def main(request, response): headers = helpers.setNoCacheAndCORSHeaders(request, response) cookies = helpers.readCookies(request) headers.append(("Content-Type", "text/html; charset=utf-8")) tmpl = """ <!DOCTYPE html> <script> var data = %s; data.type = "COOKIES"; try { data.domcookies = document.cookie; } catch (e) {} if (window.parent != window) { window.parent.postMessage(data, "*"); if (window.top != window.parent) window.top.postMessage(data, "*"); } if (window.opener) window.opener.postMessage(data, "*"); window.addEventListener("message", e => { console.log(e); if (e.data == "reload") window.location.reload(); }); </script> """ return headers, tmpl % json.dumps(cookies)
def main(request, response): headers = helpers.setNoCacheAndCORSHeaders(request, response) cookies = helpers.readCookies(request) decoded_cookies = { isomorphic_decode(key): isomorphic_decode(val) for key, val in cookies.items() } return headers, json.dumps(decoded_cookies)
def main(request, response): """Respond to `/cookie/drop/secure` by dropping the two cookie set by `setSecureTestCookies()`""" headers = setNoCacheAndCORSHeaders(request, response) # Expire the cookies, and return a JSON-encoded success code. headers.append(makeDropCookie("alone_secure", False)) headers.append(makeDropCookie("alone_insecure", False)) return headers, '{"success": true}'
def main(request, response): """Respond to `/cookies/resources/dropSameSiteNone.py by dropping the two cookies set by setSameSiteNone.py""" headers = setNoCacheAndCORSHeaders(request, response) # Expire the cookies, and return a JSON-encoded success code. headers.append(makeDropCookie("samesite_none_insecure", False)) headers.append(makeDropCookie("samesite_none_secure", True)) return headers, '{"success": true}'
def main(request, response): """Respond to `/cookie/set?{cookie}` by echoing `{cookie}` as a `Set-Cookie` header.""" headers = helpers.setNoCacheAndCORSHeaders(request, response) # Cookies may require whitespace (e.g. in the `Expires` attribute), so the # query string should be decoded. cookie = unquote(request.url_parts.query) headers.append((b"Set-Cookie", isomorphic_encode(cookie))) return headers, b'{"success": true}'
def main(request, response): """Respond to `/cookie/set?{cookie}` by echoing `{cookie}` as a `Set-Cookie` header.""" headers = helpers.setNoCacheAndCORSHeaders(request, response) # Cookies may require whitespace (e.g. in the `Expires` attribute), so the # query string should be decoded. cookie = urllib.unquote(request.url_parts.query) headers.append(("Set-Cookie", cookie)) return headers, '{"success": true}'
def main(request, response): """Respond to `/cookie/set/secure?{value}` by setting two cookies: alone_secure={value};secure;path=/` alone_insecure={value};path=/""" headers = setNoCacheAndCORSHeaders(request, response) value = isomorphic_encode(request.url_parts.query) headers.append(makeCookieHeader(b"alone_secure", value, {b"secure": b"", b"path": b"/"})) headers.append(makeCookieHeader(b"alone_insecure", value, {b"path": b"/"})) return headers, b'{"success": true}'
def main(request, response): """Respond to `/cookie/same-site/resources/dropSameSite.py by dropping the four cookies set by setSameSiteCookies.py""" headers = setNoCacheAndCORSHeaders(request, response) # Expire the cookies, and return a JSON-encoded success code. headers.append(makeDropCookie(b"samesite_strict", False)) headers.append(makeDropCookie(b"samesite_lax", False)) headers.append(makeDropCookie(b"samesite_none", False)) headers.append(makeDropCookie(b"samesite_unspecified", False)) return headers, b'{"success": true}'
def main(request, response): """Respond to `/cookie/drop?name={name}` by expiring the cookie named `{name}`.""" headers = setNoCacheAndCORSHeaders(request, response) try: # Expire the named cookie, and return a JSON-encoded success code. name = readParameter(request, paramName="name", requireValue=True) scheme = request.url_parts.scheme headers.append(makeDropCookie(name, "https" == scheme)) return headers, '{"success": true}' except: return 500, headers, '{"error" : "Empty or missing name parameter."}'
