoCacheAndCORSHeaders(request, response)
    cookies = helpers.readCookies(request)
    headers.append(("Content-Type", "text/html; charset=utf-8"))

    tmpl = """
<!DOCTYPE html>
<script>
  var data = %s;
  data.type = "COOKIES";

  try {
    data.domcookies = document.cookie;
  } catch (e) {}

  if (window.parent != window) {
    window.parent.postMessage(data, "*");
    if (window.top != window.parent)
      window.top.postMessage(data, "*");
  }


  if (window.opener)
    window.opener.postMessage(data, "*");

  window.addEventListener("message", e => {
    console.log(e);
    if (e.data == "reload")
      window.location.reload();
  });
</script>
"""
    return headers, tmpl % json.dumps(cookies)
Example #2
0
def main(request, response):
    headers = helpers.setNoCacheAndCORSHeaders(request, response)
    cookies = helpers.readCookies(request)
    decoded_cookies = {
        isomorphic_decode(key): isomorphic_decode(val)
        for key, val in cookies.items()
    }
    return headers, json.dumps(decoded_cookies)
Example #3
0
def main(request, response):
    """Respond to `/cookie/drop/secure` by dropping the two cookie set by
    `setSecureTestCookies()`"""
    headers = setNoCacheAndCORSHeaders(request, response)

    # Expire the cookies, and return a JSON-encoded success code.
    headers.append(makeDropCookie("alone_secure", False))
    headers.append(makeDropCookie("alone_insecure", False))
    return headers, '{"success": true}'
Example #4
0
def main(request, response):
    """Respond to `/cookies/resources/dropSameSiteNone.py by dropping the
    two cookies set by setSameSiteNone.py"""
    headers = setNoCacheAndCORSHeaders(request, response)

    # Expire the cookies, and return a JSON-encoded success code.
    headers.append(makeDropCookie("samesite_none_insecure", False))
    headers.append(makeDropCookie("samesite_none_secure", True))
    return headers, '{"success": true}'
Example #5
0
def main(request, response):
    """Respond to `/cookies/resources/dropSameSiteNone.py by dropping the
    two cookies set by setSameSiteNone.py"""
    headers = setNoCacheAndCORSHeaders(request, response)

    # Expire the cookies, and return a JSON-encoded success code.
    headers.append(makeDropCookie("samesite_none_insecure", False))
    headers.append(makeDropCookie("samesite_none_secure", True))
    return headers, '{"success": true}'
Example #6
0
def main(request, response):
    """Respond to `/cookie/set?{cookie}` by echoing `{cookie}` as a `Set-Cookie` header."""
    headers = helpers.setNoCacheAndCORSHeaders(request, response)

    # Cookies may require whitespace (e.g. in the `Expires` attribute), so the
    # query string should be decoded.
    cookie = unquote(request.url_parts.query)
    headers.append((b"Set-Cookie", isomorphic_encode(cookie)))

    return headers, b'{"success": true}'
Example #7
0
def main(request, response):
    """Respond to `/cookie/set?{cookie}` by echoing `{cookie}` as a `Set-Cookie` header."""
    headers = helpers.setNoCacheAndCORSHeaders(request, response)

    # Cookies may require whitespace (e.g. in the `Expires` attribute), so the
    # query string should be decoded.
    cookie = urllib.unquote(request.url_parts.query)
    headers.append(("Set-Cookie", cookie))

    return headers, '{"success": true}'
Example #8
0
def main(request, response):
    """Respond to `/cookie/set/secure?{value}` by setting two cookies:
    alone_secure={value};secure;path=/`
    alone_insecure={value};path=/"""
    headers = setNoCacheAndCORSHeaders(request, response)
    value = isomorphic_encode(request.url_parts.query)

    headers.append(makeCookieHeader(b"alone_secure", value, {b"secure": b"", b"path": b"/"}))
    headers.append(makeCookieHeader(b"alone_insecure", value, {b"path": b"/"}))
    return headers, b'{"success": true}'
Example #9
0
def main(request, response):
    """Respond to `/cookie/same-site/resources/dropSameSite.py by dropping the
    four cookies set by setSameSiteCookies.py"""
    headers = setNoCacheAndCORSHeaders(request, response)

    # Expire the cookies, and return a JSON-encoded success code.
    headers.append(makeDropCookie(b"samesite_strict", False))
    headers.append(makeDropCookie(b"samesite_lax", False))
    headers.append(makeDropCookie(b"samesite_none", False))
    headers.append(makeDropCookie(b"samesite_unspecified", False))
    return headers, b'{"success": true}'
Example #10
0
def main(request, response):
    """Respond to `/cookie/drop?name={name}` by expiring the cookie named `{name}`."""
    headers = setNoCacheAndCORSHeaders(request, response)
    try:
        # Expire the named cookie, and return a JSON-encoded success code.
        name = readParameter(request, paramName="name", requireValue=True)
        scheme = request.url_parts.scheme
        headers.append(makeDropCookie(name,  "https" == scheme))
        return headers, '{"success": true}'
    except:
        return 500, headers, '{"error" : "Empty or missing name parameter."}'
Example #11
0
def main(request, response):
    """Respond to `/cookie/same-site/resources/dropSameSite.py by dropping the
    four cookies set by setSameSiteCookies.py"""
    headers = setNoCacheAndCORSHeaders(request, response)

