-
Notifications
You must be signed in to change notification settings - Fork 54
/
referrer-checker.py
24 lines (22 loc) · 1.13 KB
/
referrer-checker.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
# Returns a valid response when request's |referrer| matches
# |expected_referrer|.
def main(request, response):
# We want |referrer| to be the referrer header with no query params,
# because |expected_referrer| will not contain any query params, and
# thus cannot be compared with the actual referrer header if it were to
# contain query params. This works fine if the actual referrer has no
# query params too.
referrer = request.headers.get("referer", "").split("?")[0]
referrer_policy = request.GET.first("referrer_policy")
expected_referrer = request.GET.first("expected_referrer", "")
response_headers = [("Content-Type", "text/javascript"),
("Access-Control-Allow-Origin", "*")]
if referrer_policy == "no-referrer" or referrer_policy == "origin":
if referrer == expected_referrer:
return (200, response_headers, "")
return (404, response_headers)
if referrer_policy == "same-origin":
if referrer == expected_referrer:
return (200, response_headers, "")
return (404, response_headers)
return (404, response_headers)