def main(request, response): """Respond to `/cookie/same-site/resources/dropSameSite.py by dropping the four cookies set by setSameSiteCookies.py""" headers = setNoCacheAndCORSHeaders(request, response) # Expire the cookies, and return a JSON-encoded success code. headers.append(makeDropCookie("samesite_strict", False)) headers.append(makeDropCookie("samesite_lax", False)) headers.append(makeDropCookie("samesite_none", False)) headers.append(makeDropCookie("samesite_unspecified", False)) return headers, '{"success": true}'
def main(request, response): """Respond to `/cookie/drop?name={name}` by expiring the cookie named `{name}`.""" headers = setNoCacheAndCORSHeaders(request, response) try: # Expire the named cookie, and return a JSON-encoded success code. name = readParameter(request, paramName=u"name", requireValue=True) scheme = request.url_parts.scheme headers.append(makeDropCookie(name, u"https" == scheme)) return headers, b'{"success": true}' except: return 500, headers, b'{"error" : "Empty or missing name parameter."}'
def main(request, response): """Respond to `/cookies/resources/setSameSiteNone.py?{value}` by setting two cookies: 1. `samesite_none_insecure={value};SameSite=None;path=/` 2. `samesite_none_secure={value};SameSite=None;Secure;path=/` """ headers = setNoCacheAndCORSHeaders(request, response) value = request.url_parts.query headers.append(makeCookieHeader("samesite_none_insecure", value, {"SameSite":"None", "path":"/"})) headers.append(makeCookieHeader("samesite_none_secure", value, {"SameSite":"None", "Secure":"", "path":"/"})) return headers, '{"success": true}'
def main(request, response): """Respond to `/cookie/imgIfMatch?name={name}&value={value}` with a 404 if the cookie isn't present, and a transparent GIF otherwise.""" headers = helpers.setNoCacheAndCORSHeaders(request, response) name = helpers.readParameter(request, paramName="name", requireValue=True) value = helpers.readParameter(request, paramName="value", requireValue=True) cookiesWithMatchingNames = request.cookies.get_list(name) for cookie in cookiesWithMatchingNames: if cookie.value == value: # From https://github.com/mathiasbynens/small/blob/master/gif-transparent.gif headers.append(("Content-Type","image/gif")) gif = "\x47\x49\x46\x38\x39\x61\x01\x00\x01\x00\x80\x00\x00\xFF\xFF\xFF\x00\x00\x00\x21\xF9\x04\x01\x00\x00\x00\x00\x2C\x00\x00\x00\x00\x01\x00\x01\x00\x00\x02\x02\x44\x01\x00\x3B" return headers, gif return 500, headers, '{"error": {"message": "The cookie\'s value did not match the given value."}}'
def main(request, response): """Respond to `/cookie/imgIfMatch?name={name}&value={value}` with a 404 if the cookie isn't present, and a transparent GIF otherwise.""" headers = helpers.setNoCacheAndCORSHeaders(request, response) name = helpers.readParameter(request, paramName=u"name", requireValue=True) value = helpers.readParameter(request, paramName=u"value", requireValue=True) cookiesWithMatchingNames = request.cookies.get_list(name) for cookie in cookiesWithMatchingNames: if cookie.value == value: # From https://github.com/mathiasbynens/small/blob/master/gif-transparent.gif headers.append((b"Content-Type", b"image/gif")) gif = b"\x47\x49\x46\x38\x39\x61\x01\x00\x01\x00\x80\x00\x00\xFF\xFF\xFF\x00\x00\x00\x21\xF9\x04\x01\x00\x00\x00\x00\x2C\x00\x00\x00\x00\x01\x00\x01\x00\x00\x02\x02\x44\x01\x00\x3B" return headers, gif return 500, headers, b'{"error": {"message": "The cookie\'s value did not match the given value."}}'