    # Expire the cookies, and return a JSON-encoded success code.
    headers.append(makeDropCookie("samesite_strict", False))
    headers.append(makeDropCookie("samesite_lax", False))
    headers.append(makeDropCookie("samesite_none", False))
    headers.append(makeDropCookie("samesite_unspecified", False))
    return headers, '{"success": true}'
Example #12
0
def main(request, response):
    """Respond to `/cookie/drop?name={name}` by expiring the cookie named `{name}`."""
    headers = setNoCacheAndCORSHeaders(request, response)
    try:
        # Expire the named cookie, and return a JSON-encoded success code.
        name = readParameter(request, paramName=u"name", requireValue=True)
        scheme = request.url_parts.scheme
        headers.append(makeDropCookie(name, u"https" == scheme))
        return headers, b'{"success": true}'
    except:
        return 500, headers, b'{"error" : "Empty or missing name parameter."}'
Example #13
0
def main(request, response):
    """Respond to `/cookies/resources/setSameSiteNone.py?{value}` by setting two cookies:
    1. `samesite_none_insecure={value};SameSite=None;path=/`
    2. `samesite_none_secure={value};SameSite=None;Secure;path=/`
    """
    headers = setNoCacheAndCORSHeaders(request, response)
    value = request.url_parts.query

    headers.append(makeCookieHeader("samesite_none_insecure", value, {"SameSite":"None", "path":"/"}))
    headers.append(makeCookieHeader("samesite_none_secure", value, {"SameSite":"None", "Secure":"", "path":"/"}))

    return headers, '{"success": true}'
Example #14
0
def main(request, response):
    """Respond to `/cookie/imgIfMatch?name={name}&value={value}` with a 404 if
       the cookie isn't present, and a transparent GIF otherwise."""
    headers = helpers.setNoCacheAndCORSHeaders(request, response)
    name = helpers.readParameter(request, paramName="name", requireValue=True)
    value = helpers.readParameter(request, paramName="value", requireValue=True)
    cookiesWithMatchingNames = request.cookies.get_list(name)
    for cookie in cookiesWithMatchingNames:
        if cookie.value == value:
            # From https://github.com/mathiasbynens/small/blob/master/gif-transparent.gif
            headers.append(("Content-Type","image/gif"))
            gif = "\x47\x49\x46\x38\x39\x61\x01\x00\x01\x00\x80\x00\x00\xFF\xFF\xFF\x00\x00\x00\x21\xF9\x04\x01\x00\x00\x00\x00\x2C\x00\x00\x00\x00\x01\x00\x01\x00\x00\x02\x02\x44\x01\x00\x3B"
            return headers, gif
    return 500, headers, '{"error": {"message": "The cookie\'s value did not match the given value."}}'
Example #15
0
def main(request, response):
    """Respond to `/cookie/imgIfMatch?name={name}&value={value}` with a 404 if
       the cookie isn't present, and a transparent GIF otherwise."""
    headers = helpers.setNoCacheAndCORSHeaders(request, response)
    name = helpers.readParameter(request, paramName=u"name", requireValue=True)
    value = helpers.readParameter(request,
                                  paramName=u"value",
                                  requireValue=True)
    cookiesWithMatchingNames = request.cookies.get_list(name)
    for cookie in cookiesWithMatchingNames:
        if cookie.value == value:
            # From https://github.com/mathiasbynens/small/blob/master/gif-transparent.gif
            headers.append((b"Content-Type", b"image/gif"))
            gif = b"\x47\x49\x46\x38\x39\x61\x01\x00\x01\x00\x80\x00\x00\xFF\xFF\xFF\x00\x00\x00\x21\xF9\x04\x01\x00\x00\x00\x00\x2C\x00\x00\x00\x00\x01\x00\x01\x00\x00\x02\x02\x44\x01\x00\x3B"
            return headers, gif
    return 500, headers, b'{"error": {"message": "The cookie\'s value did not match the given value."}}'
Example #16
0
def main(request, response):
    """Respond to `/cookie/set/samesite?{value}` by setting four cookies:
    1. `samesite_strict={value};SameSite=Strict;path=/`
    2. `samesite_lax={value};SameSite=Lax;path=/`
    3. `samesite_none={value};SameSite=None;path=/`
    4. `samesite_unspecified={value};path=/`
    Then navigate to a page that will post a message back to the opener with the set cookies"""
    headers = setNoCacheAndCORSHeaders(request, response)
    value = request.url_parts.query

    headers.append(("Content-Type", "text/html; charset=utf-8"))
    headers.append(
        makeCookieHeader("samesite_strict", value, {
            "SameSite": "Strict",
            "path": "/"
        }))
    headers.append(
        makeCookieHeader("samesite_lax", value, {
            "SameSite": "Lax",
            "path": "/"
        }))
    # SameSite=None cookies must be Secure.
    headers.append(
        makeCookieHeader("samesite_none", value, {
            "SameSite": "None",
            "path": "/",
            "Secure": ""
        }))
    headers.append(
        makeCookieHeader("samesite_unspecified", value, {"path": "/"}))

    document = """
<!DOCTYPE html>
<script>
  // A same-site navigation, which should attach all cookies including SameSite ones.
  // This is necessary because this page may have been reached via a cross-site navigation, so
  // we might not have access to some SameSite cookies from here.
  window.location = "../samesite/resources/echo-cookies.html";
</script>
"""

    return headers, document
Example #17
0
def main(request, response):
    """Respond to `/cookie/set/samesite?{value}` by setting three cookies:
    1. `samesite_strict={value};SameSite=Strict;path=/`
    2. `samesite_lax={value};SameSite=Lax;path=/`
    3. `samesite_none={value};path=/`"""
    headers = setNoCacheAndCORSHeaders(request, response)
    value = request.url_parts.query

    headers.append(
        makeCookieHeader("samesite_strict", value, {
            "SameSite": "Strict",
            "path": "/"
        }))
    headers.append(
        makeCookieHeader("samesite_lax", value, {
            "SameSite": "Lax",
            "path": "/"
        }))
    headers.append(makeCookieHeader("samesite_none", value, {"path": "/"}))
    return headers, '{"success": true}'
Example #18
0
def main(request, response):
    """Simple handler that causes redirection.

    The request should typically have two query parameters:
    status - The status to use for the redirection. Defaults to 302.
    location - The resource to redirect to.
    """
    status = 302
    if "status" in request.GET:
        try:
            status = int(request.GET.first("status"))
        except ValueError:
            pass
    headers = setNoCacheAndCORSHeaders(request, response)

    location = request.GET.first("location")

    headers.append(("Location", location))

    return status, headers, ""
Example #19
0
def main(request, response):
    """Respond to `/cookies/resources/setSameSiteNone.py?{value}` by setting two cookies:
    1. `samesite_none_insecure={value};SameSite=None;path=/`
    2. `samesite_none_secure={value};SameSite=None;Secure;path=/`
    """
    headers = setNoCacheAndCORSHeaders(request, response)
    value = request.url_parts.query

    headers.append(
        makeCookieHeader("samesite_none_insecure", value, {
            "SameSite": "None",
            "path": "/"
        }))
    headers.append(
        makeCookieHeader("samesite_none_secure", value, {
            "SameSite": "None",
            "Secure": "",
            "path": "/"
        }))

    return headers, '{"success": true}'
Example #20
0
def main(request, response):
    headers = helpers.setNoCacheAndCORSHeaders(request, response)
    cookies = helpers.readCookies(request)
    headers.append(("Content-Type", "text/html; charset=utf-8"))

    tmpl = """
<!DOCTYPE html>
<script>
  var data = %s;

  if (window.parent != window)
    window.parent.postMessage(data, "*");

  if (window.opener)
    window.opener.postMessage(data, "*");

  window.addEventListener("message", e => {
    console.log(e);
    if (e.data == "reload")
      window.location.reload();
  });
</script>
"""
    return headers, tmpl % json.dumps(cookies)
Example #21
0
def main(request, response):
    """Respond to `/cookie/set?{cookie}` by echoing `{cookie}` as a `Set-Cookie` header."""
    headers = helpers.setNoCacheAndCORSHeaders(request, response)
    headers.append(("Set-Cookie", request.url_parts.query))
    return headers, '{"success": true}'
Example #22
0
def main(request, response):
    headers = helpers.setNoCacheAndCORSHeaders(request, response)
    cookies = helpers.readCookies(request)
    return headers, json.dumps(cookies)
Example #23
0
def main(request, response):
    """Respond to `/cookie/set?{cookie}` by echoing `{cookie}` as a `Set-Cookie` header."""
    headers = helpers.setNoCacheAndCORSHeaders(request, response)
    headers.append(("Set-Cookie", request.url_parts.query))
    return headers, '{"success": true}'
Example #24
0
def main(request, response):
    headers = helpers.setNoCacheAndCORSHeaders(request, response)
    cookies = helpers.readCookies(request)
    return headers, json.dumps(cookies)