def main(request, response): """Respond to `/cookie/set/samesite?{value}` by setting four cookies: 1. `samesite_strict={value};SameSite=Strict;path=/` 2. `samesite_lax={value};SameSite=Lax;path=/` 3. `samesite_none={value};SameSite=None;path=/` 4. `samesite_unspecified={value};path=/` Then navigate to a page that will post a message back to the opener with the set cookies""" headers = setNoCacheAndCORSHeaders(request, response) value = request.url_parts.query headers.append(("Content-Type", "text/html; charset=utf-8")) headers.append( makeCookieHeader("samesite_strict", value, { "SameSite": "Strict", "path": "/" })) headers.append( makeCookieHeader("samesite_lax", value, { "SameSite": "Lax", "path": "/" })) # SameSite=None cookies must be Secure. headers.append( makeCookieHeader("samesite_none", value, { "SameSite": "None", "path": "/", "Secure": "" })) headers.append( makeCookieHeader("samesite_unspecified", value, {"path": "/"})) document = """ <!DOCTYPE html> <script> // A same-site navigation, which should attach all cookies including SameSite ones. // This is necessary because this page may have been reached via a cross-site navigation, so // we might not have access to some SameSite cookies from here. window.location = "../samesite/resources/echo-cookies.html"; </script> """ return headers, document
def main(request, response): """Respond to `/cookie/set/samesite?{value}` by setting three cookies: 1. `samesite_strict={value};SameSite=Strict;path=/` 2. `samesite_lax={value};SameSite=Lax;path=/` 3. `samesite_none={value};path=/`""" headers = setNoCacheAndCORSHeaders(request, response) value = request.url_parts.query headers.append( makeCookieHeader("samesite_strict", value, { "SameSite": "Strict", "path": "/" })) headers.append( makeCookieHeader("samesite_lax", value, { "SameSite": "Lax", "path": "/" })) headers.append(makeCookieHeader("samesite_none", value, {"path": "/"})) return headers, '{"success": true}'
def main(request, response): """Simple handler that causes redirection. The request should typically have two query parameters: status - The status to use for the redirection. Defaults to 302. location - The resource to redirect to. """ status = 302 if "status" in request.GET: try: status = int(request.GET.first("status")) except ValueError: pass headers = setNoCacheAndCORSHeaders(request, response) location = request.GET.first("location") headers.append(("Location", location)) return status, headers, ""
def main(request, response): """Respond to `/cookies/resources/setSameSiteNone.py?{value}` by setting two cookies: 1. `samesite_none_insecure={value};SameSite=None;path=/` 2. `samesite_none_secure={value};SameSite=None;Secure;path=/` """ headers = setNoCacheAndCORSHeaders(request, response) value = request.url_parts.query headers.append( makeCookieHeader("samesite_none_insecure", value, { "SameSite": "None", "path": "/" })) headers.append( makeCookieHeader("samesite_none_secure", value, { "SameSite": "None", "Secure": "", "path": "/" })) return headers, '{"success": true}'
def main(request, response): headers = helpers.setNoCacheAndCORSHeaders(request, response) cookies = helpers.readCookies(request) headers.append(("Content-Type", "text/html; charset=utf-8")) tmpl = """ <!DOCTYPE html> <script> var data = %s; if (window.parent != window) window.parent.postMessage(data, "*"); if (window.opener) window.opener.postMessage(data, "*"); window.addEventListener("message", e => { console.log(e); if (e.data == "reload") window.location.reload(); }); </script> """ return headers, tmpl % json.dumps(cookies)
def main(request, response): """Respond to `/cookie/set?{cookie}` by echoing `{cookie}` as a `Set-Cookie` header.""" headers = helpers.setNoCacheAndCORSHeaders(request, response) headers.append(("Set-Cookie", request.url_parts.query)) return headers, '{"success": true}'
def main(request, response): headers = helpers.setNoCacheAndCORSHeaders(request, response) cookies = helpers.readCookies(request) return headers, json.dumps(cookies)